Z03 Encrypted Workflow
We are using DataLad to track and move around the motor assessment center data. We are also using GPG (GNU Privacy Guard) for two purposes: to sign new additions to the to the motor assessment collection (see the signing page) and to encrypt all the motor assessment data that we store. In addition to FZJ and INM-7 on-premise servers we are also using Sciebo cloud storage to hand over the data between Jülich and Cologne. When DataLad is used to download data, decryption is handled automatically.
GPG - signing and encryption
To get access to the motor assesment collection and / or to have their additions marked as "trusted", a Z03 member needs to:
- create a GPG key pair (start with the signing instructions linked above, or online tutorials)
- share their public key with INF
Before the GPG key is added to the trusted list (signing) or the recipient list (encryption), a senior Z03 member should vouch for the GPG identity via trusted communication channels (e.g. in person, or via an e-mail signed with a trusted GPG or S/MIME signature). INF recommends that the senior Z03 member explicitly names the person, their GPG key fingerprint (which, ideally, they would have confirmed in person), and their intended access rights.
Sciebo - cloud storage
We are using Sciebo (https://hochschulcloud.nrw/) to exchange encrypted data. Z03 members would likely already have accounts via UzK/UKK (https://uni-koeln.sciebo.de) or Jülich (https://fz-juelich.sciebo.de). If not, a guest account can also be created by INF.
For a new member to gain access to the shared folder, they should inform INF about their federated Sciebo user ID (the one with a double "@").
DataLad - data management software
DataLad software is required to access the motor assessment data collection. A data user needs to:
- install DataLad; preferred setup will differ between people, so please refer to the DataLad Handbook installation guide
- install and enable datalad-next extension following the DataLad-next docs
Windows tip: DataLad requires two external programs, Git and Git-annex. For the latter, prefer using the installer from the git-annex website over datalad-installer.
Further reading: encrypted workflow
If you would like to read more about the setup used for the encrypted data workflow, here's a few links with increasing level of complexity. Please consider those helpful but purely optional.
- https://emailselfdefense.fsf.org/en/ (introduction to GPG, focusing on e-mail encryption which is GPG's most common use)
- https://handbook.datalad.org/en/latest/usecases/encrypted_annex.html (DataLad handbook chapter describing our workflow for data exchange)
- https://git-annex.branchable.com/encryption/ (highly technical overview of how git-annex handles encryption; our mode is "hybrid")