tarsnap-recrypt man page
tarsnap-recrypt — re-encrypts data stored using tarsnap(1).
|tarsnap-recrypt|| --oldkey |
tarsnap-recrypt downloads and decrypts data using
old-key-file and re-encrypts and uploads it using
new-key-file. After all the data has been re-uploaded, tarsnap-recrypt deletes the data using
old-key-file so that the only remaining copy of the data is encrypted using
new-key-file. The key file
new-key-file must have been generated by tarsnap-keyregen(1) with
tarsnap-recrypt checkpoints its progress after every 1-2 GB of data that it has copied; if it is interrupted it can be re-run and it will attempt to continue.
Note that after tarsnap-recrypt completes it will be possible to store more archives using the key
old-key-file and the cache directory
old-cache-dir so care should be taken to disable any automatic (e.g., cron(8)) archiving while tarsnap-recrypt is run.
The --version option prints the version number of tarsnap-recrypt, then exits.
The following sequence of commands will create new keys and re-encrypt data, assuming that the currently used keys are in
/root/tarsnap.key and the current cache directory is