You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/guides/guide-admin/crypt4gh_to_protes.md
+21-2Lines changed: 21 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,6 +2,23 @@
2
2
3
3
This guide explains how to configure and deploy an environment that enables encryption and decryption of sensitive data files using TES/[Funnel](https://github.com/ohsu-comp-bio/funnel) with [proTES](https://github.com/elixir-cloud-aai/proTES) as a stable and scalable [GA4GH TES](https://github.com/ga4gh/task-execution-schemas) gateway.
4
4
5
+
## Use Case
6
+
7
+
Imagine you are a researcher who needs to analyse sensitive data in a cloud environment. You need to ensure:
8
+
9
+
-**Your data is encrypted during transfer**: Your files are encrypted for transfer. Raw sensitive data remains located at your storage.
10
+
-**Only authorized researcher can decrypt the data**: Data can only be decrypted with specific private keys. Data theft is useless without specific keys.
11
+
-**Automatic decryption**: Your setup does automatic decryption given `.c4gh` files and the correct private key.
12
+
-**Secure collaboration**: Data exchange between collaborators is not restricted, as long as the correct key is available.
13
+
14
+
This tutorial presents a solution where:
15
+
16
+
1. A data provider encrypts sensitive data using Crypt4GH before uploading them to storage.
17
+
2. Encrypted data is sent to a `Task Execution Service (TES)` instance via `proTES` and a `proTES middleware` for processing.
18
+
3. A researcher (recipient) can process these files in a secure containerized environment where automatic decryption happens using the `proTES middleware`.
19
+
20
+
This approach allows collaborative research where sensitive data can be processed in cloud environments while maintaining strict access controls and encryption throughout the data lifecycle.
21
+
5
22
## Overview
6
23
7
24
[Crypt4GH](https://crypt4gh.readthedocs.io/) is a standard for encrypting sensitive genomic data. This setup demonstrates:
@@ -13,9 +30,11 @@ This guide explains how to configure and deploy an environment that enables encr
13
30
14
31
**Security Note:** Private keys should be stored in secure locations and used only for decryption. Consider using signed URLs for transferring private keys to the TES instance.
15
32
16
-
## Workflow
33
+
**Goal of this tutorial:** You'll have a setup where you can submit encrypted files via task inputs, and they will be automatically decrypted and processed, ensuring that sensitive data remains protected.
34
+
35
+
## Setup
17
36
18
-
The complete workflow consists of three main tasks:
37
+
The complete setup consists of three main tasks:
19
38
20
39
1.**Key Generation**: Generate Crypt4GH key pairs for the sender and recipient parties (optional).
21
40
2.**File Encryption**: Encrypt sensitive data using the generated keys.
0 commit comments