DragonFly On-Line Manual Pages
TARSNAP-RECRYPT(1) DragonFly General Commands Manual TARSNAP-RECRYPT(1)
NAME
tarsnap-recrypt - re-encrypts data stored using tarsnap(1).
SYNOPSIS
tarsnap-recrypt --oldkey old-key-file --oldcachedir old-cache-dir
--newkey new-key-file --newcachedir new-cache-dir
DESCRIPTION
tarsnap-recrypt downloads and decrypts data using old-key-file and re-
encrypts and uploads it using new-key-file. After all the data has been
re-uploaded, tarsnap-recrypt deletes the data using old-key-file so that
the only remaining copy of the data is encrypted using new-key-file. The
key file new-key-file must have been generated by tarsnap-keyregen(1)
with old-key-file.
tarsnap-recrypt checkpoints its progress after every 1-2 GB of data that
it has copied; if it is interrupted it can be re-run and it will attempt
to continue.
Note that after tarsnap-recrypt completes it will be possible to store
more archives using the key old-key-file and the cache directory
old-cache-dir so care should be taken to disable any automatic (e.g.,
cron(8)) archiving while tarsnap-recrypt is run.
EXAMPLES
The following sequence of commands will create new keys and re-encrypt
data, assuming that the currently used keys are in /root/tarsnap.key and
the current cache directory is /usr/local/tarsnap-cache:
tarsnap-keyregen --keyfile /root/tarsnap.key.new --oldkey
/root/tarsnap.key --user me@example.com --machine myserver
tarsnap-recrypt --oldkey /root/tarsnap.key --oldcachedir
/usr/local/tarsnap-cache --newkey /root/tarsnap.key.new
--newcachedir /usr/local/tarsnap-cache.new
rm -r /usr/local/tarsnap-cache
mv /usr/local/tarsnap-cache.new /usr/local/tarsnap-cache
rm /root/tarsnap.key
mv /root/tarsnap.key.new /root/tarsnap.key
DragonFly 6.5-DEVELOPMENT February 1, 2011 DragonFly 6.5-DEVELOPMENT