TARSNAP-RECRYPT(1) | General Commands Manual | TARSNAP-RECRYPT(1) |
NAME
tarsnap-recrypt
—
re-encrypts data stored using
tarsnap(1)
SYNOPSIS
tarsnap-recrypt |
--oldkey old-key-file
--oldcachedir old-cache-dir
--newkey new-key-file
--newcachedir
new-cache-dir |
tarsnap-recrypt |
--version |
DESCRIPTION
tarsnap-recrypt
downloads and decrypts
data using old-key-file and re-encrypts and uploads it
using new-key-file. After all the data has been
re-uploaded, tarsnap-recrypt
deletes the data using
old-key-file so that the only remaining copy of the
data is encrypted using new-key-file. The key file
new-key-file must have been generated by
tarsnap-keyregen(1) with
old-key-file.
tarsnap-recrypt
checkpoints its progress
after every 1-2 GB of data that it has copied; if it is interrupted it can
be re-run and it will attempt to continue.
Note that after tarsnap-recrypt
completes
it will be possible to store more archives using the key
old-key-file and the cache directory
old-cache-dir so care should be taken to disable any
automatic (e.g., cron(8)) archiving
while tarsnap-recrypt
is run.
The --version
option prints the version
number of tarsnap-recrypt
, then exits.
EXAMPLES
The following sequence of commands will create new keys and re-encrypt data, assuming that the currently used keys are in /root/tarsnap.key and the current cache directory is /usr/local/tarsnap-cache:
tarsnap-keyregen
--keyfile
/root/tarsnap.key.new --oldkey
/root/tarsnap.key --user
me@example.com --machine
myserver
tarsnap-recrypt
--oldkey
/root/tarsnap.key
--oldcachedir
/usr/local/tarsnap-cache
--newkey
/root/tarsnap.key.new
--newcachedir
/usr/local/tarsnap-cache.new
rm
-r
/usr/local/tarsnap-cache
mv
/usr/local/tarsnap-cache.new
/usr/local/tarsnap-cache
rm
/root/tarsnap.key
mv
/root/tarsnap.key.new
/root/tarsnap.key
February 10, 2022 | Linux 6.10.2-arch1-1 |