1GDCMANON(1)                   DICOM Manipulation.                  GDCMANON(1)
2
3
4

NAME

6       gdcmanon - Tool to anonymize a DICOM file.
7

SYNOPSIS

9           gdcmanon [options] file-in file-out
10           gdcmanon [options] dir-in  dir-out
11

DESCRIPTION

13       The gdcmanon tool is an implementation of PS 3.15 / E.1 / Basic
14       Application Level Confidentiality Profile (Implementation of E.1.1
15       De-identify & E.1.2 Re-identify)
16
17       This tool is split into two very different operating mode:
18
19       •   An implementation of PS 3.15, see -e and -d flags
20
21       •   A dumb mode, see –dumb
22
23       Dumb mode and PS 3.15 do not work well together, you should really only
24       use one type of anonymization. In case of doubt, avoid using –dumb.
25
26       In order to use the PS 3.15 implementation (-d & -e flag), you'll need
27       a certificate to do de-identification operations, and the associated
28       private key to do the re-identification operation. If you are only
29       doing a one-shot anonymization and do not need to properly re-identify
30       the DICOM file, you can safely discard the private key and only keep
31       the certificate. See OpenSSL refsection below for an example on how to
32       generate the private key/certificate pair.
33
34       gdcmanon will exit early if OpenSSL was not configured/build properly
35       into the library (see GDCM_USE_SYSTEM_OPENSSL in cmake).
36

PARAMETERS

38           file-in   DICOM input filename
39
40           file-out  DICOM output filename
41
42       or
43
44           file-in   DICOM input directory
45
46           file-out  DICOM output directory
47

OPTIONS

49       You need to specify at least one operating mode, from the following
50       list (and only one):
51
52   Required parameters
53             -e --de-identify            De-identify DICOM (default)
54             -d --re-identify            Re-identify DICOM
55                --dumb                   Dumb mode anonymizer
56
57       Warning when operating in dumb mode, you need to also specify an
58       operation to do, such as 'remove' or 'empty' a tag, see below the dumb
59       mode options.
60
61   specific options
62             -i --input                  DICOM filename / directory
63             -o --output                 DICOM filename / directory
64             -r --recursive              recursively process (sub-)directories.
65                --continue               Do not stop when file found is not DICOM.
66                --root-uid               Root UID.
67                --resources-path         Resources path.
68             -k --key                    Path to RSA Private Key.
69             -c --certificate            Path to Certificate.
70
71   encryption options
72                --des            DES.
73                --des3           Triple DES.
74                --aes128         AES 128.
75                --aes192         AES 192.
76                --aes256         AES 256.
77
78   dumb mode options
79                --empty   %d,%d           DICOM tag(s) to empty
80                --remove  %d,%d           DICOM tag(s) to remove
81                --replace %d,%d,%s        DICOM tag(s) to replace
82
83   general options
84             -h   --help
85                    print this help text and exit
86
87             -v   --version
88                    print version information and exit
89
90             -V   --verbose
91                    verbose mode (warning+error).
92
93             -W   --warning
94                    warning mode, print warning information
95
96             -E   --error
97                    error mode, print error information
98
99             -D   --debug
100                    debug mode, print debug information
101
102   environment variable
103             GDCM_ROOT_UID Root UID
104             GDCM_RESOURCES_PATH path pointing to resources files (Part3.xml, ...)
105

