Anonymization decrypt

[Felix]

Hi, 

after going through the doc of the anonymizer, I see there is an encrypt function of data. 

I was also wondering if there was also the possibility to decrypt or if you had any experience with some kind of similar functionality?

The flow we'd like to cover, would be:

 - encrypt sensible data and push to remote site

 - pull the remote data back from remote site,

 - decrypt and store in PACS. 

thx

[John Perry]

The DicomAnonymizer has an @encrypt(ElementName, "key") function. It encrypts the value of the specified element using the Blowfish algorithm and the specified key. The DicomEditor program used to have a Decrypt feature, but I took it out a few months ago when I rewrote the program. I didn't think anybody used it. It would be easy to put back. I could also turn it on in the element listing page of the FileStorageService. In both cases, you would have to select the DicomObject, get the listing page, click the element, and then enter the key. I doubt that this would satisfy your requirements.

 

This is the Java class I use: https://github.com/johnperry/Util/blob/master/source/java/org/rsna/util/CipherUtil.java

 

It also uses this class: https://github.com/johnperry/Util/blob/master/source/java/org/rsna/util/Base64.java

 

JP

--
You received this message because you are subscribed to the Google Groups "RSNA's CTP/MIRC User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rsnas-ctpmirc-user...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[David Clunie]

If you are going to do this sort of thing, there is a DICOM
standard for it, rather than making it up as you go along.

Specifically, see:


http://dicom.nema.org/medical/dicom/current/output/chtml/part03/sect_C.12.html#sect_C.12.1.1.4

This was demonstrated in an OFFIS project for RSNA, so is probably
implemented in dcmtk if you want to test against another
implementation.

The background is in Supp 55 Attribute Level Confidentiality, but
the standard has been updated since then with more attributes and
more algorithms.

ftp://medical.nema.org/medical/dicom/final/sup55_ft.pdf

The CMS stuff is shared with media encryption, by the way, and
if you need a Java implementation, there is one in BouncyCastle:

https://www.bouncycastle.org/

I mention media because of the CMS approach, but also because
if you are going to encrypt the entire data set to store and
forward (rather than just using transport layer security with
TLS), there is a DICOM standard for that too. See:

http://dicom.nema.org/medical/dicom/current/output/chtml/part15/chapter_D.html

David

[Felix]

Thanks John, 

So if I understand correctly, there is no way (after restore of functionalities) to automate the decryption currently. It would still require from the user, to perform some manual action?

If this is correct, would how hard would it be if I'd add a DicomDeAnonymizer stage, which uses the decrypt function from your CipherUtil?

At first sight I see these issues: 

  - the encryption of UID's could be problematic because they should be digits and have a root. 

  - also, does the encrypt take into account the constraints of each VR?

[Felix]

Thank you David that was helpful, especially the pdf.

I didn't find immediately something about encryption/decryption on the dcmtk wiki, but I'll dig deeper.

Furthermore, we don't plan to encrypt the media, only a set of attributes which could compromise privacy if received outside of an hospital (but which should be mapped back to the original data)

[matthe...@gmail.com]

I was considering using these class libraries to make a CLI binary for my purposes.

But before I do that, I was wondering if anyone had successful used one of the numerous online blowfish encrypt/decrypt website to decrypt the output of encrypt().

I couldn't find one that would even reproduce the ciphertext for a given element and key.

[matthe...@gmail.com]

There are slight differences between the encrypt() and decrypt() functions in CTP's AnonymizerFunctions.java and Util's CipherUtil, but I don't think they are relevant (ex. SecureRandom use in cipher.init() ).

The one thing I do see is that the encrypt() with Blowfish will output a Base64 string with padding at the end "==" that somewhere in CTP is being removed before writing to DICOM tag by Anonymizer stage.

To successfully decrypt this, you have to put the padding back. I don't see a function for padding the ciphertext. There is code for padding the keyText in getEncryptionKey().  Based on the old conversation above about DicomEditor have decrypt() at one point, but looks like that was pre-github since I don't see any older versions with evidence of this.... of note, there is a still a decrypt() function in AnonymizerFunctions.java that is not documented in DicomAnonymizer script documentation, but I don't think it will work in situ because of the removed padding in the ciphertext.