# Encrypt/Decrypt files for securily downloading data from TVB Web Gui

Before exporting data from TVB Web Gui, you might consider obtaining data in encrypted form in order to keep your data private.

For exporting data from TVB we recommend a public-private key encryption (RSA), where the user generates a pair of public and private keys. The public key is supposed to be passed to TVB in order to encrypt the data. The private key will be used by the user to decrypt the data after exporting.

Unfortunately, RSA by itself is not enough because it can only encrypt limited amounts of data, and TVB input files could grow easily. To solve this problem, the files are encrypted using a symmetric-key encryption algorithm, namely AES, and the password which is used for generating the symmetric key is encrypted using the public key obtained by TVB from the user.

The first cell can be run in order to generate the pair of public and private keys. You just need to specify a path where the two keys will be downloaded.



In [1]:
from tvb.storage.storage_interface import StorageInterface

key_base_path = # Enter path where you want your keys to be generated
encryption_handler = StorageInterface.get_import_export_encryption_handler()
encryption_handler.generate_public_private_key_pair(key_base_path)

When you wish to export your data in an encrypted form, you should upload the public key to TVB Web Gui. 

Your encrypted data will be downloaded in a zip format.
Run the next cell (don't forget to specify your paths before) in order to unzip the zip file and obtain a list of all files in the unziped folder.

In [2]:
from tvb.storage.h5.file.files_helper import TvbZip

zip_file_path = # Enter path to your downloaded and encrypted zip file
unzip_file_path = # Enter path where you want your files to be unzipped

tvb_zip = TvbZip(zip_file_path, 'r')
files = tvb_zip.unpack_zip(unzip_file_path)

The unpack_zip method returns a list of files where one of them is called 'encrypted_password.pem' and the others are files that you want to decrypt.

Run the next cell in order to separete the file for the encrypted password from the rest of the files.

In [3]:
encrypted_password = encryption_handler.extract_encrypted_password_from_list(files)

Finally, run the next cell in order to decrypt your data.

In [None]:
import os

private_key_path = # Enter path to your private key here (generated at the first step)
decryption_path = encryption_handler.decrypt_content(encrypted_password, files, private_key_path)
print("Your data has been decrypted here: " + os.path.dirname(decryption_path[0]))