docs(guides): update Crypt4GH integration guide and fix navigation links

Author: Valentin Schneider-Lunitz

docs/guides/guide-admin/crypt4gh_to_protes.md

@@ -1,26 +1,26 @@
-# Setting up Crypt4GH encryption/decryption in Funnel
+# Crypt4GH Integration with proTES: A Guide to Secure Genomic Analysis
 
-This guide explains how to configure and deploy an environment that enables collaborative research on sensitive genomic data. Data holders can securely provide encrypted data for analysis while researchers process it through TES/[Funnel](https://github.com/ohsu-comp-bio/funnel) and [proTES](https://github.com/elixir-cloud-aai/proTES), where automatic decryption occurs within secure containers without granting researchers direct access to the sensitive data. This setup leverages [GA4GH TES](https://github.com/ga4gh/task-execution-schemas) standards for scalable and secure task execution.
+This guide explains how to configure and deploy an environment that enables collaborative research on sensitive genomic data. Data holders can securely provide encrypted data for analysis while researchers process it through [Funnel](https://github.com/ohsu-comp-bio/funnel) and [proTES](https://github.com/elixir-cloud-aai/proTES), where automatic decryption occurs within secure containers without granting researchers direct access to the sensitive data. This setup leverages [GA4GH TES](https://github.com/ga4gh/task-execution-schemas) standard for scalable and secure task execution.
 
 ## Use Case
 
-A data holder needs to provide sensitive genomic data for analysis to researchers in a cloud environment. The data must remain encrypted during storage and transfer, with decryption occurring only within a secure computational environment (container), without granting direct data access to the researcher.
+A data holder needs to provide sensitive genomic data for analysis to a researcher in a cloud environment. The data must remain encrypted during storage and transfer, with decryption occurring only within a secure computational environment (container), without granting direct data access to the researcher.
 
 1. The data holder encrypts sensitive data using Crypt4GH and stores them at a secure storage (e.g. S3 buckets).
 2. The researcher submits a GA4GH TES task to `proTES` for analysis of the encrypted data. 
 3. The installed `proTES middleware` automatically detects the encrypted data and decrypts them using Crypt4GH keys that are managed by `proTES`.
 4. The researcher's task command is executed on the decrypted data.
 5. The analysis results are stored at a dedicated storage accessible to the researcher
 
-`Note` all computational steps are done in a secure containerized environment.
+`Note:` all computational steps are done in a secure containerized environment.
 
 This approach allows collaborative research where sensitive data can be processed in cloud environments without provisioning data access to the researcher but instead utilizing a combination of `Crypt4GH` and `proTES` for data encryption, decryption, and analysis.
 Additionally, the researcher can repeat the analysis with adjusted parameters anytime without further action of the data holder.
 
 
 ## Overview
 
-[Crypt4GH](https://crypt4gh.readthedocs.io/) is a standard for encrypting sensitive genomic data. This setup demonstrates:
+[Crypt4GH](https://crypt4gh.readthedocs.io/) is a standard for encrypting sensitive data. This setup demonstrates:
 
 - Generating cryptographic key pairs for data exchange between parties (data holder and researcher)
 - Encrypting files using the data holder's private key and researcher's public key
@@ -29,7 +29,7 @@ Additionally, the researcher can repeat the analysis with adjusted parameters an
 
 **Security Note:** Private keys should be stored in secure locations and used only for encryption/decryption. Consider using signed URLs for transferring private keys to the TES instance. 
 
-**Goal of this tutorial:** You'll have a setup which encrypts sensitive data, stores them in a secure storage, automatic detection of encrypted data triggers decryption followed by processing, ensuring that sensitive data remains protected.
+**Goal of this tutorial:** You'll have a setup which encrypts sensitive data, stores them in a secure storage, automatic detection of encrypted data, decryption followed by processing, and ensuring that sensitive data remains protected.
 
 ## Setup
 
@@ -70,7 +70,7 @@ Run the following commands on both the Funnel server and worker VMs:
 sudo apt update
 sudo apt install -y make golang-go protobuf-compiler
 
-# Install Go protocol buffer plugins
+# Install Go protocol buffer plugins (use pinned versions for reproducibility)
 go install google.golang.org/protobuf/cmd/protoc-gen-go@latest
 go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest
 export PATH=$PATH:$(go env GOPATH)/bin
@@ -176,7 +176,9 @@ Verify that both services are running by checking the logs or accessing the Funn
 
 ### Step 5: Configure ProTES
 
-ProTES acts as a gateway and provides middleware for automatic Crypt4GH decryption. Follow the [proTES](https://github.com/elixir-cloud-aai/proTES) installation guide to deploy proTES on your third VM.
+ProTES acts as a gateway and provides middleware for automatic Crypt4GH decryption. Follow the [proTES](https://github.com/elixir-cloud-aai/proTES) installation guide to deploy proTES on your third VM. 
+
+For detailed middleware installation, refer to the [protes-middleware-crypt4gh](https://github.com/elixir-cloud-aai/protes-middleware-crypt4gh).
 
