Skip to content

Exporting data from virtual desktop

Prerequisites

Only project managers can export data

Your virtual desktop is isolated from the internet for security reasons. Only the CSC project manager can export results or data from the secure workspace using Data Gateway application. The results are exported to SD Connect, where they will be available for download to your computer and can be manually decrypted.

Note

  • Only one file can be exported at a time. To export multiple files, first compress them into a single folder.
  • Files larger than 30 GB need to be split into smaller parts before exporting.

Step by step

  1. Download and install the Crypt4GH application
  2. Generate your encryption key pair
  3. Upload your public key to SD Connect
  4. Import the public key inside the virtual desktop
  5. Encrypt the files with your public key
  6. Export the files from SD Desktop
  7. Download the file from SD Connect and change extension
  8. Decrypt the file with crypt4GH application
  9. Advanced: Backup copies

Support available

Please reach out to us at servicedesk@csc.fi (subject: SD Desktop). We will guide you through the export process in an online meeting.

1. Download and install the Crypt4GH application

CSC provides an application that simplifies encryption key generation and data decryption.

  1. Download the appropriate version for your operating system from the GitHub repository:

  2. Locate the Crypt4GH application in your Downloads folder.

Warning

For Windows, verify that the tool is digitally signed by CSC - IT Center for Science. If you see an error upon opening, click More info, confirm the publisher, and select Run anyway.

2. Generate your encryption key pair

  1. Open Crypt4GH and click Generate Keys (top right corner).

  2. A new window will open, prompting you to enter a password (Private Key Passphrase). This password will be used to secure your secret key. Please use a strong password.

Generate keys

  1. Click OK to generate the key pair. Crypt4GH will create:

    * A secret key (e.g., username_crypt4gh.key)
    
    * A public key (e.g., username_crypt4gh.pub)
    
  2. The keys will be saved in the same folder where the application resides (e.g. Downloads folder).

  3. We recommend saving the key pair in a dedicated folder and renaming them descriptive names (e.g., export_public.pub and export_secret.key). Common issues arise when keys are misplaced or mismatched.

  4. We recommend testing if the key pair works:

  5. Encrypt a test file with Crypt4gh application

    1. Load your public key.
    2. Select a test file.
    3. Click Encrypt file.

Test encrypt

  • Decrypt a test file with Crypt4gh application
    1. Load your private key.
    2. Select the encrypted test file.
    3. Click Encrypt file.
    4. Insert password.
    5. If you encrypted test file can be opened after decrypting you know that keys work and you can proceed.

Test decrypt

Warning

  • If you lose or forget your secret key or password, you won’t be able to decrypt your files.
  • Do not share your secret key or password.
  • You need to create your keys only once for all encryption needs, but you may generate separate keys for different projects if desired.

3. Upload the public key to SD Connect

  1. Log in to SD Connect.
  2. Select the correct CSC project in the top left corner.
  3. Click Upload in the top right corner.
  4. In the new window, name the destination folder for your files (e.g. project_export).
  5. Click Select Files to open a browser window and choose the public enycrption key (e.g. .pub file). Click Upload to start automatic encryption and upload.
  6. Once the upload is finished, the encryption key will be now visible from your virtual desktop.

4. Import the public key inside the virtual desktop

  1. Access your virtual desktop.
  2. Access the folder with the public key.
  3. Use the copy/paste function to paste your public key into the virtual desktop.

5. Encrypt the file

Exporting multiple files

To export multiple files, first compress them into a single folder, then encrypt as a single file.

  1. Create a new folder.
  2. Place all files into the folder.
  3. Right-click the folder, select Compress. Now your folder is a .zip file.

Encrypt the file or folder

  1. Open the terminal (right-click) and use your public key to encrypt the files you want to export. Crypt4GH is pre-installed on each virtual desktop and accessible programmatically.

    The syntax for the encryption command is:

    crypt4gh encrypt --recipient_pk public-key < input > output
    

    Here: - public-key is your public key file (e.g., your-username.pub). - input is the file you wish to export (e.g., my_results.csv). - output is the encrypted file (e.g., my_results.csv.c4gh).

    Example:

    crypt4gh encrypt --recipient_pk your-username.pub < my_results.csv > my_results.csv.c4gh
    

6. Export the encrypted files from the virtual Desktop

Once the file is encrypted, only the CSC project manager can export them via the Data Gateway application or programmatically using the Airlock client.

Option A: Export via data Gateway application

  1. Open Data Gateway application.
  2. Select SD Connect and enter CSC user name and password. Click Login and then click Continue.
  3. Click on Export tab. This is available only to project manager.
  4. Exported file will go to SD Connect. Choose the destination folder from existing folders in SD Connect. You can also first log in to SD Connect and create a new folder for exported files.
  5. Select file you want to export and click Export.
  6. Files are now in the folder you selected in SD Connect.

Option B: Export programmatically via Airlock client

  1. Open the terminal (right-click) and use the following syntax:

    airlock-client <<username>> <<data_output_bucket>> <<filename>>
    
    • username is your CSC account username.
    • data_output_bucket is the name you assign to the bucket where the results will be exported. The Airlock client will create this bucket automatically within the same CSC project as your Desktop.
    • filename is the name of the encrypted file you wish to export.

    Example:

    airlock-client cscuser analysis-2022 results-03.csv.c4gh
    
  2. Press Enter and enter your password when prompted.

!!! Note: If you attempt to upload an unencrypted file, the Data Gateway apploication or Airlock client will automatically encrypt it with the Sensitive Data services public key for security reasons and export it to SD Connect. You will be able to download this file, but you will not be able to decrypt it.

7. Download the files from SD Connect and change extension

  1. Access SD Connect and locate the file you need. Click on Download.
  2. The user interface will display the message: "Some requested files could not be decrypted."
  3. After downloading the file, you need to adjust the extension:
    • Right-click the file
    • Choose "Rename," and add .c4gh to the end of the filename.
    • If opened with a text editor, the files will still be encrypted.

Some requested files could not be decrypted.

After downloading the files, you need to adjust their extensions.

8. Decrypt the files with the Crypt4gh application

Next, you can decrypt the file using the Crypt4GH application and your secret encryption key. Unfortunately, it is currently only possible to single files and compressed folders.

  1. Open the Crypt4GH application and click Load My Private Key (export_secret.key)
  2. Click Select File and upload the file you want to decrypt. Click Open.
  3. Next, click Decrypt File.
  4. The tool will ask you to write the secret key's password. Click Ok.

Test decrypt

If your decryption runs successfully, the activity log will display the following:

Decrypting..... Decryption has finished Decrypted file: C:/users/username/exampledirectory/examplefile

The decrypted file will no longer display the .c4gh extension and will be saved in the same folder from which the original file was uploaded.

Note

In the case of decryption, adding the public key is not mandatory. Decryption will be executed anyway, but the activity log will display the following (the decryption will be executed anyway): ```text Sender public key has not been set, authenticity will not be verified.

Note

If you need to decrypt a large number of files, please check the tutorial Decrypting all files in a directory.

Advanced: Back-up copies

If project members need to make back-up copies from important files, the project manager can launch a back-up server process that project members can utilse to have backups. For details, see: SD Desktop Back-up server tutorial.