Quick start guide

For the complete guide on how to use sett, please refer to Encrypting, transferring, and decrypting data and OpenPGP key management.

GUI (Graphical User Interface)

Initial setup

Download sett-gui from the download page. If you downloaded an installer, install sett-gui by double-clicking on the installer file.
Run sett-gui by double-clicking on the executable file or by launching the installed app.

Key management

If you do not already have a private/public OpenPGP key pair, go to the Keys tab and create one clicking on Add > Generate new key pair. See also the instructions given in the Generate a new public/private OpenPGP key pair section.

You should then see your new key listed in the Keys tab, along with “Private” label that indicates that the private material for this key is present in the local keystore.

BioMedIT
Your OpenPGP key must be registered with the BioMedIT portal before it can be used to sign or decrypt data packages. Please see the Register your public OpenPGP key in the BioMedIT portal section for details.
If not already done, download the public OpenPGP key of the recipient(s) to whom you intend to send data (or from whom you will receive data). Go to the Keys tab and click on Add > Import from keyserver. See also the instructions given in the download public OpenPGP keys from the keyserver section.
Just after downloading the recipient’s OpenPGP key, verify it to make sure that it is genuine. This can be done by either:
- If you are a BioMedIT user: verify that the recipient’s key is labelled with a green Approved label. You can also expand the details of the key by clicking on the key in the list or on the small down arrow button to the right and verify that the Approval status is set to “Key is approved on Portal”, and the Revocation status is set to “Valid”.
- Alternatively, contact the key owner and verify the key fingerprint with them.

Encrypting and sending data

Authenticated mode (BioMedIT)

sett provides “authenticated mode” that simplifies the encryption and transfer process by providing a list of available Data Transfer Requests (DTRs) and automatically fetching the required destination parameters and credentials (only available for the S3 destination).

To access this mode, go to the Profile tab and click “Sign in”. You will be redirected to the BioMedIT authentication system. After successful authentication, proceed to the Encrypt and Transfer Data tab.

Go to the Encrypt and Transfer Data tab.
Add one or more files and directories to encrypt by clicking the Add files or Add directories buttons.
Select sender: select your own OpenPGP key. This is the key that will be used to sign the encrypted data.
Select recipients: add one or more recipients by selecting them in the drop-down. These are the keys that will be used to encrypt the data, i.e. only these recipients will be able to decrypt the data.

BioMedIT
The selected recipients must be approved Data Managers of the project for which data is being encrypted.
Data Transfer ID: specifying a valid Data Transfer Request ID is mandatory when a data package is transferred into the BioMedIT network. For other destinations, the Data Transfer ID field can be left empty (or set to any arbitrary value), and the Verify package checkbox must be disabled (in the Settings tab).

BioMedIT
The Verify package checkbox should always be enabled, since a valid Data Transfer ID is required by the BioMedIT network.
Select destination: select local and choose a destination directory to encrypt to your local file system. Select s3 or sftp to encrypt and transfer directly to an S3 object store or an SFTP server, respectively.
Click Encrypt data (local) or Encrypt and transfer data (s3 or sftp) to run the encryption workflow on your data.

Sending existing data packages

Go to the Encrypt and Transfer Data tab.
Select a file to transfer using the add sett Package button.
Select the Destination to be used (sftp, s3).
Enter the required destination parameters.
BioMedIT

For transfers into the BioMedIT network, the destination parameters are provided by:
- Your local BioMedIT node, for transfers over sftp;
- By BioMedIT Portal, for transfers over s3. Please see the dedicated section of the Portal user guide for more information.
Click Transfer data to start transferring your data package.

Decrypting data

Go to the Decrypt tab.
Select a data package to decrypt using the Select Package button.
Specify your desired destination directory.
Click on Decrypt package.

CLI (Command Line Interface)

The main commands to manage keys, encrypt, transfer and decrypt data with sett command line interface are given here.

sett help

In the CLI each command and subcommand provides a help message that can be used to get more information about the available options (-h and --help for short and long help message respectively). For example:

sett --help
sett encrypt local -h
sett encrypt local --help

# Generate a new key pair:
sett keys generate

# Import sender/recipient(s) public keys:
sett keys import from-keyserver alice@example.com

# Data encryption:
sett encrypt local --signer alice@email.com --recipient bob@example.com --output . FILES_OR_DIRECTORIES_TO_ENCRYPT

# Data transfer

# to S3 object store:
sett transfer s3 --endpoint ENDPOINT --bucket BUCKET --access-key ACCESS_KEY --secret-key SECRET_KEY FILES_TO_TRANSFER

# to SFTP server:
sett transfer sftp --host HOST --username USERNAME --base-path DESTINATION_DIRECTORY --key-path SSH_KEY_LOCATION --key-pwd SSH_KEY_PASSWORD FILES_TO_TRANSFER

# Data decryption:
sett decrypt local ENCRYPTED_FILES.zip