TARSNAP-KEYMGMT(1) | General Commands Manual | TARSNAP-KEYMGMT(1) |
NAME
tarsnap-keymgmt
—
generate subsets of
tarsnap(1) key files
SYNOPSIS
tarsnap-keymgmt |
--outkeyfile new-key-file
[-r ] [-w ]
[-d ] [--nuke ]
[--passphrased ]
[--passphrase-mem maxmem]
[--passphrase-time maxtime]
key-file ... |
tarsnap-keymgmt |
--print-key-id
key-file |
tarsnap-keymgmt |
--print-key-permissions
key-file |
tarsnap-keymgmt |
--version |
DESCRIPTION
tarsnap-keymgmt
reads the provided key
files and writes a new key file (specified by
--outkeyfile
new-key-file)
containing only the keys required for the operations specified via the
-r
(list and extract archives),
-w
(write archives), -d
(delete archives), and --nuke
flags. Note that
-d
implies -r
since it is
impossible to delete an individual archive without being able to read it;
while a key file generated with --nuke
can be used
to delete all the archives stored, but not individual archives.
The following list shows which permissions are required for various tarsnap(1) command modes.
- --recover
- requires either (1)
-d
(archive deleting), (2)-w
(archive creating), or (3)--nuke
keys. - --fsck
- requires either (1) both
-w
(archive writing) and-r
(archive reading) keys, or (2)-d
(archive deleting) keys. - --fsck-prune
- requires
-d
(archive deleting) keys, since it needs to be able to delete corrupted archives.
If the --passphrased
option is specified,
the user will be prompted to enter a passphrase (twice) to be used to
encrypt the key file.
If the --passphrase-mem
maxmem option is specified, a maximum of
maxmem bytes of RAM will be used in the scrypt key
derivation function to encrypt the key file; it may be necessary to set this
option if a key file is being created on a system with far more RAM than the
system on which the key file will be used.
If the --passphrase-time
maxtime option is specified, a maximum of
approximately maxtime seconds will be used in the
scrypt key derivation function to encrypt the key file.
Note that if none of the -w
,
-r
, -d
, or
--nuke
options are specified, a key file will be
produced which does not contain any keys. This is probably not very
useful.
The --print-key-id
key-file option displays the 64-bit integer
corresponding to the key's machine number. This may be useful for scripts or
GUIs which manage a user's Tarsnap account, but is not likely to be helpful
for command-line use.
The --print-key-permissions
key-file option displays the permissions which the key
possesses.
The --version
option prints the version
number of tarsnap-keymgmt
, then exits.
February 10, 2022 | Linux 6.10.2-arch1-1 |