Export data from SD Desktop
Your virtual desktop is isolated from the internet for security reasons. Only the CSC project manager can export results or data from the secure workspace using Data Gateway application. The results are exported to SD Connect, where they will be available for download to your computer and can be manually decrypted.
Note
- Only one file can be exported at a time. To export multiple files, first compress them into a single folder.
- Files larger than 30 GB need to be split into smaller parts before exporting.
Step by step tutorial
- Download and install the Crypt4GH application
- Generate your encryption key pair
- Upload your public key to SD Connect
- Import the public key inside the virtual desktop
- Encrypt the files with your public key
- Export the files from SD Desktop
- Download the file from SD Connect and change extension
- Decrypt the file with crypt4GH application
- Advanced: Backup copies
Support available
Please reach out to us at servicedesk@csc.fi (subject: SD Desktop). We will guide you through the export process in an online meeting.
Step 1: Download and install the Crypt4GH application
CSC provides an application that simplifies encryption key generation and data decryption.
-
Download the appropriate version for your operating system from the GitHub repository:
-
Locate the Crypt4GH application in your Downloads folder.
Warning
For Windows, verify that the tool is digitally signed by CSC - IT Center for Science. If you see an error upon opening, click More info, confirm the publisher, and select Run anyway.
Step 2: Generate your encryption key pair
-
Open Crypt4GH and click Generate Keys (top right corner).
-
A new window will open, prompting you to enter a password (Private Key Passphrase). This password will be used to secure your secret key. Please use a strong password.
-
Click OK to generate the key pair. Crypt4GH will create:
* A secret key (e.g., username_crypt4gh.key) * A public key (e.g., username_crypt4gh.pub)
-
The keys will be saved in the same folder where the application resides (e.g. Downloads folder).
-
We recommend saving the key pair in a dedicated folder and renaming them descriptive names (e.g.,
export_public.pub
andexport_secret.key
). Common issues arise when keys are misplaced or mismatched. -
We recommend testing if the key pair works.
- Encrypt and decrypt a test file with Crypt4gh application.
- If you encrypted file can be opened after decrypting you know that keys work and you can proceed.
Warning
- If you lose or forget your secret key or password, you won’t be able to decrypt your files.
- Do not share your secret key or password.
- You need to create your keys only once for all encryption needs, but you may generate separate keys for different projects if desired.
Step 3: Upload the public key to SD Connect
- Log in to SD Connect.
- Select the correct CSC project in the top left corner.
- Click Upload in the top right corner.
- In the new window, name the destination folder for your files (e.g. project_export).
- Click Select Files to open a browser window and choose the public enycrption key (e.g. .pub file). Click Upload to start automatic encryption and upload.
- Once the upload is finished, the encryption key will be now visible from your virtual desktop.
Step 4: Import the public key inside the virtual desktop
- Access your virtual desktop. See instructions
- Open the Data Gateway application, select SD Connect, enter your CSC username and password, click on open folder and access the folder with the public key.
- Copy your public key inside the virtual desktop using copy/paste function.
Step 5: Encrypt the file
Exporting multiple files
To export multiple files, first compress them into a single folder, then encrypt as a single file.
- Place all files in a folder.
- Right-click the folder, select Send to > Compressed (zipped) folder.
Encrypt the file or folder
-
Open the terminal (right-click) and use your public key to encrypt the files you want to export. Crypt4GH is pre-installed on each virtual desktop and accessible programmatically.
The syntax for the encryption command is:
Here: -
public-key
is your public key file (e.g.,your-username.pub
). -input
is the file you wish to export (e.g.,my_results.csv
). -output
is the encrypted file (e.g.,my_results.csv.c4gh
).Example:
Step 6: Export the encrypted files from the virtual Desktop
Once the file is encrypted, only the CSC project manager can export them via the Data Gateway application or programmatically using the Airlock client.
Option A: Export via data Gateway application
- Open Data Gateway application
- Select SD Connect, enter user name and password.
- If you are CSC project manager, click on Export tab.
Option B: Export programmatically via Airlock client
-
Open the terminal (right-click) and use the following syntax:
username
is your CSC account username.data_output_bucket
is the name you assign to the bucket where the results will be exported. The Airlock client will create this bucket automatically within the same CSC project as your Desktop.filename
is the name of the encrypted file you wish to export.
Example:
-
Press Enter and enter your password when prompted.
!!! Note: If you attempt to upload an unencrypted file, the Data Gateway apploication or Airlock client will automatically encrypt it with the Sensitive Data services public key for security reasons and export it to SD Connect. You will be able to download this file, but you will not be able to decrypt it.
Step 7: Download the files from SD Connect and change extension
- Access SD Connect and locate the file you need. Click on Download.
- The user interface will display the message: "Some requested files could not be decrypted."
- After downloading the file, you need to adjust the extension:
- Right-click the file
- Choose "Rename," and add
.c4gh
to the end of the filename. - If opened with a text editor, the files will still be encrypted.
Step 8: Decrypt the files with the Crypt4gh application
Next, you can decrypt the file using the Crypt4GH application and your secret encryption key. Unfortunately, it is currently only possible to single files.
- Open the Crypt4GH application and click on load Your Private Key (expport_secrete.key)
- Click on Select File and upload the file you want to decrypt.
- Click on Open.
- Next, click on Decrypt File.
- The tool will ask you to write the secret key's password. Press ok.
- If your decryption runs successfully, the activity log will display the following:
The decrypted file will no longer display the
Decrypting..... Decryption has finished Decrypted file: C:/users/username/exampledirectory/examplefile
.c4gh
extension and will be saved in the same folder from which the original file was uploaded.
Note
In the case of decryption, adding the public key is not mandatory. Decryption will be executed anyway, but the activity log will display the following (the decryption will be executed anyway): ```text Sender public key has not been set, authenticity will not be verified.
Note
If you need to decrypt a large number of files, please check the tutorial Decrypting all files in a directory.
Advanced: Back-up copies
If project members need to make back-up copies from important files, the project manager can launch a back-up server process that project members can utilse to have backups. For details, see: SD Desktop Back-up server tutorial.