.\" Copyright 2011 Colin Percival
.\" All rights reserved.
.\"
.Dd February 10, 2022
.Dt TARSNAP-KEYREGEN 1
.Os
.Sh NAME
.Nm tarsnap-keyregen
.Nd generate a key file for use with
.Xr tarsnap-recrypt 1
.Sh SYNOPSIS
.Nm
.Fl -keyfile Ar key-file
.Fl -oldkey Ar old-key-file
.Fl -user Ar user-name
.Fl -machine Ar machine-name
.Op Fl -passphrased
.Op Fl -passphrase-mem Ar maxmem
.Op Fl -passphrase-time Ar maxtime
.Nm
.Fl -version
.Sh DESCRIPTION
.Nm
generates a set of cryptographic keys which are compatible
with an existing set of cryptographic keys, registers with
the tarsnap server, and writes a key file for use with
.Xr tarsnap-recrypt 1
and
.Xr tarsnap 1 .
The term "compatible"
here means that it is possible to re-encrypt archives stored with
the first set of keys to be stored with the second set of keys.
This is required because Tarsnap has some keys which need to stay the same
when re-encrypting data; otherwise, existing archives will become unreadable
and cannot be used for deduplication.
.Pp
The
.Fl -keyfile Ar key-file
option specifies the name of the file in which to write the newly-generated
keys.
The
.Fl -oldkey Ar old-key-file
option specifies the name of the file containing the old keys.
The
.Fl -user Ar user-name
option specifies the name (i.e. email address) of the Tarsnap account.
The
.Fl -machine Ar machine-name
option specifies a name which will be displayed in accounting reports so that
you can see how much data each machine is storing.
.Pp
If the
.Fl -passphrased
option is specified, the user will be prompted to enter a passphrase (twice)
to be used to encrypt the key file.
.Pp
If the
.Fl -passphrase-mem Ar maxmem
option is specified, a maximum of
.Ar maxmem
bytes of RAM will be used in the scrypt key derivation function to
encrypt the key file; it may be necessary to set this option if a key
file is being generated on a system with far more RAM than the system
on which the key file will be used.
.Pp
If the
.Fl -passphrase-time Ar maxtime
option is specified, a maximum of approximately
.Ar maxtime
seconds will be used in the scrypt key derivation function to
encrypt the key file.
.Pp
The
.Fl -version
option prints the version number of
.Nm ,
then exits.