Howdy, After setting up tarsnap I decided that I preferred to have my keys encrypted with a passphrase. I initially tried to accomplish that with: $ tarsnap-keymgmt --passphrased --outkeyfile tarsnap-encrypted.key tarsnap.key That seems to produce only subset of the keys, since the following fails: $ tarsnap --keyfile tarsnap-encrypted.key --list-archives Please enter passphrase for keyfile ec2-a.tarsnap.key: tarsnap: The read authorization key is required for --list-archives but is not available Here's a trivial patch that makes tarsnap-keymgmt generate all keys (CRYPTO_KEYMASK_USER) by default. Probably the man page should be updated, but that's beyond my ambition at the moment. Also, I think crypto_keys_export should fail when the keys argument is 0. It looks like that could result in calling malloc(0). I suppose another way of handling this would be to require that some keys be specified (and perhaps offering an --all option?). Thanks, Daniel
Attachment:
keymgmt-default-all-keys.patch
Description: Binary data