NAME¶
kaya-rekey - Binary key regeneration for kaya web applications
SYNOPSIS¶
kaya-rekey FILE1 [FILE2 [...]]
DESCRIPTION¶
kaya-rekey gives all Kaya binaries specified on the command line a new
application secret key
The application secret key makes webapps and CGI programs secure, by encrypting
the state transfers. If you receive a webapp or CGI binary from someone else,
or you believe someone untrusted has had read access to your binary, you can
use the kaya-rekey application to generate a new application secret key
without needing a recompile.
Binary distributors of Kaya applications are strongly recommended to use
'kaya-rekey' as part of the installation process.
Prior to Kaya 0.3.0 this utility was called rekey
OBTAINING¶
The latest release of Kaya can be obtained from
<
http://kayalang.org/download>
Development versions can be obtained using
darcs(1) from
<
http://kayalang.org/darcs/>
SECURITY¶
kaya-rekey will use /dev/random to generate the new key if possible. If
/dev/random is unavailable (Windows without MinGW, for example), the new key
will be generated pseudo-randomly. This may allow an attacker to easily guess
the new key. In environments where security is a concern, therefore, we
strongly recommend recompiling with
kayac(1) rather than using
kaya-rekey if /dev/random is unavailable.
kaya-rekey will give a warning when rekeying if /dev/random is
unavailable.
BUGS¶
Please report bugs in kaya-rekey to <kaya@kayalang.org>
kaya-rekey cannot rekey Kaya binaries generated with a compiler older
than the switch to AES256 encryption (i.e. older than 0.2.0 final version)
In rare cases,
kaya-rekey may not be able to successfully rekey a file
and will print an error instead. You must recompile in this case to get a new
application key.
LICENSE¶
kaya-rekey is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License (version 2 or any later
version) as published by the Free Software Foundation.
SEE ALSO¶
kayac(1)