 Once installed, configure the Crypt4GH middleware by editing the `pro_tes/config.yaml` file:
 
@@ -186,12 +188,6 @@ middlewares:
     - "pro_tes.plugins.middlewares.task_distribution.random.TaskDistributionRandom"
 ```
 
-**Middleware Configuration:**
-
-- `CryptMiddleware`: Automatically detects and decrypts `.c4gh` files during task execution
-
-For detailed middleware installation, refer to the [protes-middleware-crypt4gh](https://github.com/elixir-cloud-aai/protes-middleware-crypt4gh).
-
 ## Usage Examples
 
 The following examples demonstrate the complete encryption/decryption workflow using three sequential tasks.
@@ -267,16 +263,16 @@ Create a file named `task1_keygen.json`:
 
 - Generates two key pairs: one for the data holder and one for the researcher
 - Keys are generated without encryption (`--nocrypt`) for demonstration purposes
-- The researcher's public key is copied to the data holder's directory for use in encryption
+- The researcher's public key is copied to the data holder's directory for use during encryption
 - All keys are exported to local storage via TES outputs
 
 ### Task 2: Encrypt a File
 
-This task retrieves a file, encrypts it using Crypt4GH, and stores both the encrypted file and metadata. Create a file named `task2_encrypt_file.json`:
+This task retrieves a file, encrypts it using Crypt4GH keya, and stores both the encrypted file in a distinct location. Create a file named `task2_encrypt_file.json`:
 
 ```json
 {
-  "name": "Encrypt file with crypt4gh",
+  "name": "Encrypt stat file with crypt4gh",
   "description": "Retrieve a file, record its size, and encrypt it using data holder and researcher keys",
   "inputs": [
     {
@@ -331,11 +327,11 @@ This task retrieves a file, encrypts it using Crypt4GH, and stores both the encr
 
 **Key Details:**
 
-- Takes the data holder's private key and researcher's public key as inputs
 - Downloads a sample file from a URL
-- Records the original file size for verification
+- Records the original file size
+- Takes the data holder's private key and researcher's public key as inputs
 - Encrypts the file using Crypt4GH, producing a `.c4gh` encrypted file
-- Stores both the encrypted file and size metadata
+- Stores the encrypted file
 
 ### Task 3: Decrypt and Process File
 
@@ -369,7 +365,7 @@ Create a file named `task3_decrypt_and_write_size.json`:
   "outputs": [
     {
       "name": "decrypted_file",
-      "description": "Decrypted size text file",
+      "description": "MD5 checksum of automatically decrypted file",
       "url": "file:///tmp/funnel-storage/decrypted/united_kingdom_logo_md5sum.txt",
       "path": "/outputs/decrypted/united_kingdom_logo_md5sum.txt",
       "type": "FILE"

docs/guides/guide-admin/sensitive_data_analysis.md

@@ -107,7 +107,7 @@ In this tutorial, we assume a single LS-Login service for all the deployed tools
 
 ### LS-Login in MinIO
 
-LS-Login can be activated in MinIO either by using the MinIO console using the OIDC configuration or by setting environmental variables, as described in the MinIO [OIDC Documentation](https://min.io/docs/minio/linux/operations/external-iam/configure-openid-external-identity-management.html). There are detailed instruction in the [ELIXIR-Cloud-AAI documentation](https://elixir-cloud-aai.github.io/guides/guide-admin/services_to_ls_aai/) for using MinIO with LS-Login.
+LS-Login can be activated in MinIO either by using the MinIO console using the OIDC configuration or by setting environmental variables, as described in the MinIO [OIDC Documentation](https://min.io/docs/minio/linux/operations/external-iam/configure-openid-external-identity-management.html). There are detailed instructions in the [ELIXIR-Cloud-AAI documentation](https://elixir-cloud-aai.github.io/guides/guide-admin/services_to_ls_aai/) for using MinIO with LS-Login.
 
 ### LS-Login in WESkit
 

mkdocs.yml

@@ -90,8 +90,8 @@ nav:
       - Administrators:
           - "guides/guide-admin/index.md"
           - "LS Login configuration": "guides/guide-admin/services_to_ls_aai.md"
-          - "Sensitive Data analysis in Secure Processing Environments (SPE)": "guides/guide-admin/sensitive_data_analysis_spe.md"
-          - "Crypt4GH Middleware with proTES and Funnel": "guides/guide-admin/crypt4gh_funnel.md"
+          - "Sensitive Data analysis in Secure Processing Environments (SPE)": "guides/guide-admin/sensitive_data_analysis.md"
+          - "Crypt4GH Middleware with proTES and Funnel": "guides/guide-admin/crypt4gh_to_protes.md"
       - Contributors:
           - "guides/guide-contributor/index.md"
           - "Workflow": "guides/guide-contributor/workflow.md"