Brought the archive count down to 31 from ~2000. Onwards to the re-crypt phase.
>>>>>>> Also, the original/existing key was not *passworded*, can I generate >>>>>>> the new key as ‘--passphrased’ and then proceed with the recrypt? I am >>>>>>> asking because I believe to re-encrypt, ‘tarsnap-keyregen’ has to be >>>>>>> used and the key is derived from the old key. >>>>>> >>>>>> Correct. To be more precise, the chunking parameters are kept from the >>>>>> old >>>>>> key but everything else is generated anew. (The chunking parameters >>>>>> need to >>>>>> be kept so that new data will deduplicate against the copied data.) >>>>>>> This also raised the question - does it render the old key useless >>>>>>> after the re-encryption is done, or both keys have access now? I assume this will happen locally i.e old_arch data with old_key will be downloaded; and re-crypted into new_arch with new_key; and then uploaded; [old_arch deleted]. Is “re-crypt done local” assumption mentioned above correct? If so: 1. Is there a way to “exclude” some paths/files while doing this re-crypt since they will happen locally anyway (if my assumption above is not incorrect; or maybe otherwise as well, if that’s possible)? If not a direct “re-crypt with excludes” cmd/arg way, then can I achieve what I am trying to do in any other way/workaround? 2. Can I also change archive naming while doing this re-crypt? (I am only interested in changing the hostname part i.e the label (?) before the time stamp - to keep a streamlined naming from now and onwards). Just in case. As an aide OR a long-shot - any suggested way to find versions available of certain folders and files by path across those 30 odd archives? Basically what I am trying achieve is not leave any data I know for sure I will never need and since I kinda dug deeper anyway, I wouldn’t mind digging a bit deeper.
