[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

tarsnap-keymgmt --outkeyfile foot bullet



The following is how NOT to add a passphrase to your tarsnap key:

$ tarsnap --outkeyfile key.new --passphrased key
$ mv key.new key

...thereby overwriting your key with a worthless one containing no
permissions.

Fortunately, I was doubly stupid and merely overwrote the inode rather
than securely wiping the unencrypted key. These stupidities cancelled
each other out, and I managed to recover my key by grepping my partition
for "# START OF TARSNAP KEY FILE".

Colin, please consider this anecdote to be a feature request: if none of
the -r/-w/-x/--nuke arguments are supplied to tarsnap-keymgmt, then
output a key containing all the permissions of the input key rather than
none of them.  Alternatively, at least warn the user that he's doing
something stupid.