.. _installing: =========================== Installation (local python) =========================== This page explains how crandas can be installed locally. Note that crandas can run in either a design or an authorized environment. More information about these environment and how they relate to each other can be found on the `help center `_. .. warning:: The entire installation section only applies if you are working in an authorized environment or running crandas locally. In demo environments or Jupyter environments provided by Roseman Labs, crandas is pre-installed -- so skip ahead to :ref:`the next section `. To complete this manual you will need to download and install `Python 3.9 or higher `_. If you are installing on Windows, don't forget to tick the box that says **Add python.exe to PATH** to ensure you can run python from any directory. .. _connecting: 1. Connecting to the engine ====================================== There are two different ways to connect to the engine: using the actual keys and certificates or using a connection file that contains all of this material in itself. From version 1.9, the connection file is the recommended mode to connect to the engine. Overview of certificates and files involved ------------------------------------------- Before you begin this process, it is useful to understand what each of the files do. - **Server public keys (.pk)**: We have a public key for each of the 3 servers. These keys are used to encrypt input data that is sent towards each server. The crandas client connects to one of the servers and sends the encrypted input data. The connected server, that can only decrypt 1 of the 3 encrypted streams, then forwards the encrypted data to the other two servers. - **Certificates:** When the crandas client connects to the engine, the certificate authenticates the engine server for the client. This ensures that the client is connecting to the correct server. - **Analyst key (.sk):** When an analysis is uploaded to the portal by the analyst, it is signed with their analyst key. When executing in an authorized environment, this key will be needed to ensure that the analyst that uploaded the analysis is the one that actually executes it (verified with the public key). This key should remain private. - **Connection file:** File that contains the URL and certificate for one of the servers, and public keys for the 3 servers to encrypt the uploads. Start a connection ------------------ .. tabs:: .. group-tab:: Connection file (v1.9.0 or higher) Log in into the portal and go to Settings >> Account. Click on 'Download connection file', and the file :code:`.vdlconn` it will be automatically stored in your :code:`Downloads` folder. .. tabs:: .. group-tab:: Windows 1. Open your home folder: a. Press WIN+R, the Windows Run window should open b. Enter :code:`%HOMEDRIVE%%HOMEPATH%` and press enter. c. A new Windows Explorer window should open that shows your Home folder. 2. In this home folder create a new folder called :code:`.config` (unless it already exists) 3. Go inside your :code:`.config` folder and create a new folder named :code:`crandas` (unless it already exists) 4. Move the file :code:`.vdlconn` to the :code:`crandas` folder you just created. .. group-tab:: Linux 1. Open your home folder in a Terminal window (:code:`cd ~`) 2. Create a new :code:`crandas` folder inside the :code:`.config` folder (:code:`mkdir -p ~/.config/crandas`). If the :code:`.config` folder doesn't exist then it will be created. 3. Move the file :code:`.vdlconn` to the :code:`crandas` folder you just created (:code:`mv ~/Downloads/.vdlconn ~/.config/crandas`) .. group-tab:: Certificates and public keys When the certificates are the means of authentication to the authorized environment, they will be provided out of band. You should have received an e-mail that contains a link to `our secure filesharing system `_. The first step is storing these certificates in a sub-folder in your home directory. In case you want to download the provided key material: .. tabs:: .. group-tab:: Windows 1. Download the ZIP or TAR file from the RL fileshare, and store it in your :code:`Downloads` folder. 2. Extract the ZIP or TAR file. You can do this with a program such as 7-Zip. 3. Open your home folder: a. Press WIN+R, the Windows Run window should open b. Enter :code:`%HOMEDRIVE%%HOMEPATH%` and press enter. c. A new Windows Explorer window should open that shows your Home folder. 4. In this home folder create a new folder called :code:`vdl_certs` 5. Move the contents of the ZIP/TAR file you unpacked to the vdl_certs folder you just created. .. group-tab:: Linux 1. Download the ZIP or TAR from the RL fileshare, and store it in your :code:`Downloads` folder. 2. Extract the ZIP or TAR file (go to the folder where the file is located. Right click on the file and then "Extract here" or "Extract to..."). 3. Open your home folder in a Terminal window (:code:`cd ~`) 4. In this home folder create a new folder called :code:`vdl_certs` (:code:`mkdir vdl_certs`) 5. Move the contents of the ZIP or TAR file you unpacked to the :code:`vdl_certs` folder you just created. In case you want to generate the keys and certificates yourself, you can follow these steps: .. dropdown:: Generate own key material 1. You will receive a ``2023keygen.py`` script. Save this script as a file named ``2023keygen_analystapprover.py`` in your home directory (can type ``%HOMEPATH%`` into the address bar of the File Explorer window or you can type in ``C:\Users\`` into the address bar and click the one with your username). 2. Open a command prompt (click ``windows key`` + ``R``, then type ``cmd`` - or you can just search for it) and navigate to your home directory(``%HOMEPATH%`` on windows or ``cd~`` on Linux) where you saved the ``2023keygen_analystapprover.py`` file (if it already says ``C:\Users\{your username}`` then you are already there). 