.\" Man page Copyright 2006 Chris Morris .\" .\" This is free software; you can redistribute it and/or modify it under .\" the terms of the GNU General Public License version 2 or later as .\" published by the Free Software Foundation. .\" .\" This is distributed in the hope that it will be useful, but WITHOUT .\" ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or .\" FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License .\" for more details. .\" .TH kaya-rekey 1 "December 2006" "Kaya" "Kaya program reference" .SH NAME kaya-rekey \- Binary key regeneration for kaya web applications .SH SYNOPSIS .B kaya-rekey .I "FILE1 [FILE2 [...]]" .SH DESCRIPTION .B kaya-rekey gives all Kaya binaries specified on the command line a new application secret key .PP The application secret key makes webapps and CGI programs secure, by encrypting the state transfers. If you receive a webapp or CGI binary from someone else, or you believe someone untrusted has had read access to your binary, you can use the kaya-rekey application to generate a new application secret key without needing a recompile. .PP Binary distributors of Kaya applications are strongly recommended to use 'kaya-rekey' as part of the installation process. .PP Prior to Kaya 0.3.0 this utility was called rekey .SH OBTAINING .PP The latest release of Kaya can be obtained from .PP Development versions can be obtained using .B darcs(1) from .SH SECURITY .PP .B kaya-rekey will use /dev/random to generate the new key if possible. If /dev/random is unavailable (Windows without MinGW, for example), the new key will be generated pseudo-randomly. This may allow an attacker to easily guess the new key. In environments where security is a concern, therefore, we strongly recommend recompiling with .B kayac(1) rather than using .B kaya-rekey if /dev/random is unavailable. .PP .B kaya-rekey will give a warning when rekeying if /dev/random is unavailable. .SH BUGS .PP Please report bugs in kaya-rekey to .PP .B kaya-rekey cannot rekey Kaya binaries generated with a compiler older than the switch to AES256 encryption (i.e. older than 0.2.0 final version) .PP In rare cases, .B kaya-rekey may not be able to successfully rekey a file and will print an error instead. You must recompile in this case to get a new application key. .SH LICENSE .B kaya-rekey is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License (version 2 or any later version) as published by the Free Software Foundation. .SH SEE ALSO .BR kayac(1)