Decrypting all files in a directory

The graphical Crypt4gh interface provides an easy way to encrypt and decrypt individual files. However, the encrypted datasets may contain large amounts of files and in those cases doing encryption or decryption file-by-file can be too laborious.

This document provides simple scripting examples to illustrate how decryption process can be automatized. In practice automatized decryption process requires two functionalities:

1. Constructing a loop that finds encrypted files and executes decryption command.

2. A method that automatically provides the decryption password to decryption commands.

In the examples below we assume that we have a directory named as data1. The directory contains hundreds of files of which the encrypted files have .c4gh suffix. The encryption is done so that decryption can be done with secret key my-key.sec that is protected with password: badpasswd.

Decryption using bash script in Mac and Linux

In Linux and Mac machines crypt4ghcommand line tool is able to read the password of the private key from environment variable C4GH_PASSPHRASE. Thus the first step is set this variable. In bash shell this could in this case be done with commands:

read C4GH_PASSPHRASE
export C4GH_PASSPHRASE

Find command can be used to list all files that end with .c4gh in a given directory (data1) and its' subdirectories. This list can be used as an input for a for loop.

find data1 -name *.c4gh

Inside the loop we need to define a name for the decrypted file. I this case we use command pipeline rev | cut -c6- | rev to cut away the five last character of the encrypted filename ( i.e .c4gh ) to define a filename for decrypted data.

The actual decryption is done with command:

crypt4gh decrypt --sk my-key.sec < encrypted-file > decrypted-file

With these steps, the complete script could look like following:

#!/bin/bash

echo "Give the password of my-key.sec"
read C4GH_PASSPHRASE
export C4GH_PASSPHRASE

for f_encrypted in $(find data1 -name *.c4gh)
do
  echo "Decrypting $f_encrypted"
  #define the file name for the decrypted data
  f_decrypted=$(echo $f_encrypted | rev | cut -c6- | rev)
  crypt4gh decrypt --sk my-key.sec < "$f_encrypted" > $f_decrypted
done

The script could be executed with commands:

  chmod u+x decryption_script
  ./chmod u+x decryption_script

Decryption using windows PowerShell

Cryp4gh is available for Windows machines too, but the windows version is not able read the secret key password from environment variable. Because of that we need to use sda-cli.exe command instead. In this case the password can be stored in variable C4GH_PASSWORD.

Sda-cli.exe command can be downloaded from: https://github.com/NBISweden/sda-cli/releases

Once the command is available, the decryption can be done with following PowerShell commands. Here we assume that the data to be decrypted is in directory E:\data1.

$env:C4GH_PASSWORD = "badpasswd"
$files = (Get-ChildItem -Path 'E:\data1\'*.c4gh -Recurse).fullname

foreach ($f in $files) {
.\sda-cli decrypt -key .\my-key.sec $f  }

---

Last update: February 21, 2024

Do you find this page useful?

Yes

Thank you for your feedback!

No

Thank you! Your feedback is appreciated.

Please let us know how we could improve this page by contacting us or by creating an issue in GitHub. You can also edit this page yourself and contribute your improvements by creating a pull request.