A secure encryption tool for genomic data
Switch branches/tags
Nothing to show
Clone or download
Latest commit 1954a90 Sep 5, 2018
Failed to load latest commit information.
bin minor change Jun 22, 2018
example Minor changes Nov 20, 2017
img new logo Mar 9, 2018
progs Minor changes Nov 20, 2017
script minor change May 28, 2018
src minor change Jun 22, 2018
.travis.yml Update .travis.yml Sep 5, 2018
CMakeLists.txt minor change May 18, 2018
LICENSE Initial commit Dec 12, 2016
README.md Update README.md Jul 18, 2018
pass.txt Minor changes Nov 20, 2017
run.sh minor change May 28, 2018



Cryfa is a secure encryption tool for genomic data, and is also able to compact FASTA/FASTQ sequences by a factor of 3.


Get Cryfa and make the project, using:

git clone https://github.com/pratas/cryfa.git
cd cryfa
cmake .

Note, an already compiled version of Cryfa is available for 64 bit Linux OS in the bin/ directory.


If you want to run Cryfa in stand-alone mode, use the following command:

./cryfa [OPTION]... -k [KEY_FILE] [-d] [IN_FILE] > [OUT_FILE]

For example, to compact & encrypt:

./cryfa -k pass.txt in.fq > comp

and, to decrypt & unpack:

./cryfa -k pass.txt -d comp > orig.fq

Options are described in the following sections.

Input file format

Cryfa automatically detects a genomic data file format by looking inside the file and not by the file extension. For example, a FASTA file, say “test”, can be fed into Cryfa as "test", "test.fa", "test.fasta", "test.fas", "test.fsa" or any other file extension. By this explanation, running

./cryfa -k pass.txt test > comp

will be exactly the same as running

./cryfa -k pass.txt test.fa > comp

Note, a password file is not limited to any extension. Therefore, that file can either have no extension or any extension. For example, it can be "pass", "pass.txt", "pass.dat", etc.

Compare Cryfa with other methods

If you want to compare Cryfa with other methods, set the parameters in run.sh bash script, then run it:


With this script, you can download the datasets, install the dependencies, install the compression and encryption tools, run these tools, and finally, print the results.


To see the possible options, type:


which provides the following:

      ./cryfa [OPTION]... -k [KEY_FILE] [-d] [IN_FILE] > [OUT_FILE]

      Encrypt and compact:   ./cryfa -k pass.txt in.fq > comp     
      Decrypt and unpack:    ./cryfa -k pass.txt -d comp > orig.fq
      Encrypt:               ./cryfa -k pass.txt in > enc
      Decrypt:               ./cryfa -k pass.txt -d enc > orig

      Compact & encrypt FASTA/FASTQ files.
      Encrypt any text-based genomic data, e.g., VCF/SAM/BAM.

      -h,  --help
           usage guide

      -k [KEY_FILE],  --key [KEY_FILE]
           key file name -- MANDATORY
           The KEY_FILE would contain a password.
           To make a strong password, the "keygen" program can be
           employed via the command "./keygen".

      -d,  --dec
           decrypt & unpack
      -f,  --force
           force to consider input as non-FASTA/FASTQ
           Forces Cryfa not to compact, but shuffle and encrypt.
           If the input is FASTA/FASTQ, it is again considered as
           non-FASTA/FASTQ, therefore, compaction will be ignored,
           but shuffling and encryption will be performed.
      -v,  --verbose
           verbose mode (more information)

      -s,  --stop_shuffle
           stop shuffling the input

      -t [NUMBER],  --thread [NUMBER]
           number of threads

Cryfa uses standard ouput stream, hence, its output can be directly integrated with pipelines.

Make a key file

There are two methods to make a "KEY_FILE", in order to pass to the -k or --key flags, either saving a raw password in a file, or, employing the "keygen" program, which is provided to generate a strong password. The second method is highly recommended.

To apply the first method, the following commands can be used to save a raw password in a file, then passing it to Cryfa. In this case, "Such a strong password!" is our raw password and "pass.txt" is the file where we save our password. For the purpose of saving a password in a file, a text editor can also be used:

echo "Such a strong password!" > pass.txt
./cryfa -k pass.txt IN_FILE > OUT_FILE

Note, the password must include at least 8 characters. Although, employing this method is not recommended, but if you tend to use it, it would be a better practice to choose a "strong password".

A strong password:

  • has at least 12 characters;
  • includes lowercase letters (a-z), uppercase letters (A-Z), digits (0-9) and symbols (e.g. !, #, $, % and });
  • is not a character repetition (e.g. zzzzzz), keyboard pattern (e.g. qwerty) or digit sequences (e.g. 123456).

The second method to make a key file is using the "keygen" program, which automatically provides a strong password. Running


the following message appears:

Enter a password, then press 'Enter':

After typing a raw password, e.g. "A keygen raw pass!", and pressing "Enter", the following message appears:

Enter a file name to save the generated key, then press 'Enter':

The automatically generated strong password will be saved in the file that you specify its name, e.g. "key.txt", in this step. Note, the "keygen" program needs an initial raw password, which is not required to be strong itself, to generate a strong password. Afterward, you can use the following command to pass the key file, in this case "key.txt", to Cryfa:

./cryfa -k key.txt IN_FILE > OUT_FILE

If you are interested in the topic of "key management", which is to deal with generating, exchanging, storing, using and replacing keys, you can read the articles [1], [2], [3] and [4].


Please cite the followings, if you use Cryfa:

  • M. Hosseini, D. Pratas and A.J. Pinho, "Cryfa: a secure encryption tool for genomic data," Bioinformatics, bty645, 2018.
  • D. Pratas, M. Hosseini and A.J. Pinho, "Cryfa: a tool to compact and encrypt FASTA files," 11'th International Conference on Practical Applications of Computational Biology & Bioinformatics (PACBB), Springer, June 2017.


  • Release 2: Secure encryption of FASTA/FASTQ/VCF/SAM/BAM PLUS compacting FASTA/FASTQ.
  • Release 1: Encryption PLUS compacting FASTA.


Please let us know if there is any issues.


Cryfa is under GPL v3 license. For more information, click here.