NAME
tarsnap-keyregen – generate a key file for use with tarsnap-recrypt(1)
SYNOPSIS
tarsnap-keyregen --keyfile key-file --oldkey old-key-file
--user user-name --machine machine-name [--passphrased]
[--passphrase-mem maxmem] [--passphrase-time maxtime]
tarsnap-keyregen --version
DESCRIPTION
tarsnap-keyregen generates a set of cryptographic keys which are
compatible with an existing set of cryptographic keys, registers with the
tarsnap server, and writes a key file for use with tarsnap-recrypt(1) and
tarsnap(1). The term "compatible" here means that it is possible to re-
encrypt archives stored with the first set of keys to be stored with the
second set of keys. This is required because Tarsnap has some keys which
need to stay the same when re-encrypting data; otherwise, existing
archives will become unreadable and cannot be used for deduplication.
The --keyfile key-file option specifies the name of the file in which to
write the newly-generated keys. The --oldkey old-key-file option
specifies the name of the file containing the old keys. The --user
user-name option specifies the name (i.e. email address) of the Tarsnap
account. The --machine machine-name option specifies a name which will
be displayed in accounting reports so that you can see how much data each
machine is storing.
If the --passphrased option is specified, the user will be prompted to
enter a passphrase (twice) to be used to encrypt the key file.
If the --passphrase-mem maxmem option is specified, a maximum of maxmem
bytes of RAM will be used in the scrypt key derivation function to
encrypt the key file; it may be necessary to set this option if a key
file is being generated on a system with far more RAM than the system on
which the key file will be used.
If the --passphrase-time maxtime option is specified, a maximum of
approximately maxtime seconds will be used in the scrypt key derivation
function to encrypt the key file.
The --version option prints the version number of tarsnap-keyregen, then
exits.
