Skip to main content

GA4GH cryptographic utilities

Project description

Documentation Status Testsuite

Crypt4GH Encryption Utility

crypt4ghis a Python tool to encrypt, decrypt or re-encrypt files, according to the GA4GH encryption file format.


Python 3.6+ required to use the crypt4gh encryption utility.

Install it from PyPI:

pip install crypt4gh

or if you prefer the latest sources from Github:

git clone
pip install -r crypt4gh/requirements.txt
pip install ./crypt4gh


pip install git+


The usual -h flag shows you the different options that the tool accepts.

$ crypt4gh -h

Utility for the cryptographic GA4GH standard, reading from stdin and outputting to stdout.

   crypt4gh [-hv] [--log <file>] encrypt [--sk <path>] --recipient_pk <path> [--range <start-end>]
   crypt4gh [-hv] [--log <file>] decrypt [--sk <path>] [--sender_pk <path>] [--range <start-end>]
   crypt4gh [-hv] [--log <file>] rearrange [--sk <path>] --range <start-end>
   crypt4gh [-hv] [--log <file>] reencrypt [--sk <path>] --recipient_pk <path> [--sender_public_key <path>] [--trim]

   -h, --help             Prints this help and exit
   -v, --version          Prints the version and exits
   --log <file>           Path to the logger file (in YML format)
   --sk <keyfile>         Curve25519-based Private key [default: ~/.c4gh/key]
   --recipient_pk <path>  Recipient's Curve25519-based Public key
   --sender_pk <path>     Peer's Curve25519-based Public key to verify provenance (aka, signature)
   --range <start-end>    Byte-range either as  <start-end> or just <start> (Start included, End excluded)
   -t, --trim             Keep only header packets that you can decrypt

Environment variables:
   C4GH_LOG         If defined, it will be used as the default logger
   C4GH_SECRET_KEY  If defined, it will be used as the default secret key (ie --sk ${C4GH_SECRET_KEY})


Alice and Bob generate both a pair of public/private keys.

$ crypt4gh-keygen --sk alice.sec --pk
$ crypt4gh-keygen --sk bob.sec --pk

Bob encrypts a file for Alice:

$ crypt4gh encrypt --sk bob.sec --recipient_pk < file > file.c4gh

Alice decrypts the encrypted file:

$ crypt4gh decrypt --sk alice.sec < file.c4gh


File Format

Refer to the specifications or this documentation.

Project details

Release history Release notifications

This version


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for crypt4gh, version 1.1
Filename, size File type Python version Upload date Hashes
Filename, size crypt4gh-1.1-py3-none-any.whl (31.2 kB) File type Wheel Python version py3 Upload date Hashes View hashes
Filename, size crypt4gh-1.1.tar.gz (22.0 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page