Quick start guide

For the complete guide on how to use sett, please refer to Encrypting, transferring, and decrypting data and OpenPGP key management.

GUI (Graphical User Interface)

Initial setup

  1. Download sett-gui from the download page. If you downloaded an installer, install sett-gui by double-clicking on the installer file.
  2. Run sett-gui by double-clicking on the executable file or by launching the installed app.

Key management

  1. If you do not already have a private/public OpenPGP key pair, go to the Keys tab and create one clicking on Add > Generate new key pair. See also the instructions given in the Generate a new public/private OpenPGP key pair section.

    You should then see your new key listed in the Keys tab, along with “Private” label that indicates that the private material for this key is present in the local keystore.

  2. If not already done, download the public OpenPGP key of the recipient(s) to whom you intend to send data (or from whom you will receive data). Go to the Keys tab and click on Add > Import from keyserver. See also the instructions given in the download public OpenPGP keys from the keyserver section.

  3. Just after downloading the recipient’s OpenPGP key, verify it to make sure that it is genuine. This can be done by either:

    • If you are a BioMedIT user: verify that the recipient’s key is labelled with a green Approved label. You can also expand the details of the key by clicking on the key in the list or on the small down arrow button to the right and verify that the Approval status is set to “Key is approved on Portal”, and the Revocation status is set to “Valid”.
    • Alternatively, contact the key owner and verify the key fingerprint with them.

Encrypting and sending data

  1. Go to the Encrypt and Transfer Data tab.

  2. Add one or more files and directories to encrypt by clicking the Add files or Add directories buttons.

  3. Select sender: select your own OpenPGP key. This is the key that will be used to sign the encrypted data.

  4. Select recipients: add one or more recipients by selecting them in the drop-down. These are the keys that will be used to encrypt the data, i.e. only these recipients will be able to decrypt the data.

  5. Data Transfer ID: specifying a valid Data Transfer Request ID is mandatory when a data package is transferred into the BioMedIT network. For other destinations, the Data Transfer ID field can be left empty (or set to any arbitrary value), and the Verify package checkbox must be disabled (in the Settings tab).

  6. Select destination: select local and choose a destination directory to encrypt to your local file system. Select s3 or sftp to encrypt and transfer directly to an S3 object store or an SFTP server, respectively.

  7. Click Encrypt data (local) or Encrypt and transfer data (s3 or sftp) to run the encryption workflow on your data.

Sending existing data packages

  1. Go to the Encrypt and Transfer Data tab.

  2. Select a file to transfer using the add sett Package button.

  3. Select the Destination to be used (sftp, s3).

  4. Enter the required destination parameters.

  5. Click Transfer data to start transferring your data package.

Decrypting data

  1. Go to the Decrypt tab.
  2. Select a data package to decrypt using the Select Package button.
  3. Specify your desired destination directory.
  4. Click on Decrypt package.

CLI (Command Line Interface)

The main commands to manage keys, encrypt, transfer and decrypt data with sett command line interface are given here.

OpenPGP key management

# Generate a new key pair
sett keys generate

# Import sender/recipient(s) public keys:
sett keys import from-keyserver alice@example.com

Encrypt and transfer data

# Data encryption only, saving to local disk
sett encrypt local --signer alice@email.com --recipient bob@example.com --output . FILES_OR_DIRECTORIES_TO_ENCRYPT

# Data encryption and transfer to object store
sett encrypt s3 --signer SIGNER_KEY --recipient RECIPIENT_KEY --recipient-path RECIPIENT_PATH
--endpoint ENDPOINT --bucket BUCKET --access-key ACCESS_KEY --secret-key SECRET_KEY \
FILES_OR_DIRECTORIES_TO_ENCRYPT

# Data encryption and transfer to object store, using portal authentication
sett encrypt s3-portal --signer SIGNER_KEY --recipient RECIPIENT_KEY --dtr DATA_TRANSFER_ID  \
FILES_OR_DIRECTORIES_TO_ENCRYPT

Transfer a sett package

# Data transfer of an existing sett package

# to S3 object store
sett transfer s3 --endpoint ENDPOINT \
--bucket BUCKET --access-key ACCESS_KEY --secret-key SECRET_KEY \
SETT_PACKAGE_TO_TRANSFER

# to S3 object store, using portal authentication.
# metadata.json inside to package needs to contain a valid data transfer ID
sett transfer s3-portal SETT_PACKAGE_TO_TRANSFER

# to SFTP server
sett transfer sftp --host HOST --username USERNAME --base-path DESTINATION_DIRECTORY --key-path SSH_KEY_LOCATION --key-pwd SSH_KEY_PASSWORD SETT_PACKAGE_TO_TRANSFER

Decrypt a sett package

# decrypt a local sett package
sett decrypt local SETT_PACKAGE_TO_DECRYPT

# fetch and decrypt package from S3 object store,
# using portal authentication
sett decrypt s3-portal --dtr DTR SETT_PACKAGE_TO_DECRYPT

# fetch and decrypt package from S3 object store
sett decrypt s3 \
--bucket BUCKET --access-key ACCESS_KEY --secret-key SECRET_KEY \
SETT_PACKAGE_TO_DECRYPT