GEOFON news archive

Message Archive










Restricted Data Encryption

The GEOFON data center will start to deliver encrypted data for requests involving data from restricted experiments on 15th February 2012. This change will apply to all request methods (WebDC/BREQ_FAST/Arclink) currently supported. There will be no changes to the distribution of data from public Networks or Stations.

To decrypt the files received from our servers you will need a password that will be generated and mailed to you. You will only receive this password on the first time that you requested restricted data. This password that you will receive is a personal password corresponding to your individual e-mail address. It is also a data center wide password, i.e. it will be valid for all restricted data (from all networks archived here) that you requested from GEOFON. YOU SHOULD NOT SHARE THIS PASSWORD WITH OTHER USERS, even within your institution.

Currently we cannot change this password neither recover it, but on request we can reset it and you will receive a new one (that will not be valid to already requested/downloaded data). If you need to reset your password please contact us by e-mail to geofon_dc -at-, with a subject “Data center password” or similar.

Once you have the password the file decryption can be done with the standard OpenSSL tool. On most Linux distributions this tool comes already installed [1,2,3,4]. On Windows it can be downloaded from [5]. And on Mac OS X it should also be installed. The command to decrypt the received files is:

openssl des-cbc -pass pass:{Your Password} -in {Input File} -out {Output File} -d


{Your Password} = The password you received from us.
{Input File} = The encrypted file you want to decrypt.
{Output File} = The file that will contain the decrypted data.

Please also be aware that if you requested data compression (from the WebDC web site or using arclink_fetch[6]), after decrypting the file you should decompress it. Those files will be compressed with the bzip2 compression method. On Linux/MacOS X you can use the default bunzip2 tool (available on the command line, terminal). On Windows there are many versions of tools available that would handle the decompression.

Also, users of arclink_fetch[7] and Obspy[8] should make sure they are using a recent version with the python m2Crypto package installed. The latest version of arclink_fetch and the Obspy Arclink client already support the new encryption scheme and will decrypt the streams for you during the download of the data from our servers. For this to work please just create the 'dcidpasswords.txt' file as indicated by each software. THESE ARE THE MOST RECOMMENDED WAYS TO DOWNLOAD DATA.


[1] On OpenSUSE you can install the OpenSSL package using the command: zypper in openssl
[2] On Debian/Ubuntu you can install the OpenSSL package using the command: apt-get install openssl
[3] On Fedora you can install the OpenSSL package using the command: yum install openssl
[4] On CentOS you can install the OpenSSL package using the command: yum install openssl
[6] When arclink_fetch downloads a file that it cannot decrypt it will save the file with a .bz2.openssl extension. This indicates that this file is compressed and encrypted and should be decrypted and decompressed (in this order).

Updated 2012-01-26 15:10 UTC