| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132 |
- .TH TARSNAP-KEYMGMT 1 "@DATE@" ""
- .SH NAME
- .ad l
- \fB\%tarsnap-keymgmt\fP
- \- generate subsets of
- \fBtarsnap\fP(1)
- key files
- .SH SYNOPSIS
- .ad l
- .br
- \fB\%tarsnap-keymgmt\fP
- \fB\--outkeyfile\fP \fInew-key-file\fP
- [\fB\-r\fP]
- [\fB\-w\fP]
- [\fB\-d\fP]
- [\fB\--nuke\fP]
- [\fB\--passphrased\fP]
- [\fB\--passphrase-mem\fP \fImaxmem\fP]
- [\fB\--passphrase-time\fP \fImaxtime\fP]
- \fIkey-file\fP ...
- .br
- \fB\%tarsnap-keymgmt\fP
- \fB\--print-key-id\fP \fIkey-file\fP
- .br
- \fB\%tarsnap-keymgmt\fP
- \fB\--print-key-permissions\fP \fIkey-file\fP
- .br
- \fB\%tarsnap-keymgmt\fP
- \fB\--version\fP
- .SH DESCRIPTION
- .ad l
- \fB\%tarsnap-keymgmt\fP
- reads the provided key files and writes a new key file
- (specified by
- \fB\--outkeyfile\fP \fInew-key-file\fP)
- containing only the keys required for the operations
- specified via the
- \fB\-r\fP
- (list and extract archives),
- \fB\-w\fP
- (write archives),
- \fB\-d\fP
- (delete archives), and
- \fB\--nuke\fP
- flags.
- Note that
- \fB\-d\fP
- implies
- \fB\-r\fP
- since it is impossible to delete an individual archive without
- being able to read it; while a key file generated with
- \fB\--nuke\fP
- can be used to delete all the archives stored, but not individual
- archives.
- .PP
- The following list shows which permissions are required for various
- \fBtarsnap\fP(1)
- .IR command modes.
- .RS 5
- .TP
- .IR --recover
- requires either (1)
- \fB\-d\fP
- (archive deleting), (2)
- \fB\-w\fP
- (archive creating), or (3)
- \fB\--nuke\fP
- keys.
- .TP
- .IR --fsck
- requires either (1) both
- \fB\-w\fP
- (archive writing) and
- \fB\-r\fP
- (archive reading) keys, or (2)
- \fB\-d\fP
- (archive deleting) keys.
- .TP
- .IR --fsck-prune
- requires
- \fB\-d\fP
- (archive deleting) keys, since it needs to be able to delete
- corrupted archives.
- .RE
- .PP
- If the
- \fB\--passphrased\fP
- option is specified, the user will be prompted to enter a passphrase (twice)
- to be used to encrypt the key file.
- .PP
- If the
- \fB\--passphrase-mem\fP \fImaxmem\fP
- option is specified, a maximum of
- \fImaxmem\fP
- bytes of RAM will be used in the scrypt key derivation function to
- encrypt the key file; it may be necessary to set this option if a key
- file is being created on a system with far more RAM than the system
- on which the key file will be used.
- .PP
- If the
- \fB\--passphrase-time\fP \fImaxtime\fP
- option is specified, a maximum of approximately
- \fImaxtime\fP
- seconds will be used in the scrypt key derivation function to encrypt
- the key file.
- .PP
- Note that if none of the
- \fB\-w\fP,
- \fB\-r\fP,
- \fB\-d\fP,
- or
- \fB\--nuke\fP
- options are specified, a key file will be produced which does not
- contain any keys.
- This is probably not very useful.
- .PP
- The
- \fB\--print-key-id\fP \fIkey-file\fP
- option displays the 64-bit integer corresponding to the key's machine number.
- This may be useful for scripts or GUIs which manage a user's Tarsnap account,
- but is not likely to be helpful for command-line use.
- .PP
- The
- \fB\--print-key-permissions\fP \fIkey-file\fP
- option displays the permissions which the key possesses.
- .PP
- The
- \fB\--version\fP
- option prints the version number of
- \fB\%tarsnap-keymgmt\fP,
- then exits.
|
