TARSNAP-KEYMGMT(1)TARSNAP-KEYMGMT(1)NAME
tarsnap-keymgmt - generate subsets of tarsnap(1) key files
SYNOPSIS
tarsnap-keymgmt --outkeyfile new-key-file [-r] [-w] [-d] [--nuke]
[--passphrased] [--passphrase-mem maxmem] key-file ...
DESCRIPTION
tarsnap-keymgmt reads the provided key files and writes a new key file
containing only the keys required for the operations specified via the
-r (list and extract archives), -w (write archives), -d (delete ar‐
chives), and --nuke flags. Note that -d implies -r since it is impos‐
sible to delete an individual archive without being able to read it;
while a key file generated with --nuke can be used to delete all the
archives stored, but not individual archives.
The --recover command requires either (1) -d (archive deleting), (2) -w
(archive creating), or (3) --nuke keys. The --fsck command requires
either (1) both -w (archive writing) and -r (archive reading) keys, or
(2) -d (archive deleting) keys. The --fsck-prune command requires -d
(archive deleting) keys, since it needs to be able to delete corrupted
archives.
If the --passphrased option is specified, the user will be prompted to
enter a passphrase (twice) to be used to encrypt the key file.
If the --passphrase-mem maxmem option is specified, a maximum of maxmem
bytes of RAM will be used in the scrypt key derivation function to
encrypt the key file; it may be necessary to set this option if a key
file is being created on a system with far more RAM than the system on
which the key file will be used.
June 3, 2009 TARSNAP-KEYMGMT(1)