SRAToolkit Encryption
The portion of the toolkit that handles encryption and decryption is a module/library called 'krypto'.
This is significant to users of the NCBI utilities only in that that name will show up in various places.
The name is with a 'k' to differenctiate from the common 'crypto' library name particularly in Unix
like platforms using Open SSL.
Configuration
Encrypted command line arguments
Encryption specification in an URL
Some SRA Toolkit utilities use an Universal Resource Identifier (URI) syntax to identify files.
The first incarnation of this is the "ncbi-file" scheme. This is an extension to the standard
"file" scheme for an URL. The extension is addition of a query string. Two keys have been defined
at this point 'encrypt' (or 'enc') and 'pwfile'. Encrypt has no value while the value for the pwfile
is the path to the password file. The syntax for the hierarchical part of the URI is the same as the file scheme for
the platform on which the Toolkit is running. As an example "ncbi-file:/home/usr/me/read1.nenc?encrypt&pwfile=/home/usr/me/password"
has the 'ncbi-file' scheme, a hierarchical part of '/home/usr/me/read1.nenc' and a query part of 'encrypt&pwfile=/home/usr/me/password'.
This is a file named 'read1.nenc' in the Unix common home directory for user 'me' and encrypted using a password that is
in the file in the same directory named 'password'. If the program was being run on Windows that could have looked more like
"ncbi-file:C:\Users\me?encrypt&pwfile=C:\Users\me\password" with its different syntax for a hierachical part.
Encryption Configuration
Password File - krypto/pwfile
Encryption (krypto) expects a symbol that identifies the location of the default password file. The path should be
in the native file system notation.
Encryption Tools
This tool will encrypt, decrypt or re-encrypt a single file.
This tool will verify the data integrity of an encrypted file.
One would typically run this tool after the down load of an encrypted archive or other large file to ensure the download was complete and successful.
This tool uses
configuration to find the designated password file and change the contents.