[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Copy/migrate archives/history with a new key?

To: "tarsnap-users@tarsnap.com" <tarsnap-users@tarsnap.com>, cperciva@tarsnap.com
Subject: Re: Copy/migrate archives/history with a new key?
From: creed-january-twig@duck.com
Date: Thu, 21 Aug 2025 07:13:06 -0400
References: <BCEC8938-F9E0-4FB6-BF19-3804F3C49B10.1@smtp-inbound1.duck.com> <93a1963e-0929-4823-bcdf-5b23c4fadbd3@tarsnap.com> <1FEF0976-B971-465C-BDEB-2E4673131650.1@smtp-inbound1.duck.com> <D06D9CE6-4E01-4225-8D8A-368DBB2C0999.1@smtp-inbound1.duck.com> <CALfY4+-jQP8ybnESyEr7XKiXfu5Hh8Kg1g+SpS6aF7K1APJc=w@mail.gmail.com> <DD84DCC4-494F-4382-95DB-A443E704AEA1.1@smtp-inbound1.duck.com> <5C7B3690-6DEF-4100-A41D-F7A61AF6F110.1@smtp-inbound1.duck.com> <CALfY4+82K+BZntjRaFggw-9hE0063eFs16CHgmCUizfx8uJQeQ@mail.gmail.com> <5C024550-F388-4DD9-9336-B5F7B8B7FAAE.1@smtp-inbound1.duck.com> <86DC7026-9B17-45C5-9F89-60F9482B92CF.1@smtp-inbound1.duck.com> <CABaPp_j80nJ0vJFu9MC8T+jss2YkrKdnRr3gkdoTkffbjNbvsA@mail.gmail.com> <A524BF24-395E-4C7B-822F-297305274BB5.1@smtp-inbound1.duck.com> <63962DC0-A26A-4C72-8AC2-44B80098DCA5@icloud.com>

Brought the archive count down to 31 from ~2000. Onwards to the re-crypt phase.

>>>>>>> Also, the original/existing key was not *passworded*, can I generate the new key as ‘--passphrased’ and then proceed with the recrypt? I am asking because I believe to re-encrypt, ‘tarsnap-keyregen’ has to be used and the key is derived from the old key.
>>>>>> 
>>>>>> Correct.  To be more precise, the chunking parameters are kept from the old
>>>>>> key but everything else is generated anew.  (The chunking parameters need to
>>>>>> be kept so that new data will deduplicate against the copied data.)
>>>>>>> This also raised the question - does it render the old key useless after the re-encryption is done, or both keys have access now?

I assume this will happen locally i.e old_arch data with old_key will be downloaded; and re-crypted into new_arch with new_key; and then uploaded; [old_arch deleted]. 

Is “re-crypt done local” assumption mentioned above correct? If so:

1. Is there a way to “exclude” some paths/files while doing this re-crypt since they will happen locally anyway (if my assumption above is not incorrect; or maybe otherwise as well, if that’s possible)?

If not a direct “re-crypt with excludes” cmd/arg way, then can I achieve what I am trying to do in any other way/workaround?

2. Can I also change archive naming while doing this re-crypt? (I am only interested in changing the hostname part i.e the label (?) before the time stamp - to keep a streamlined naming from now and onwards). Just in case.

As an aide OR a long-shot - any suggested way to find versions available of certain folders and files by path across those 30 odd archives? Basically what I am trying achieve is not leave any data I know for sure I will never need and since I kinda dug deeper anyway, I wouldn’t mind digging a bit deeper.

References:
- Copy/migrate archives/history with a new key?
  - From: creed-january-twig@duck.com
- Re: Copy/migrate archives/history with a new key?
  - From: Colin Percival <cperciva@tarsnap.com>
- Re: Copy/migrate archives/history with a new key?
  - From: creed-january-twig@duck.com
- Re: Copy/migrate archives/history with a new key?
  - From: Chris Leyon <cleyon@gmail.com>
- Re: Copy/migrate archives/history with a new key?
  - From: creed-january-twig@duck.com
- Re: Copy/migrate archives/history with a new key?
  - From: Chris Leyon <cleyon@gmail.com>
- Re: Copy/migrate archives/history with a new key?
  - From: creed-january-twig@duck.com
- Re: Copy/migrate archives/history with a new key?
  - From: james young <pronoiac@gmail.com>

Prev by Date: Re: Unanticipated time and costs for full recovery
Next by Date: Re: Copy/migrate archives/history with a new key?
Previous by thread: Re: Copy/migrate archives/history with a new key?
Next by thread: Re: Copy/migrate archives/history with a new key?
Index(es):
- Date
- Thread