Data Encryption Utrecht Sequencing Facility

0: Installing gpg
1: Creating a keypair

In this step you’ll create a public and private keypair.

Run the command :

gpg ––gen-key

1. Choose key type 2 (DSA and ElGamal).
2. Set key size to 2048 bits.
3. Choose an expiry date (Note : When expired you’ll have to create a new keypair and send it to us (See ‘3 : Export your public key’) ).
4. Please provide a user ID in addition to the key parameters. Please make sure the name and the email are the same as your USEQ username (the one used during sample submission) and email.
5. Protect your keypair with a passphrase (Important : Create a long passphrase using a combination of alphabetic and non-alphabetic characters).

2 : Creating a revocation certificate

This step creates a certificate used for revoking your public key. You will need this certificate if you forget your passphrase or if your private key is compromised or lost. If this happens, let us know and we’ll guide you through the needed steps (Important : Store this file somewhere safe ).

Run the command :

gpg ––output name_of_certificate.asc ––gen-revoke key_identifier

1. Replace ‘name_of_certificate’ with a sensible name. As key_identifier use the email you provided in the previous step.
2. Store the revocation certificate somewhere safe.

3 : Exporting your public key

In this step you will export your public key and share it with us.

Run the command :

gpg ––output name_of_my_key.gpg ––armor ––export key_identifier

1. Replace ‘name_of_my_key’ with a sensible name for your public key. As key_identifier, again, use the email you provided in step 1.
2. Email the public key file to useq@umcutrecht.nl together with a phone number. We will contact you as soon as possible to verify your key.

As soon as we do please run the command :

gpg ––fingerprint key_identifier

As key_identifier use the email you provided in step 1.

4 : Importing our public key

During this step you’ll import our public key. This key is used by GnuPG to verify us as the actual source of the data. You will execute this step as soon as we contact you to verify your public key.

Download our key and run the command :

gpg ––import usf_key.gpg

This imports our public key

Run the command :

gpg ––list-keys

Our key should now be in the list produced by this command(look for useq@umcutrecht.nl).

Run the command :

gpg ––edit-key useq@umcutrecht.nl

1. Run the command ‘fpr’, check if the fingerprint matches the one we provide you.
2. Run the command ‘sign’ to verify the fingerprint if the fingerprint is correct.

5 : Decrypting data

We use your public key to encrypt your sequencing data so only you (and anyone with access to your private key) will be able to decrypt the data. As soon as you’ve followed all the above steps you’re ready to decrypt any encrypted file we send you.

To decrypt the data, run the command :

gpg ––output RUNID.tar.gz ––decrypt RUN.gpg

0: Installing Gpg4win
1: Creating a keypair

In this step you’ll create a public and private keypair.

1. Open Kleopatra and click on File -> New Certificate. Select ‘Create a personal OpenPGP key pair’.
2. Enter your personal details and make sure the email and the name are the same as your USEQ username (the one used during sample submission) and email. Choose an expiry date (Note : When expired you’ll have to create a new keypair and send it to us (See ‘3 : Export your public key’) ).
3. In ‘Advanced Settings’ in the section ‘Key Material’ select ‘DSA’ with default keysize of 2048 bits.
4. Click ‘Next’ followed by ‘Create Key’ and enter a secure passphrase (Important : Create a long passphrase using a combination of alphabetic and non-alphabetic characters).
5. Click ‘Finish’.

2 : Creating a revocation certificate

This step creates a certificate used for revoking your public key. You will need this certificate if you forget your passphrase or if your private key is compromised or lost. If this happens, let us know and we’ll guide you through the needed steps (Important : Store this file somewhere safe ).

1. Open up a Windows ‘cmd’ window.
2. Run the command:
   

   gpg ––output name_of_certificate.asc ––gen-revoke key_identifier

3. Replace ‘name_of_certificate’ with a sensible name. As ‘key_identifier’ use the email you provided in the previous step. Please follow the prompted steps. The certificate is stored in the directory / folder you’re currently working in.

