Here are some preliminary instructions for creating and using GPG keys with datasets available via the Language Bank of Finland.
GPG is short for GnuPG, The GNU Privacy Guard.
You may be asked for your public GPG key in the Language Bank Rights system when applying for access to a downloadable resource that includes confidential or sensitive data. This requirement only applies to specific datasets for which additional safeguards are needed. In order to complete your LBR application for such a resource, you need to know how to export your public key in ASCII format.
Please bear in mind that data encryption is only one of the mechanisms you can use for protecting confidential information. Encryption only helps during data transfer and storage. Before decrypting the data in order to use it for your research, you must make sure you have other safeguards in place. For larger projects with several participants who need secure access to the data, you might wish to consider using the SD platform at CSC, for example.
Naturally, you can also use GPG keys for sending and receiving encrypted email and other files, or for encrypting your own confidential data for safer storage and transfer.
Each key consists of two parts:
The Language Bank uses your public key to encrypt a package for you. Only you can then decrypt the package.
Your keys are stored in a keyring where your secrets are protected by a passphrase (i.e., a strong password, consisting of sufficiently many, i.e., no less than 14 characters, including letters, numbers and some special characters, for instance).
If someone has access to your keyring files and is sufficiently determined, they can ”brute-force” your passphrase.
Do not forget your passphrase! Without your passphrase, you cannot access your own private key. Without your private key, even you cannot decrypt the package!
If you already have your own key pair, and you have assigned it the identifier ”Kaino Tutkia (esim.) <firstname.lastname@example.org>”, the following command should create a keyfile, which can be uploaded to Language Bank Rights. For technical reasons the extension needs to be .txt.
$ gpg --export --armour --output=katutkia_gpg.txt 'Tutkia (esim.)'
This command should not prompt for your passphrase. It exports only your public key, which is not a secret.
With the armour option, the file contains a block of printable ASCII characters that is safe to view but not very informative. If you are curious, the following command gives an informative (though naturally highly technical) synopsis of its contents.
$ gpg --list-packets katutkia_gpg.txt
If you are not already using gpg (GnuPG), but are otherwise using the command line environment and have gpg installed, you can start by
creating a key. If you wish, you can create more than one key. Be prepared to provide a passphrase that protects your secrets.
$ gpg --quick-generate-key 'Kaino Tutkia (esim.) <email@example.com>'
It is a useful convention to include your email address between the ”angle brackets” and other identifying information before them. In case you are going to use this key in order to ask the Language Bank to encrypt a research dataset that is to be accessed by you, you should include your official email address at your home institution.
The command should prompt for your passhprase to protect the secret components of the new key. Be prepared for this.
The command should use a default encryption algorithm. This may be a longish RSA cipher like rsa3072, or some newer and stronger cipher. You can provide another argument to select another key algorithm.
The command should create certain default key components, notably an encryption key, which in this discussion is the public key. A further
argument can be used to specify something else. Components can also be added afterwards.
The key generation process uses unpredictable input from your computer. If a sufficient amount is not already available, you may
need to move your mouse pointer around for a little while.
You can use the following command to see that your key really is in your keyring. This command does not list any secret components and will not prompt for your passphrase.
$ gpg --list-keys
The listing may contain other keys if this is not the only key in your keyring. You may have in your keyring other keys that you own, and you may import public keys of other people.
To only see your specific key, provide some text that matches your identifier but not any other key in your keyring.
$ gpg --list-keys '(esim.)'
You can also provide the fingerprint of the specific key, as shown in the listing.
$ gpg --decrypt --output=paketti.zip paketti.zip.gpg
This page has a persistent identifier: http://urn.fi/urn:nbn:fi:lb-2023052321