tarsnap-recrypt (1) - Linux Manuals
tarsnap-recrypt: re-encrypts data stored using
NAME
tarsnap-recrypt - re-encrypts data stored using tarsnap(1).SYNOPSIS
--oldkey old-key-file --oldcachedir old-cache-dir --newkey new-key-file --newcachedir new-cache-dirDESCRIPTION
downloads and decrypts data using old-key-file and re-encrypts and uploads it using new-key-file After all the data has been re-uploaded, deletes the data using old-key-file so that the only remaining copy of the data is encrypted using new-key-file The key file new-key-file must have been generated by tarsnap-keyregen1 with old-key-filecheckpoints its progress after every 1-2 GB of data that it has copied; if it is interrupted it can be re-run and it will attempt to continue.
Note that after completes it will be possible to store more archives using the key old-key-file and the cache directory old-cache-dir so care should be taken to disable any automatic (e.g., cron(8)) archiving while is run.
EXAMPLES
The following sequence of commands will create new keys and re-encrypt data, assuming that the currently used keys are in /root/tarsnap.key and the current cache directory is /usr/local/tarsnap-cache
tarsnap-keyregen --keyfile /root/tarsnap.key.new --oldkey /root/tarsnap.key --user me [at] example.com --machine myserver
--oldkey /root/tarsnap.key --oldcachedir /usr/local/tarsnap-cache --newkey /root/tarsnap.key.new --newcachedir /usr/local/tarsnap-cache.new
rm -r /usr/local/tarsnap-cache
mv /usr/local/tarsnap-cache.new /usr/local/tarsnap-cache
rm /root/tarsnap.key
mv /root/tarsnap.key.new /root/tarsnap.key