TYPICAL USAGE

107   De-identification (anonymization, encrypt)
108       The only thing required for this operation is a certificate file (in
109       PEM format).
110
111           $ gdcmanon --certificate certificate.pem -e original.dcm original_anonymized.dcm
112
113       You can use –asn1 option from gdcmdump to dump the generated DataSet as
114       ASN1 structure (see gdcmdump(1) for example).
115
116   Re-identification (de-anonymization,decrypt)
117       The only thing required for this operation is a private key (in PEM
118       format). It is required that the private key used for the
119       re-identification process, was the actual private key used to generate
120       the certificate file (certificate.pem) used during the
121       de-identification step.
122
123           $ gdcmanon --key privatekey.pem -d original_anonymized.dcm original_copy.dcm
124
125       You can then check that original.dcm and original_copy.dcm are
126       identical.
127
128   Multiple files caveat
129       It is very important to understand the following refsection, when
130       anonymizing more than one single file. When anonymizing multiple DICOM
131       files, you are required to use the directory input. You cannot call
132       multiple time the gdcmanon command line tool. Indeed the tool stores in
133       memory during the process only a hash table of conversion so that each
134       time a particular value is found it get always replaced by the same
135       de-identified value (think: consistent Series Instance UID).
136
137   Dumb mode
138       This functionality is not described in the DICOM standard. Users are
139       advised that improper use of that mode is not recommended, meaning that
140       important tag can be emptied/removed/replaced resulting in
141       illegal/invalid DICOM file. Only use when you know what you are doing.
142       If you delete a Type 1 attribute, chance is that your DICOM file will
143       be not accepted in most DICOM third party viewer. Unfortunately this is
144       often this mode that is implemented in popular DICOM Viewer, always
145       prefer what the DICOM standard describes, and avoid the dumb mode.
146
147       The following example shows how to use dumb mode and achieve 5
148       operations at the same time:
149
150       •   Empty the tag (0010,0010) Patient's Name,
151
152       •   Empty the tag (0010,0020) Patient ID,
153
154       •   Remove the tag (0010,0040) Patient's Sex
155
156       •   Remove the tag (0010,1010) Patient's Age
157
158       •   Replace the tag (0010,1030) Patient's Weight with the value '10'
159
160       You are required to check which DICOM attribute is Type 1 and Type 1C,
161       before trying to 'Empty' or 'Remove' a particular DICOM attribute. For
162       the same reason, you are required to check what are valid value in a
163       replace operation.
164
165           $ gdcmanon --dumb --empty 10,10 --empty 10,20 --remove 10,40 --remove 10,1010 --replace 10,1030,10 012345.002.050.dcm out.dcm
166
167       Multiple operation of –dumb mode can take place, just reuse the output
168       of the previous operation. Always use gdcmdump on the input and output
169       file to check what was actually achieved. You can use a diff program to
170       check only what changed (see gdcmdiff(1) for example).
171
172       Irreversible Anonymization
173           In some very rare cases, one would want to anonymize using the PS
174           3.15 mode so as to take benefit of the automatic conversion of all
175           content that could contain Patient related information.
176
177           In the end all Patient related information has been removed and has
178           been secretly stored in the 0400,0500 DICOM attribute. However to
179           make sure that no-one ever try to break that security using
180           brute-force algorithm, one want want to remove completely this
181           DICOM attribute. This will make the DICOM:
182
183           •   Completely free of any Patient related information (as per PS
184               3.15 specification)
185
186           •   Remove any mean of people to brute force attack the file to
187               find out the identity of the Patient
188
189           In this case one could simply do, as a first step execute the
190           reversible anonymizer:
191
192               $ gdcmanon -c certificate.pem input.dcm anonymized_reversible.dcm
193
194           and now completely remove the DICOM attribute containing the
195           secretly encrypted Patient related information:
196
197               $ gdcmanon --dumb --remove 400,500 --remove 12,62 --remove 12,63 anonymized_reversible.dcm anonymized_irreversible.dcm
198

OPENSSL

200       On most system you can have access to OpenSSL to generate the Private
201       Key/Certificate pair.
202
203   Generating a Private Key
204       Command line to generate a rsa key (512bit)
205
206           $ openssl genrsa -out CA_key.pem
207
208       Command line to generate a rsa key (2048bit)
209
210           $ openssl genrsa -out CA_key.pem 2048
211
212       Command line to generate a rsa key (2048bit) + passphrase
213
214           $ openssl genrsa -des3 -out CA_key.pem 2048
215
216   Generating a Certificate
217       From your previously generated Private Key, you can now generate a
218       certificate in PEM (DER format is currently not supported).
219
220           $ openssl req -new -key CA_key.pem -x509 -days 365 -out CA_cert.cer
221

DICOM STANDARD:

223       Page to the DICOM Standard:
224
225       http://dicom.nema.org/
226
227       The DICOM Standard at the time of releasing gdcmanon is:
228
229       ftp://medical.nema.org/medical/dicom/2008/
230
231       Direct link to PS 3.15-2008:
232
233       ftp://medical.nema.org/medical/dicom/2008/08_15pu.pdf
234

WARNINGS

236       Certain attributes may still contains Protected Health Information
237       (PHI) after an anonymization step. This is typically the case for
238       Patient's Address (0010,1040). The reason is that this particular
239       attribute is not supposed to be in the composite IODs in the first
240       place. DICOM Supp 142 includes it (however gdcmanon does not implement
241       it).
242

SEE ALSO

244       gdcmconv(1), gdcmdump(1), gdcmdiff(1), openssl(1), dumpasn1(1)
245

AUTHOR

247       Mathieu Malaterre
248           Main developer
249
251       Copyright © 2006, 2011 Mathieu Malaterre
252
253
254
255GDCM 3.0.8                        01/26/2021                       GDCMANON(1)
Impressum