[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
tarsnap-keymgmt --outkeyfile foot bullet
The following is how NOT to add a passphrase to your tarsnap key:
$ tarsnap --outkeyfile key.new --passphrased key
$ mv key.new key
...thereby overwriting your key with a worthless one containing no
permissions.
Fortunately, I was doubly stupid and merely overwrote the inode rather
than securely wiping the unencrypted key. These stupidities cancelled
each other out, and I managed to recover my key by grepping my partition
for "# START OF TARSNAP KEY FILE".
Colin, please consider this anecdote to be a feature request: if none of
the -r/-w/-x/--nuke arguments are supplied to tarsnap-keymgmt, then
output a key containing all the permissions of the input key rather than
none of them. Alternatively, at least warn the user that he's doing
something stupid.