Tarsnap - Online backups for the truly paranoid

Navigation menu

tarsnap-keyregen(1)

NAME

     tarsnap-keyregen -- generate a key file for use with tarsnap-recrypt(1)

SYNOPSIS

     tarsnap-keyregen --keyfile key-file --oldkey old-key-file --user
                      user-name --machine machine-name [--passphrased]
                      [--passphrase-mem maxmem] [--passphrase-time maxtime]
     tarsnap-keyregen --version

DESCRIPTION

     tarsnap-keyregen generates a set of cryptographic keys which are compati-
     ble with an existing set of cryptographic keys, registers with the
     tarsnap server, and writes a key file for use with tarsnap-recrypt(1) and
     tarsnap(1).  The term "compatible" here means that it is possible to re-
     encrypt archives stored with the first set of keys to be stored with the
     second set of keys.  This is required because Tarsnap has some keys which
     need to stay the same when re-encrypting data; otherwise, existing ar-
     chives will become unreadable and cannot be used for deduplication.

     The --keyfile, --user, --machine, and --oldkey parameters are all
     required.

     If the --passphrased option is specified, the user will be prompted to
     enter a passphrase (twice) to be used to encrypt the key file.

     If the --passphrase-mem maxmem option is specified, a maximum of maxmem
     bytes of RAM will be used in the scrypt key derivation function to
     encrypt the key file; it may be necessary to set this option if a key
     file is being generated on a system with far more RAM than the system on
     which the key file will be used.

     If the --passphrase-time maxtime option is specified, a maximum of
     approximately maxtime seconds will be used in the scrypt key derivation
     function to encrypt the key file.