(Tracker) Encryption of confidential attribute values

Registered by Lars Helge Øverland on 2013-06-28

Add support for encrypting personally identifiable information in tracker module. Encryption will be applied to the attribute values which are linked to tracked entity instances. There should be to set of attributes linked to TEIs - one set which will have plain text attribute values and another set which will have encrypted attribute values attached.

Encrypted attributes / values should not be available in the event analytics tables / api.

Blueprint information

Lars Helge Øverland
Lars Helge Øverland
Needs approval
Stian Sandvold
Series goal:
Accepted for trunk
Milestone target:
milestone icon 2.22
Started by
Lars Helge Øverland on 2015-12-01
Completed by
Lars Helge Øverland on 2016-01-08



Going to use BouncyCastle´s AES-128-bit algorithm for encryption.

Encryption of configuration should be with the old standard (DESede)

Encryption of data should be optional (Even if it is confidential or not);
- Confidential data should not be encrypted/decrypted when enabling encryption, if the data was already stored as plain values; This should be changed by another method.

Encryption is only enabled if user manually configures it, AND if JCE unlimited files are installed;

Removed smtp and remote instance passwords from Configuration, which enables DHIS 2 to start without problems;

Startup works without problems when no password is defined AND default password is removed.

Need to make sure confidential attributes cant be used when listing and searching in Tracker Capture.


Default password for system Settings

smtp and remote to become system settings

custom password for confidential attri.

encrypt confidential attributes in TrackedEntityAttributeValueAudit


Work Items

Work items:
Make sure nothing breaks (smtp/remote password) if password is changed between shutting down and starting up DHIS2: DONERemove the default password (for smpt/remote): DONE
Disable input for confidential (attribute tool) if either of these fails ( JCE is installed, custom password set, new attribute(not existing/editing) ): DONE
Minimum Password Length (24) should be checked as startup: DONE
Deprecated columns in Configuration is deleted (InitTableAlteror): DONE
Create ENUM for encryptionStatus + Statuscheck in DhisconfigurationProvider: DONE
Put default password as password for SystemSettings: DONE
SMTP + Remote refactored into systemSettings: DONE
Encrypt confidential values in TEAV-Audit: DONE
Add the option to have confidential systemSettings(Passwords, IE.) that is encrypted: DONE
Throw exception when trying to add confidential data when encryption is not configured: DONE

This blueprint contains Public information 
Everyone can see this information.


No subscribers.