Current version of specs can be found here.
curl -fsSL https://raw.githubusercontent.com/neicnordic/crypt4gh/master/install.sh | sudo sh
Go to the releases page and download the binary manually.
$ crypt4gh
crypt4gh [generate | encrypt | decrypt | reencrypt] <args>
generate:
-n, --name= Key pair name
-f, --format=[openssl|crypt4gh] Key pair format
-p, --password= Password to lock Crypt4GH private key (will be prompted afterwords if skipped)
encrypt:
-f, --file=FILE File to encrypt
-p, --pubkey=FILE Public key to use, this parameter can be used multiple times, one key per parameter
-s, --seckey=FILE Secret key to use
decrypt:
-f, --file=FILE File to decrypt
-s, --seckey=FILE Secret key to use
reencrypt:
-f, --file=FILE Input File to re-encrypt
-o, --out=FILE Output File to after re-encrypt
-p, --pubkey=FILE Public key to use, this parameter can be used multiple times, one key per parameter
-s, --seckey=FILE Secret key to use
Environment variables:
C4GH_SECRET_KEY If defined, it will be used as the secret key file if parameter not set parameter not set
C4GH_PASSPHRASE If defined it will be used as the default password for decoding the secret key
Examples on how to make use of the crypt4gh library are in the examples folder
crypt4gh generate -n=recipient-A
crypt4gh generate -n=recipient-B
crypt4gh generate -n=sender-C
crypt4gh encrypt -f sample.txt -s sender-C.sec.pem -p recipient-A.pub.pem
Multiple recipients can be added with by using the -p
parameter multiple times
crypt4gh encrypt -f sample.txt -s sender-C.sec.pem -p recipient-A.pub.pem -p recipient-B.pub.pem
crypt4gh decrypt -f sample.txt.c4gh -s recipient-A.sec.pem
Re-encrypting a file will completely replace the old header with a new one. If the file is intended to be decrypted by multiple recipients, all relevant public keys must be given again on re-encryption.
crypt4gh encrypt -f sample.txt -s sender-C.sec.pem -p recipient-A.pub.pem
crypt4gh reencrypt -f sample.txt.c4gh -s recipient-A.sec.pem -p recipient-B.pub.pem -p recipient-A.pub.pem -o cool.c4gh
crypt4gh decrypt -f cool.c4gh -s recipient-A.sec.pem
crypt4gh decrypt -f cool.c4gh -s recipient-B.sec.pem