This project provides a cryptographic signature-based scheme for ensuring data integrity when sharing nucleotide sequences online. The state-of-the-art methods, user authentication via user ID (e.g. ORCID) and file integrity check via checksum, do not offer user verification or assured integrity (e.g. checksums can be recalculated by adversaries).
This solution supports FASTA and FASTQ genomic data files, but its design provides a model for broader application.
Follow these steps to install DNASign in a clean Python environment.
- Git
- Python 3.12+ (recommended)
- (Recommended) Docker & Docker Compose if you plan to run the full stack
-
Clone the repository
git clone http://gitlab.local/dnasign/dnasign.git cd dnasign -
Create and activate a virtual environment
- macOS/Linux
python3 -m venv .venv source .venv/bin/activate python -m pip install --upgrade pip- Windows (PowerShell)
py -3 -m venv .venv .\.venv\Scripts\Activate.ps1 python -m pip install --upgrade pip
-
Install DNASign
- Standard install:
pip install . - Editable (developer) install:
pip install -e .
- Standard install:
-
Import sample data (optional, only required for verification)
- Add the decompressed sample data included with the latest release to the
dnasign/data/sample_datafolder. - Sample command (if
samples.tar.gzis in the same directory asdnasign):tar -cxvf samples.tar.gz dnasign/data/tar.gz
- Add the decompressed sample data included with the latest release to the
Below are two end-to-end checks, one for ingress (MITM between sequencer → repository) and one for egress (MITM between repository → user).
./run.shstarts stacks detached by default. If you prefer foreground logs, add-n(e.g.,./run.sh ingress -n) and run tests from a second terminal.
- From the project root:
./run.sh ingress
- Run the ingress-compatible tests:
Expected Results: All tests pass;
cd tests pytest --mode ingresstest_egress_mitm.pyis skipped (not run). - Tear down the ingress stack:
You can skip this teardown if you’re about to start the egress stack;
cd .. docker compose -f docker-compose.yml -f docker-compose.ingress.yml down --remove-orphans./run.sh egresswill tear down ingress for you.
- From the project root:
./run.sh egress
- Run the egress-compatible tests:
Expected Results: All tests pass;
cd tests pytest --mode egresstest_ingress_mitm.pyis skipped (not run). - Tear down the egress stack:
cd .. docker compose -f docker-compose.yml -f docker-compose.egress.yml down --remove-orphans
Tip: If you start with
./run.sh ingress -nor./run.sh egress -n, stop withCtrl+Cin that terminal when finished.
.
├── data
│ ├── keys
│ │ └── keys.json # in memory storage for key pairs
│ ├── sample_data
│ │ ├── GCF_000001735.4_TAIR10.1_genomic_bad_format1.fna
│ │ └── etc.
│ └── uploads # default storage location for repository
│ ├── signed.fastq.sig
│ └── etc.
├── docker-compose.egress.yml # contains Docker config for egress MITM
├── docker-compose.ingress.yml # contains Docker config for egress MITM
├── docker-compose.yml # contains default/shared Docker config
├── Keys
│ ├── ed25519.key
│ └── ed25519.pub
├── logs
│ └── genomic_sign_verify.log # contains otel data for signers and verifiers
├── main.py
├── pyproject.toml
├── README.md
├── requirements.txt
├── run.sh # sets up docker environments for testing/usage
├── Samples
├── scrambler.sh
├── setup.py
├── src
│ ├── common # contains common code for sequencer and repository
│ │ ├── __init__.py
│ │ ├── inline_sig_common.py
│ │ ├── otel_setup.py
│ │ ├── utils.py
│ │ └── verify_file_formats.py
│ ├── __init__.py
│ ├── mitm # contains scripts run by mitm to undermine genomic data integrity
│ │ ├── __init__.py
│ │ ├── modify_download.py
│ │ ├── modify_upload.py
│ │ ├── scramble.py
│ │ └── scrambler.sh
│ ├── repository # implements repository with verification upon download
│ │ ├── backend
│ │ │ ├── backend.py # contains endpoints for registering, uploading, etc.
│ │ │ ├── config.py
│ │ │ └── __init__.py
│ │ ├── Dockerfile
│ │ ├── __init__.py
│ │ └── verifiers
│ │ ├── hyper_verify.py # proof of concept for performant verification of massive files
│ │ ├── __init__.py
│ │ └── simple_verify.py # basic verification code
│ └── sequencer
│ ├── backend
│ │ ├── backend.py
│ │ └── __init__.py
│ ├── Dockerfile
│ ├── __init__.py
│ └── signers
│ ├── hyper_sign.py # proof of concept for performant signing of massive files
│ ├── __init__.py
│ └── simple_sign.py # basic signing code
├── tests
│ ├── conftest.py
│ ├── __init__.py
│ ├── test_backend.py
│ ├── test_egress_mitm.py
│ ├── test_format_verifiers.py
│ ├── test_hyper_sign_and_verify.py
│ ├── test_ingress_mitm.py
│ ├── test_performance_compare.py
│ ├── test_scrambler_logic.py
│ ├── test_simple_sign_and_verify.py
│ └── utils.py
The projects wishes to thank Kristina Zudock, Sterling McTee, Dillon Prendergast, Joseph Hirsch, and Charles Frick for their contributions to the intial release of DNASign.
This project developed by JHU/APL is for demonstration and research purposes. It is not “turn key” and is not safe for deployment without being tailored to production infrastructure. These files are not being delivered as software and are not appropriate for direct use on any production networks. JHU/APL assumes no liability for the direct use of these files and they are provided strictly as a reference implementation.
NO WARRANTY, NO LIABILITY. THIS MATERIAL IS PROVIDED “AS IS.” JHU/APL MAKES NO REPRESENTATION OR WARRANTY WITH RESPECT TO THE PERFORMANCE OF THE MATERIALS, INCLUDING THEIR SAFETY, EFFECTIVENESS, OR COMMERCIAL VIABILITY, AND DISCLAIMS ALL WARRANTIES IN THE MATERIAL, WHETHER EXPRESS OR IMPLIED, INCLUDING (BUT NOT LIMITED TO) ANY AND ALL IMPLIED WARRANTIES OF PERFORMANCE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT OF INTELLECTUAL PROPERTY OR OTHER THIRD PARTY RIGHTS. ANY USER OF THE MATERIAL ASSUMES THE ENTIRE RISK AND LIABILITY FOR USING THE MATERIAL. IN NO EVENT SHALL JHU/APL BE LIABLE TO ANY USER OF THE MATERIAL FOR ANY ACTUAL, INDIRECT, CONSEQUENTIAL, SPECIAL OR OTHER DAMAGES ARISING FROM THE USE OF, OR INABILITY TO USE, THE MATERIAL, INCLUDING, BUT NOT LIMITED TO, ANY DAMAGES FOR LOST PROFITS.