From 2ccc1d5de41ea88c62443c61356923ef357cd8cc Mon Sep 17 00:00:00 2001 From: dbampalikis Date: Sun, 18 Oct 2020 15:43:14 +0200 Subject: [PATCH 1/2] Added user guide for bianca --- user-guide-bianca.md | 71 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 user-guide-bianca.md diff --git a/user-guide-bianca.md b/user-guide-bianca.md new file mode 100644 index 0000000..e343f40 --- /dev/null +++ b/user-guide-bianca.md @@ -0,0 +1,71 @@ +# Encryption of files for EGA-SE in Bianca +This document is a how-to-guide on encrypting files for the EGA-SE service . It is meant for submitters to EGA-SE service and it assumes the files are stored in Bianca. EGA provides permanent secure archiving and sharing of all types of potentially identifiable human genetic and phenotypic data. Submitted files need to be encrypted according to the [crypt4gh](https://www.ga4gh.org/news/crypt4gh-a-secure-method-for-sharing-human-genetic-data/) standard. + +## Pull the images with singularity + +### Pull images +* Login to Rackham running: +```bash +ssh @rackham.uppmax.uu.se +``` +Navigate to the folder you want to pull the images. +* To download the crypt4gh key generator image run the following command in the terminal: +```bash +singularity pull docker://nbisweden/ega-crypt4gh:crypt4gh-keygen-1.0.0 +``` +* To download the crypt4gh image run the following command in the terminal: +```bash +singularity pull docker://nbisweden/ega-crypt4gh:crypt4gh-1.0.0 +``` +Now you should be able to see two files with `.sif` extensions in the folder when running the `ls` command. + +### Move the singularity images to Bianca +You can move the singularity images to Bianca using wharf. The guide for transferring files from and to Bianca can be found [here](https://www.uppmax.uu.se/support/user-guides/transit-user-guide/). + +In summary, the steps needed are the following: +In a terminal window +* Login to transit running: +```bash +ssh @transit.uppmax.uu.se +``` +* Mount to the bianca project folder using the following command +```bash +mount_wharf +``` +where [project_name] in the form of sens20XXX. +* Copy image files using the cp command and replacing to the correct locations: +```bash +cp ega-crypt4gh_crypt4gh-1.0.0.sif / +cp ega-crypt4gh_crypt4gh-keygen-1.0.0.sif / +``` + +In another terminal +* Login to bianca running: +```bash +ssh -A -@bianca.uppmax.uu.se +``` +* Copy image files from `/proj//nobackup/wharf//-` to the folder you want to store the images using the cp command and replacing to the correct locations: +```bash +cp cp /proj//nobackup/wharf//-/ega-crypt4gh_crypt4gh-1.0.0.sif . +cp cp /proj//nobackup/wharf//-/ega-crypt4gh_crypt4gh-keygen-1.0.0.sif . +``` +Running the `ls` command in this folder, you should be able to see the two `.sif` files. + +## Key pair generation +In order to encrypt the file(s) with crypt4gh, you need both a personal key pair and the EGA-SE public encryption key. +### Create a personal key pair +The creation of a key pair is very simple using crypt4gh. Run the following command, in the folder containing the `.sif` files, replacing [my-key] with the name of the key (can be anything) and specifying a passphrase when requested: +```bash +singularity run ega-crypt4gh_crypt4gh-keygen-1.0.0.sif --pk .pub --sk .sec +``` +To verify that the key pair was created, run the `ls` command and make sure the keys you specified exist in the folder +### Download the public key +Next, download the public key (crypt4gh_key.pub) from this repository and place it in the same location as the keys from the previous step. In order to do that, repeat the process from the `Move the singularity images to Bianca` section above. + +### Encrypt the file(s) +Now you have all the keys and tools needed, you can run the following command in order to encrypt the file: + +```bash +singularity run ega-crypt4gh_crypt4gh-keygen-1.0.0.sif --sk .sec --recipient_pk ega-se.key < > .c4gh +``` + From d7e9e838b4d5fcbbba490ac52038dcd2f1056fff Mon Sep 17 00:00:00 2001 From: dbampalikis Date: Mon, 19 Oct 2020 13:13:35 +0200 Subject: [PATCH 2/2] Changed user guide for Bianca --- user-guide-bianca.md | 51 ++++++++++++++++++++++---------------------- 1 file changed, 26 insertions(+), 25 deletions(-) diff --git a/user-guide-bianca.md b/user-guide-bianca.md index e343f40..ddea3ff 100644 --- a/user-guide-bianca.md +++ b/user-guide-bianca.md @@ -1,7 +1,9 @@ # Encryption of files for EGA-SE in Bianca + This document is a how-to-guide on encrypting files for the EGA-SE service . It is meant for submitters to EGA-SE service and it assumes the files are stored in Bianca. EGA provides permanent secure archiving and sharing of all types of potentially identifiable human genetic and phenotypic data. Submitted files need to be encrypted according to the [crypt4gh](https://www.ga4gh.org/news/crypt4gh-a-secure-method-for-sharing-human-genetic-data/) standard. -## Pull the images with singularity + +## Get images to bianca ### Pull images * Login to Rackham running: @@ -9,18 +11,16 @@ This document is a how-to-guide on encrypting files for the EGA-SE service . It ssh @rackham.uppmax.uu.se ``` Navigate to the folder you want to pull the images. -* To download the crypt4gh key generator image run the following command in the terminal: -```bash -singularity pull docker://nbisweden/ega-crypt4gh:crypt4gh-keygen-1.0.0 -``` * To download the crypt4gh image run the following command in the terminal: ```bash singularity pull docker://nbisweden/ega-crypt4gh:crypt4gh-1.0.0 ``` -Now you should be able to see two files with `.sif` extensions in the folder when running the `ls` command. +Now you should be able to see a file with `.sif` extensions in the folder when running the `ls` command. -### Move the singularity images to Bianca -You can move the singularity images to Bianca using wharf. The guide for transferring files from and to Bianca can be found [here](https://www.uppmax.uu.se/support/user-guides/transit-user-guide/). +### Move the singularity image to Bianca +**Note**: If you already know how to move files to bianca, you can skip the deta +ils for this part +You can move the singularity image to Bianca using wharf. The guide for transferring files from and to Bianca can be found [here](https://www.uppmax.uu.se/support/user-guides/transit-user-guide/). In summary, the steps needed are the following: In a terminal window @@ -33,9 +33,8 @@ ssh @transit.uppmax.uu.se mount_wharf ``` where [project_name] in the form of sens20XXX. -* Copy image files using the cp command and replacing to the correct locations: +* Copy image files using the cp command and replacing to the correct location: ```bash -cp ega-crypt4gh_crypt4gh-1.0.0.sif / cp ega-crypt4gh_crypt4gh-keygen-1.0.0.sif / ``` @@ -44,28 +43,30 @@ In another terminal ```bash ssh -A -@bianca.uppmax.uu.se ``` -* Copy image files from `/proj//nobackup/wharf//-` to the folder you want to store the images using the cp command and replacing to the correct locations: +* Copy the image file from `/proj//nobackup/wharf//-` to the folder you want to store the image using the cp command and replacing to the correct locations: ```bash -cp cp /proj//nobackup/wharf//-/ega-crypt4gh_crypt4gh-1.0.0.sif . -cp cp /proj//nobackup/wharf//-/ega-crypt4gh_crypt4gh-keygen-1.0.0.sif . +cp /proj//nobackup/wharf//-/ega-crypt4gh_crypt4gh-1.0.0.sif . ``` -Running the `ls` command in this folder, you should be able to see the two `.sif` files. +Running the `ls` command in this folder, you should be able to see the `.sif` file. -## Key pair generation -In order to encrypt the file(s) with crypt4gh, you need both a personal key pair and the EGA-SE public encryption key. -### Create a personal key pair -The creation of a key pair is very simple using crypt4gh. Run the following command, in the folder containing the `.sif` files, replacing [my-key] with the name of the key (can be anything) and specifying a passphrase when requested: +## Download the public key +In order to encrypt the file(s) with crypt4gh, you need the EGA-SE public encryption key. + +### Move EGA key to Bianca + +Download the public key (crypt4gh_key.pub) from this repository and place it in the same location as the images from the previous step. +* Download the key in rackham running: ```bash -singularity run ega-crypt4gh_crypt4gh-keygen-1.0.0.sif --pk .pub --sk .sec +wget https://raw.githubusercontent.com/NBISweden/EGA-SE-user-docs/main/crypt4gh_key.pub ``` -To verify that the key pair was created, run the `ls` command and make sure the keys you specified exist in the folder -### Download the public key -Next, download the public key (crypt4gh_key.pub) from this repository and place it in the same location as the keys from the previous step. In order to do that, repeat the process from the `Move the singularity images to Bianca` section above. +* Repeat the process from the `Move the singularity image to Bianca` section above, this time copying the key instead of the image. + +## Encrypt the file(s) -### Encrypt the file(s) -Now you have all the keys and tools needed, you can run the following command in order to encrypt the file: +Now you have the key and tools needed, you can run the following command in order to encrypt the file: +**Warning:** Please make sure to use different names (at least different extensions) for [my-file] and [my-encrypted-file] to avoid destroying your original file! ```bash -singularity run ega-crypt4gh_crypt4gh-keygen-1.0.0.sif --sk .sec --recipient_pk ega-se.key < > .c4gh +singularity run ega-crypt4gh_crypt4gh-keygen-1.0.0.sif encrypt --recipient_pk crypt4gh_key.pub < > .c4gh ```