Tarsnap - Online backups for the truly paranoid

Navigation menu



     tarsnap-keymgmt -- generate subsets of tarsnap(1) key files


     tarsnap-keymgmt --outkeyfile new-key-file [-r] [-w] [-d] [--nuke]
                     [--passphrased] [--passphrase-mem maxmem]
                     [--passphrase-time maxtime] key-file ...
     tarsnap-keymgmt --print-key-id key-file
     tarsnap-keymgmt --print-key-permissions key-file
     tarsnap-keymgmt --version


     tarsnap-keymgmt reads the provided key files and writes a new key file
     (specified by --outkeyfile new-key-file) containing only the keys
     required for the operations specified via the -r (list and extract ar-
     chives), -w (write archives), -d (delete archives), and --nuke flags.
     Note that -d implies -r since it is impossible to delete an individual
     archive without being able to read it; while a key file generated with
     --nuke can be used to delete all the archives stored, but not individual

     The following list shows which permissions are required for various
     tarsnap(1) command modes.

               requires either (1) -d (archive deleting), (2) -w (archive cre-
               ating), or (3) --nuke keys.

               requires either (1) both -w (archive writing) and -r (archive
               reading) keys, or (2) -d (archive deleting) keys.

               requires -d (archive deleting) keys, since it needs to be able
               to delete corrupted archives.

     If the --passphrased option is specified, the user will be prompted to
     enter a passphrase (twice) to be used to encrypt the key file.

     If the --passphrase-mem maxmem option is specified, a maximum of maxmem
     bytes of RAM will be used in the scrypt key derivation function to
     encrypt the key file; it may be necessary to set this option if a key
     file is being created on a system with far more RAM than the system on
     which the key file will be used.

     If the --passphrase-time maxtime option is specified, a maximum of
     approximately maxtime seconds will be used in the scrypt key derivation
     function to encrypt the key file.

     Note that if none of the -w, -r, -d, or --nuke options are specified, a
     key file will be produced which does not contain any keys.  This is prob-
     ably not very useful.

     The --print-key-id key-file option displays the 64-bit integer corre-
     sponding to the key's machine number.  This may be useful for scripts or
     GUIs which manage a user's Tarsnap account, but is not likely to be help-
     ful for command-line use.

     The --print-key-permissions key-file option displays the permissions
     which the key possesses.

     The --version option prints the version number of tarsnap-keymgmt, then