Encrypt the original SACC file before saving it to disk #58
Assignees
Labels
Milestone
Comments
arthurmloureiro
added
enhancement
data-vector blinding
arthurmloureiro
added a commit
that referenced
this issue
Oct 18, 2024
Related to #58 Add encryption and decryption functionalities for SACC files. * **Encryption and Decryption**: - Add `generate_encryption_key`, `encrypt_data`, and `decrypt_data` methods in `src/smokescreen/datavector.py`. - Modify `save_concealed_datavector` method to encrypt the SACC file before saving. - Add `decrypt_sacc_file` function in `src/smokescreen/datavector.py`. * **Main Function**: - Update `main` function in `src/smokescreen/__main__.py` to handle encryption and decryption. - Add `decrypt`, `encrypted_file_path`, and `encryption_key_path` arguments to the `main` function. * **Tests**: - Add tests for `generate_encryption_key`, `encrypt_data`, and `decrypt_data` methods in `tests/test_datavector.py`. - Add tests for the modified `save_concealed_datavector` method. - Add tests for `decrypt_sacc_file` function. * **Documentation**: - Add a section in `docs/source/usage.rst` to document the encryption and decryption functionalities. * **Dependencies**: - Add `cryptography` as a dependency in `pyproject.toml` and `environment.yml`. Needs testing if the Fernet lib actually works with sacc! --- For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/LSSTDESC/Smokescreen/issues/58?shareId=XXXX-XXXX-XXXX-XXXX).
|
We can use the The follwing is a rough sketch that worked on a notebook: import pylab as plt
import sacc
from cryptography.fernet import Fernet
# example sacc to encrypt
path_to_sacc = "../examples/cosmic_shear/cosmicshear_sacc.fits"
# Generate a key and save it securely
key = Fernet.generate_key()
cipher_suite = Fernet(key)
# Read and encrypt the FITS file data
with open(path_to_sacc, 'rb') as file:
file_data = file.read()
encrypted_data = cipher_suite.encrypt(file_data)
# Save the encrypted data to a new file
with open('encrypted_file.fits', 'wb') as file:
file.write(encrypted_data)The resulting fits file cannot be read by SACC in any way until it is decrypted properly using: # decrypting the file and testing if it got corrupted or not:
# Load the key and initialize the cipher
cipher_suite = Fernet(key)
# Read the encrypted file and decrypt it
with open('encrypted_file.fits', 'rb') as file:
encrypted_data = file.read()
decrypted_data = cipher_suite.decrypt(encrypted_data)
# Save the decrypted data back to a FITS file
with open('decrypted_file.fits', 'wb') as file:
file.write(decrypted_data)We need to find a safe way to store the decryption key though. |
Merged
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To avoid accidental unblinding, we should encrypt the original sacc file before saving it. We should also save the encryption key in a text file and provide the user with a smokescreen function to decrypt (unblind) the original SACC.
To Do:
environment.yamlwith new dependenciespyproject.tomlwith the new dependenciesTagging @jablazek and @jessmuir for comments :)
The text was updated successfully, but these errors were encountered: