Skip to main content
Python Software Foundation 20th Year Anniversary Fundraiser  Donate today!

GA4GH cryptographic utilities

Project description

Documentation Status Testsuite

Crypt4GH Encryption Utility

crypt4ghis a Python tool to encrypt, decrypt or re-encrypt files, according to the GA4GH encryption file format.


Python 3.6+ required to use the crypt4gh encryption utility.

Install it from PyPI:

pip install crypt4gh

or if you prefer the latest sources from Github:

git clone
pip install -r crypt4gh/requirements.txt
pip install ./crypt4gh


pip install git+


The usual -h flag shows you the different options that the tool accepts.

$ crypt4gh -h

Utility for the cryptographic GA4GH standard, reading from stdin and outputting to stdout.

   {PROG} [-hv] [--log <file>] encrypt [--sk <path>] --recipient_pk <path> [--recipient_pk <path>]... [--range <start-end>]
   {PROG} [-hv] [--log <file>] decrypt [--sk <path>] [--sender_pk <path>] [--range <start-end>]
   {PROG} [-hv] [--log <file>] rearrange [--sk <path>] --range <start-end>
   {PROG} [-hv] [--log <file>] reencrypt [--sk <path>] --recipient_pk <path> [--recipient_pk <path>]... [--trim]

   -h, --help             Prints this help and exit
   -v, --version          Prints the version and exits
   --log <file>           Path to the logger file (in YML format)
   --sk <keyfile>         Curve25519-based Private key.
                          When encrypting, if neither the private key nor C4GH_SECRET_KEY are specified, we generate a new key 
   --recipient_pk <path>  Recipient's Curve25519-based Public key
   --sender_pk <path>     Peer's Curve25519-based Public key to verify provenance (akin to signature)
   --range <start-end>    Byte-range either as  <start-end> or just <start> (Start included, End excluded)
   -t, --trim             Keep only header packets that you can decrypt

Environment variables:
   C4GH_LOG         If defined, it will be used as the default logger
   C4GH_SECRET_KEY  If defined, it will be used as the default secret key (ie --sk ${C4GH_SECRET_KEY})


Alice and Bob generate both a pair of public/private keys.

$ crypt4gh-keygen --sk alice.sec --pk
$ crypt4gh-keygen --sk bob.sec --pk

Bob encrypts a file for Alice:

$ crypt4gh encrypt --sk bob.sec --recipient_pk < file > file.c4gh

Alice decrypts the encrypted file:

$ crypt4gh decrypt --sk alice.sec < file.c4gh


File Format

Refer to the specifications or this documentation.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for crypt4gh, version 1.5
Filename, size File type Python version Upload date Hashes
Filename, size crypt4gh-1.5-py3-none-any.whl (31.9 kB) File type Wheel Python version py3 Upload date Hashes View
Filename, size crypt4gh-1.5.tar.gz (22.8 kB) File type Source Python version None Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring DigiCert DigiCert EV certificate Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page