[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tarsnap-keygen script usage



I have a cloud-based system. Each server in the cloud is having tarsnap set up and generating its own key. The keys are then written to my own S3 bucket so that I can use them to recover the data.

But in the case that someone gets hold of the keys, I would also like the passphrase protection.

An alternative would be to have one master key that is copied out to each server, instead of having each server generate its own.

However, in that case it seems like the archives will all go into one master namespace (tarsnap --list-archives will show archives across all systems in the cloud). I would rather have the archives associated with the key that created them.

What do you think?

- kevin

On Thu, Jun 2, 2011 at 10:39 AM, Colin Percival <cperciva@tarsnap.com> wrote:
Oops, somehow I missed this when it first came in.

I don't think it's possible to specify a passphrase from a script unless
you fake a terminal -- given that a passphrase is supposed to be "something
you know" (and are sitting at a terminal typing in) rather than "something
you have" I'm not even sure why you want a script to provide the passphrase.

On 06/02/11 03:13, Kevin Gilpin wrote:
> Can someone advise me on this question please?
>
> - kevin
>
> On Sat, May 28, 2011 at 9:38 PM, Kevin Gilpin <kevin.gilpin@praxeon.com
> <mailto:kevin.gilpin@praxeon.com>> wrote:
>
>     I would like to provide the
>
>     --passphrased
>
>     argument from a script. How can I do that?
>
>     I have tried putting the arguments in a file separated by newlines
>     and then:
>
>     cat /tmp/tarsnap.txt | /usr/local/bin/tarsnap-keygen
>
>     but it didn't work. tarsnap-keygen prompted for the passphrase even
>     though the file contained 3 lines (my password, passphrase,
>     passphrase again)

--
Colin Percival
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid



--
CTO
Praxeon Inc
kevin.gilpin@praxeon.com