Re: tarsnap-keyregen

[Colin Percival <cperciva@tarsnap.com>]

On 02/08/11 05:07, Gabriel Kerneis wrote:
> I do not understand the manpage of tarsnap-keyregen:
> 
>  tarsnap-keyregen generates a set of cryptographic keys which are
>  compatible with an existing set of cryptographic keys, registers with
>  the tarsnap server, and writes a key file for use with
>  tarsnap-recrypt(1) and tarsnap(1).  The term "compatible" here means
>  that it is possible to reencrypt archives stored with the first set of
>  keys to be stored with the second set of keys.
> 
> Why is it necessary to use keyregen rather than keygen?  Is there some
> cryptographic trick happening (some key signing another, for instance),
> or is it just administrative stuff to associate several keys to a single
> machine?

Good question; I should probably have explained that better in the man pages.

Tarsnap has some keys which need to stay the same when re-encrypting data;
for example, there is a key used for mapping archive names to the 256-bit
names which identify metadata blocks.  If this key is changed, Tarsnap won't
be able to read archives since it won't be able to find the right metadata
blocks.  (The other two keys which need to remain constant when re-encrypting
relate to how Tarsnap splits file data into chunks -- if these keys change,
Tarsnap will still be able to read archives, but when creating new archives
it won't produce the same series of chunks, thus resulting in duplicated data.)

The difference between tarsnap-keygen and tarsnap-keyregen is essentially just
that tarsnap-keyregen keeps the keys which need to remain constant.

-- 
Colin Percival
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid