Data Encryption Utrecht Sequencing Facility

0: Installing gpg

1: Creating a keypair

In this step you’ll create a public and private keypair.

Run the command :

gpg ––gen-key

1. Choose key type 2 (DSA and ElGamal).
2. Set key size to 2048 bits.
3. Choose an expiry date (Note : When expired you’ll have to create a new keypair and send it to us (See ‘3 : Export your public key’) ).
4. Please provide a user ID in addition to the key parameters. Please make sure the name and the email are the same as your USEQ username (the one used during sample submission) and email.
5. Protect your keypair with a passphrase (Important : Create a long passphrase using a combination of alphabetic and non-alphabetic characters).

2 : Exporting your public key

In this step you will export your public key and share it with us.

Run the command :

gpg ––output name_of_my_key.gpg ––armor ––export key_identifier

1. Replace ‘name_of_my_key’ with a sensible name for your public key. As key_identifier, again, use the email you provided in step 1.
2. Email the public key file to useq@umcutrecht.nl. We will contact you as soon as possible to verify your key.

3 : Importing our public key

During this step you’ll import our public key. This key is used by GnuPG to verify us as the actual source of the data. You will execute this step as soon as we contact you to verify your public key.

Download our key and run the command :

gpg ––import usf_key.gpg

This imports our public key

Run the command :

gpg ––list-keys

Our key should now be in the list produced by this command(look for useq@umcutrecht.nl).

Run the command :

gpg ––edit-key useq@umcutrecht.nl

1. Run the command ‘fpr’, check if the fingerprint matches the one we provide you.
2. Run the command ‘sign’ to verify the fingerprint if the fingerprint is correct.

4 : Decrypting data

We use your public key to encrypt your sequencing data so only you (and anyone with access to your private key) will be able to decrypt the data. As soon as you’ve followed all the above steps you’re ready to decrypt any encrypted file we send you. Important : Make sure you have enough disk space (minimally twice the size of RUNID.gpg) on the disk you’re writing RUNID.tar.gz to. Also network drives are known to cause issues during decryption, so when possible try to read/write from a local disk.

To decrypt the data, run the command :

gpg ––output RUNID.tar.gz ––decrypt RUN.gpg

0: Installing Gpg4win

1: Creating a keypair

In this step you’ll create a public and private keypair.

1. Open Kleopatra and click on File -> New Key Pair. Select ‘Create a personal OpenPGP key pair’.
2. Enter your personal details and make sure the email and the name are the same as your USEQ username (the one used during sample submission) and email.
3. In ‘Advanced Settings’ in the section ‘Key Material’ select ‘DSA’ with default keysize of 2048 bits. Choose an expiry date under ‘Certificate Usage’ (Note : When expired you’ll have to create a new key pair and send it to us (See ‘3 : Export your public key’) ).
4. Click ‘Next’ followed by ‘Create’, a popup will appear and you’ll have to enter a secure passphrase (Important : Create a long passphrase using a combination of alphabetic and non-alphabetic characters).
5. When the popup saying ‘Key Pair Succesfully Created’ appears Click ‘Finish’. In the Kleopatra main window you’ll now see the key pair you just created together with all it’s details.

2 : Exporting your public key

In this step you will export your public key and share it with us.

1. In Kleopatra right click your key and select ‘Export’, save the public key file with a sensible name. Important : Do not export / share your private/secret key with us.
2. Email the public key file to useq@umcutrecht.nl. We will contact you as soon as possible to verify your key.

3 : Importing our public key

During this step you’ll import our public key. This key is used by GnuPG to verify us as the actual source of the data. You will execute this step as soon as we contact you to verify your public key.

1. Download the key and in Kleopatra select ‘Import’. In the file browser, find the key you just downloaded, select it and click ‘Open’.
2. A popup will appear asking you to certify the key you just imported. Click ‘Yes’.
3. In the following menu select our key, check if the fingerprint matches the one we send together with the public key file. If it does select ‘I have verified the fingerprint’ and click ‘Next’.
4. In the next window select ‘Certify only for myself’ and click ‘Certify’.
5. A popup will appear asking you to enter the passphrase to the key pair you created in step 1. Enter the passphrase, click ‘Ok’ followed by ‘Finish’.

4 : Decrypting data

We use your public key to encrypt your sequencing data so only you (and anyone with access to your private key) will be able to decrypt the data. As soon as you’ve followed all the above steps you’re ready to decrypt any encrypted file we send you. Important : Make sure you have enough disk space (minimally twice the size of RUNID.gpg) on the disk you’re writing the decrypted file to and enough space on the C: drive (also, minimally t. Also, network drives are known to cause issues during decryption, so when possible try to read/write from a local disk.

1. In Kleopatra select File -> Decrypt/Verify Files.
2. Open the file you want to decrypt, select an output folder and click ‘Decrypt/Verify’.
3. If asked, enter the passphrase belonging to your key.

0 : Installing GPG Suite

1 : Creating a keypair

1. In this step you’ll create a public and private keypair. Open GPG Keychain and click the ‘New’ button.
2. Enter your name and email address. Make sure name and the email address are the same as your USEQ username (the one used during sample submission) and email.
3. Under ‘Advanced options’ set the ‘Key type’ to ‘DSA and Elgamal’ and ‘Length’ to 2048. Choose an expiry date (Note : When expired you’ll have to create a new keypair and send it to us (See ‘3 : Export your public key’) ).
4. Protect your keypair with a passphrase (Important : Create a long passphrase using a combination of alphabetic and non-alphabetic characters).
5. Click ‘Generate key’. When asked to upload your public key, click ‘No Thanks!’. In the GPG Keychain main window you’ll now see the key you just generated.

2 : Exporting your public key

In this step you will export your public key and share it with us.

1. In GPG Keychain select your key and click ‘Export’. Choose a sensible name for your public key and click ‘Save’. Important : Do not include the secret key in the export!
2. Email the public key file to useq@umcutrecht.nl. We will contact you as soon as possible to verify your key.

3 : Importing our public key

During this step you’ll import our public key. This key is used by GnuPG to verify us as the actual source of the data. You will execute this step as soon as we contact you to verify your public key.

1. Download our public key and in GPG Keychain click ‘Import’, select our public key and click ‘Open’.
2. Check if the Fingerprint matches the one we provide you. If it does right click our public key and select ‘Sign’.
3. In the next popup window do not select ‘Publish’ , but instead click ‘Sign’. You will be asked to enter the passphrase of the key pair you generated in step 1, after entering this click ‘OK’.

4 : Decrypting data

We use your public key to encrypt your sequencing data so only you (and anyone with access to your private key) will be able to decrypt the data. As soon as you’ve followed all the above steps you’re ready to decrypt any encrypted file we send you. Important : Make sure you have enough disk space (minimally twice the size of RUNID.gpg) on the disk you’re writing the output file to. Also network drives are known to cause issues during decryption, so when possible try to read/write from a local disk.

1. Right click the encrypted file, Services -> OpenPGP: Decrypt File and enter the passphrase belonging to your keypair.