4. Store the revocation certificate somewhere safe.

3 : Exporting your public key

In this step you will export your public key and share it with us.

1. In Kleopatra right click your key and select ‘Export Certificates’, save the public key file with a sensible name.
2. Email the public key file to useq@umcutrecht.nl together with a phone number. We will contact you as soon as possible to verify your key. As soon as we do please move on to step 3.
3. Right click the key and select ‘Certificate Details’.

4 : Importing our public key

During this step you’ll import our public key. This key is used by GnuPG to verify us as the actual source of the data. You will execute this step as soon as we contact you to verify your public key.

1. Download the key and in Kleopatra select ‘Import Certificates’.
2. Open the tab ‘Imported Certificates’ , right click the key you just imported and select ‘Certify Certificate’.
3. If the fingerprint matches the one we provide you, select ‘I have verified the fingerprint’ and click ‘Next’.
4. In the next window select your own key and click ‘Certify’
5. Enter the passphrase belonging to your own key.

5 : Decrypting data

We use your public key to encrypt your sequencing data so only you (and anyone with access to your private key) will be able to decrypt the data. As soon as you’ve followed all the above steps you’re ready to decrypt any encrypted file we send you.

1. In Kleopatra select File -> Decrypt/Verify Files.
2. Open the file you want to decrypt, select an output folder and click ‘Decrypt/Verify’.
3. Enter the passphrase belonging to your key.

0 : Installing GPG Suite

1 : Creating a keypair

1. In this step you’ll create a public and private keypair. Open GPG Keychain and click the ‘New’ button.
2. Enter your name and email address. Make sure name and the email address are the same as your USEQ username (the one used during sample submission) and email.
3. Under ‘Advanced options’ set the ‘Key type’ to ‘DSA and Elgamal’ and ‘Length’ to 2048. Choose an expiry date (Note : When expired you’ll have to create a new keypair and send it to us (See ‘3 : Export your public key’) ).
4. Protect your keypair with a passphrase (Important : Create a long passphrase using a combination of alphabetic and non-alphabetic characters).
5. Click ‘Generate key’.

2 : Creating a revocation certificate

This step creates a certificate used for revoking your public key. You will need this certificate if you forget your passphrase or if your private key is compromised or lost. If this happens, let us know and we’ll guide you through the needed steps (Important : Store this file somewhere safe ).

1. In GPG Keychain right click the key you generated in step 1 and select ‘Generate Revoke Certificate’.
2. Choose a sensible name for the revoke certificate and click ‘Save’. When prompted for your passphrase use the same passphrase you entered in step 1.
3. Store the revocation certificate somewhere safe.

3 : Exporting your public key

In this step you will export your public key and share it with us.

1. In GPG Keychain select your key and click ‘Export’. Choose a sensible name for your public key and click ‘Save’.
2. Email the public key file to useq@umcutrecht.nl together with a phone number. We will contact you as soon as possible to verify your key.

4 : Importing our public key

During this step you’ll import our public key. This key is used by GnuPG to verify us as the actual source of the data. You will execute this step as soon as we contact you to verify your public key.

1. Download our public key and in GPG Keychain click ‘Import’, select our public key and click ‘Open’.
2. Check if the Fingerprint matches the one we provide you. If it does right click our public key and select ‘Sign’.
3. Select your own secret key and select ‘I have done very careful checking’. Deselect ‘Signature expires’ and click ‘Generate signature’. When prompted enter the passphrase belonging to your own keypair.

5 : Decrypting data

We use your public key to encrypt your sequencing data so only you (and anyone with access to your private key) will be able to decrypt the data. As soon as you’ve followed all the above steps you’re ready to decrypt any encrypted file we send you.

1. Right click the encrypted file, Services -> OpenPGP: Decrypt File and enter the passphrase belonging to your keypair.