How to Use Qdabra’s Encryption XTP - Mel Balsamo

InfoPath Dev

This Blog


Mel Balsamo

How to Use Qdabra’s Encryption XTP

qRules v2.1 comes with new commands called Encrypt and Decrypt. These allow password-protecting your InfoPath form controls to hide sensitive data. Encryption transforms strings and attachments into a set of random characters, while Decryption reveals the original content after entering the password that’s used to protect the data. Be sure to save your password(s)—Qdabra does not record them.

To get you started on using qRules encryption in your forms, Qdabra created a template part that you can easily add in your InfoPath Custom Controls and drag over to your forms. It’s called the QdEncryption XTP.

Quick preview:

In the screenshot above, the user enters a password and fills out the text field. Clicking on the Encrypt button yields this:


As an added security measure, Qdabra uses a font we called ‘qDots’ to hide the actual texts in the password field. This font comes with the QdEncryption XTP package. To take advantage of it, you should install the font in every machine that will use your form.

This blog post details the step-by-step instructions on how to use the QdEncryption XTP.


  1. Launch InfoPath and select Design a Form Template based on a new blank one.
  2. In the Controls taskpane, click Add or Remove Custom Controls…

  1. In the Custom Controls dialog box, click Add > Template Part, and browse to the location where you placed your QdEncryption XTP


  1. Verify that the XTP has been added to your Custom Controls taskpane.

  1. Save your blank form template (XSN). For the purposes of this tutorial, we will name it as QdEncryptionXSN.
  2. Close InfoPath.
Inject qRules and the XTP in your Form Template
  1. Launch the qRules Injector from Start > All Programs > Qdabra > Tools > qRules Injector.

  1. Browse to the location where you saved your QdEncryptionXSN.
  2. Click Inject, then OK in the confirmation dialog, and then close the qRules Injector.
  3. Open QdEncryptionXSN in InfoPath Design mode.
  4. Scroll down to the very bottom of the Controls taskpane to get to the Custom section, and then click on the QdEncryption control.

You should now have the template part on your canvas. The main and the secondary data sources will be injected in your XSN as well.

Source Files Clean-up

If you go to Tools > Data Connections, you will notice that you have two instances of QdabraRules, one for the XSN, and one for the XTP:


When you first injected qRules in your XSN, it added the QdabraRules XML as a secondary data source. In this same XSN, you injected the QdEncryption XTP which also uses qRules. This added another QdabraRules XML secondary data source to the XSN (with a different name). So now, you have two qRules XMLs, which is confusing and might cause issues when calling the qRules commands. Unfortunately, there is no workaround at the moment, hence the need to do some clean-up.

  1. Save QdEncryptionXSN as source files and close InfoPath.
  2. Modify the manifest.xsf file:

a.        In the directory where you saved your source files, locate manifest.xsf and open it in any text editor.

b.       Replace all 25 instances of "QdabraRules_QdEncryption" with "QdabraRules".

c.        Delete the associated blocks where you find "QdabraRules1":

                                                               i.      xsf:file (for .xsd)


                                                              ii.      xsf:file (for .xml)


                                                            iii.      xsf:dataObject

 d.     Replace all 12 instances of /xpath=/my:qdEncrypt with /xpath=/my:myFields/my:qdEncrypt

 e.      Replace all 12 instances of /pass=/my:qdEncrypt with /pass=/my:myFields/my:qdEncrypt

Note that in Steps d and e above, we are replacing the XPaths with /my:myFields. If you have a different name for your main data source group node, please use that instead of myFields.

 f.       Save and close manifest.xsf.

  1. Modify the view.xsl file.

a.       Open view1.xsl in a text editor.

b.       Replace the 7 instances of “QdabraRules_QdEncryption” with “QdabraRules”.

c.        Save and close view1.xsl.

  1. Modify the sampledata.xml file

a.        Open sampledata.xml in a text editor.

b.       Delete the xd:DataConnection block where you find “QdabraRules_QdEncryption”.

c.        Save and close sampledata.xml.

  1. Delete the extraneous QdabraRules1 files in the source files directory:

a.       QdabraRules1.xml

b.       QdabraRules1.xsd

  1. Verify changes.

a.       Open manifest.xsf in InfoPath Design mode.

b.       Go to Tools > Data Connections and verify that you now have only one instance of QdabraRules.

Test Your Form Template

Test the encryption in Preview mode:

1.       Enter a password.

2.       Fill out any of the fields you wish to encrypt.

3.       Click on the Encrypt button corresponding to the field you’ve filled out.

A ‘Success’ message is shown upon successful encryption.

If you’ve encrypted a text field, the control will be hidden. The texts will be replaced with random characters starting with “qdEncrypted”, like shown:

An expression box is displayed instead:

4.       Enter the password that you used to encrypt and click Decrypt. This will reveal the original texts.

 If you’ve encrypted an image or a file attachment, the attachment will be hidden. An expression box is displayed instead. Decrypting reveals the attachment.

5.       You may also test encrypting/decrypting the fields all at once by entering a password and filling out all the fields.

Clicking on the Encrypt All button will show:

To decrypt, enter the password that you used to encrypt, and click Decrypt All.

6.       Also try entering a wrong password when decrypting. This will return an error message.

Additional Notes

Below are some guidelines that will help you, should you wish to customize the template part or wish to create your own InfoPath forms using the qRules Encrypt and Decrypt commands:

· Arguments:

o    /xpath: XPath to the field to encrypt/decrypt

o    /dsnamepass – (optional) Data Source name for Password field if it is in a secondary data source

o    /pass: XPath to the password field

o    /clear: (optional) can have a value of yes or no. If set to yes, the password will be

      cleared after encryption/decryption. If unspecified, the value defaults to yes. 

· Examples:

o    Encrypt /xpath= /my:myFields/my:textEncrypt /pass=/my:myFields/my:password

o    Encrypt /xpath=/my:myFields/my:imageEncrypt  /pass=/my:myFields/my:password /clear=no

o    Decrypt /xpath=/my:myFields/my:fileEncrypt   /dsnamepass=myEncryption /pass=/myEncryption/Password

o    Decrypt /xpath=/my:myFields/my:group1/my:group2/my:field1[../my:field2='a'] /pass=/my:myFields/my:password

· Additional Observations:

o    Encrypting/Decrypting file or image attachments will make the control appear empty in the form because it can’t read the filename and extension from the string any longer. However the encrypted string will always start with “qdEncrypted”. Conditional formatting can be based off that to hide a control if the node starts with qdE, and display an expression box instead.

o    Fields that use whole number or decimal as data types can be encrypted/decrypted; but since we are returning a string, the field will return a data validation error.

o    You cannot encrypt/decrypt a secondary data source field because every time we pull data into a form from a secondary data source, it would be the actual data. Encrypting it would only be until the data was refreshed, since it isn’t stored with the form.


No Comments

About jose cruz

Completed a degree in Electrical Engineering and worked as Software Test Engineer in several Telecommunications company in the US.
Copyright © 2003-2019 Qdabra Software. All rights reserved.
View our Terms of Use.