Export data from SD Desktop
Your virtual desktop is isolated from the internet for security reasons. Only the CSC project manager can export results or data from the secure workspace using the Data Gateway application, currently available only programmatically. The results are exported to SD Connect, where they will be available for download to your computer where they can be manually decrypted.
Below you can find step-by-step instructions to encrypt and export data from SD Desktop to SD Connect, where you can download and decrypt it.
-
Generate your encryption key pair (secret key and public key) with the Crypt4GH application (you can skip this paragraph if you already have a key pair).
- Install the Crypt4GH application:
CSC has developed a simple application that will allow you to generate your encryption keys and decrypt data when necessary. Download the version specific to your operating system from the GitHub repository:
Please check that the tool for Windows has been digitally signed by CSC - IT Center for Science. After the download, you can find the Crypt4GH application in your downloads folder.
-
When you open the application for the first time, you might encounter an error message. In this case, click on More info and verify that the publisher is CSC-IT Center for Science (or in Finnish CSC-Tieteen tietotekniikan keskus Oy) and then click on Run anyway.
-
Generate your encryption keys:
- Open the Crypt4GH application and click on Generate Keys (in the top right corner).
- The tool will open a new window and ask you to insert a password (Private Key Passphrase). This password will be associated with your secret key. Please, use a strong password.
- When you click on OK, the tool will generate a key pair consisting of a secret key (
username_crypt4gh.key
) and a public key (username_crypt4gh.pub
). -
The keys/file names will be displayed in the Activity Log with the following message:
Key pair has been generated, your private key will be auto-loaded the next time you launch this tool: Private key: username_crypt4gh.key Public key: username_crypt4gh.pub All the fields must be filled before file encryption will be started
The keys will be generated and saved to the same folder in which the application resides.
Note
- If you lose or forget your secret key, or the password, you will be unable to decrypt the files.
- Do not share your secret key or your password.
- You need to create your keys only once and use them for all your encryption needs, but you can of course, choose to generate separate keys for encryption as you wish.
-
Upload the public key to SD Connect.
- You can easily upload the public key to SD Connect via drag and drop. You will be redirected to a new window displaying the default encryption options.
- Next, you can specify the bucket's name to which the public encryption key should be uploaded. If you don't fill in a specific term, the user interface will automatically create a bucket named with a 13-digit number (based on creation time).
- Click on Encrypt and upload: the public key will be encrypted and uploaded to the bucket in SD Connect. Only encrypted files are visible and accessible via SD Desktop; thus, even your public encryption key must be encrypted during upload.
-
Import the public key inside the virtual desktop.
Once the upload process is completed, you can access your virtual Desktop. Using the Data Gateway application, access the bucket with the public key. You can now import a copy of your public key inside the virtual Desktop (via copy/paste function).
-
Encrypt the results.
Open the terminal (right-click) and encrypt with your public key the files you want to export. Crypt4GH is already installed on each Desktop and accessible programmatically.
The syntax of the encryption command is:
Where
public-key
is your public key (your-username.pub
),input
is the file you want to export (my_results.csv
), andoutput
is the encrypted file (my_results.csv.c4gh
)For example:
-
Exporting the results from the private desktop.
Once the results are encrypted, only the CSC project manager can export the files with the Airlock client.
Open the terminal (right-click) and type the following syntax:
Where
username
is your CSC account username,data_output_bucket
is the name that you want to give to the bucket into which the results are exported. The airlock client will generate the bucket automatically in the same CSC project in which your Desktop is.filename
is the name of the encrypted files that you want to export.For example:
Press enter and add your password. Note: if you try to upload an unencrypted file, the airlock client will automatically encrypt it with the Sensitive Data public key for security reasons and export it to SD Connect. Here, you will be able to download the file, but you will not be able to decrypt it.
The fact that only project manager can export data from SD Desktop makes taking back-up copies of important files difficult for normal users. If needed, the project manager can launch a back-up server process that normal users can utilize to do backups. For details, see:
-
Download and decrypt the files.
The exported file is now available in SD Connect/Allas. After downloading the file in your local environment, you can decrypt it with your secret encryption key, using the Crypt4GH application or programmatically. See this page for specific guidance.
For more information and support, write to CSC Service Desk (email subject Sensitive Data).