3. Run the following command to install the required nacl library: ``pip install pynacl`` 4. Now, run the script by executing: ``python 2023keygen_analystapprover.py`` 5. The script will generate a folder called ``vdl_certs`` (in the same folder where you saved the keygen file) and the key pairs will be inside. After completing these steps, you will have successfully generated the key pairs and can proceed to use crandas in your Python scripts. 2. Installing crandas ===================== To be able to use crandas in your Python scripts we are going to install it by using: ``pip install crandas --index-url=https://pypi.rosemancloud.com``. crandas is hosted on a private Roseman Labs server rather than `pypi.org `_, so it is necessary to explicitly add the server url. Install a specific version of crandas ------------------------------------- To install a specific version of crandas we can run: ``pip install crandas== --index-url=https://pypi.rosemancloud.com``. You can replace ```` with the version of crandas you wish to install, e.g. ``v1.10.0``. Pip will occasionally not properly install a different version, in that case you can do the following: ``pip install --force-reinstall -v "crandas==". We recommend installing crandas in a virtual environment: .. tabs:: .. group-tab:: Windows If we want to install crandas in a virtual environment using `venv` on Windows. 1. Open a Command Prompt window: a. Press WIN+R, the Windows Run window should open b. Enter ``cmd`` and press enter. c. Navigate to the Home directory: ``cd %HOMEPATH%`` (or same as when saving the script above) 2. Create virtual environment by executing: ``python -m venv .crandas`` 3. Activate virtual environment by executing: ``.\.crandas\Scripts\activate.bat`` (you will know it has been activated as it will say ``(.crandas)``) 4. Install crandas: ``pip install crandas --index-url=https://pypi.rosemancloud.com`` .. note:: When you exit your virtual environment, you can activate it again as follows: - ``Windows key`` + ``R``, then type ``cmd``. - ``.\.crandas\Scripts\activate.bat`` .. group-tab:: Linux If we want to install crandas in a virtual environment using ``venv`` on Linux. 1. Open a Terminal window and navigate to the home directory folder: ``cd ~`` 2. Create virtual environment: ``python3 -m venv .crandas`` 3. Activate virtual environment: ``source .crandas/bin/activate``. 4. Install crandas: ``pip install crandas --index-url=https://pypi.rosemancloud.com`` .. note:: When you exit your virtual environment, you can activate it again as follows: - Navigate to the home directory folder: ``cd ~`` - Activate virtual environment: ``source .crandas/bin/activate``. Now crandas has been installed, we can start creating a script in a python editor of our choice. In this case, we refer to Jupyter: .. note:: On Debian/Ubuntu systems, you need to install the ``python3-venv`` package using the following command. .. code:: bash apt install python3.10-venv You might need super user (``sudo``) privileges to execute this command. For use with Jupyter notebooks ------------------------------ To install crandas for use with Jupyter, use ``pip install "crandas[notebook]" --index-url=https://pypi.rosemancloud.com``. This also installs dependencies that are needed to let crandas function well with Jupyter, in particular to show the progress bar for long-running operations. .. note:: When using Jupyter notebooks in Visual Studio Code, make sure to have the latest versions of packages, as earlier versions of VS Code did not correctly display the progress bar. More information about which package versions are needed can be found `here. `_ - ``pip install --force-reinstall -v "ipywidgets == 7.7.2"`` - ``pip install --force-reinstall -v "jupyterlab_widgets == 1.1.1"`` 3. Start an analysis ==================== We should still be in the virtual environment we created shown by ``(.crandas)``. Now we need to install a development environment such that we can work with crandas more easily, for example: ``pip install notebook`` will install jupyter notebook in the virtual environment (you will know it has been finished as it will say ``successfully installed...``). We can start creating our analysis by executing ``python -m jupyter notebook`` (or any python editor) and clicking **new** to start a new notebook. Finally we need to tell crandas the endpoint of the engine and which certificates to use to connect to it. This depends on whether you used the connection file or the actual certificates and key material: .. tabs:: .. group-tab:: Connection file (v1.9.0 or higher) .. code:: python import crandas as cd from crandas.base import session # connect your session to the engine session.connect("") .. group-tab:: Certificates and public keys .. code:: python import crandas as cd from crandas.base import session from pathlib import Path # Update to provided endpoint https://**NODE_IP**:**NODE_PORT**/api/v1 # (e.g. https://vdl-1c-cr-node2.rosemancloud.com:32601/api/v1) session.endpoint = '_____' # Set the base path to the folder where we have stored the certificates session.base_path = Path('./vdl_certs') # connect your session to the engine session.connect() .. # Set the path to the http certificate # (provided by Roseman Labs) session.certificate_path = Path("httpd0.crt") # Set the path to the analyst key # Note: The filename might have a different key, confirm by checking the vdl_certs directory session.query_signing_key = Path.home()/ 'vdl_certs/analystsign0.sk' # (Authorized only) Set path to json which contains the authorized transactions # The authorization is generated in the Web Portal session.authorization_file = 'signed-transactions.jsonl' To confirm that the setup has been done correctly, just send any query to the server, for example ``cd.demo_table()``. After this, crandas will be ready for us to use it to make secure computations.