kaya-rekey - Binary key regeneration for kaya web applications
kaya-rekey FILE1 [FILE2 [...]]
kaya-rekey gives all Kaya binaries specified on the command line a new
application secret key
The application secret key makes webapps and CGI programs secure, by
encrypting the state transfers. If you receive a webapp or CGI binary
from someone else, or you believe someone untrusted has had read access
to your binary, you can use the kaya-rekey application to generate a
new application secret key without needing a recompile.
Binary distributors of Kaya applications are strongly recommended to
use ’kaya-rekey’ as part of the installation process.
Prior to Kaya 0.3.0 this utility was called rekey
The latest release of Kaya can be obtained from
Development versions can be obtained using darcs(1) from
kaya-rekey will use /dev/random to generate the new key if possible. If
/dev/random is unavailable (Windows without MinGW, for example), the
new key will be generated pseudo-randomly. This may allow an attacker
to easily guess the new key. In environments where security is a
concern, therefore, we strongly recommend recompiling with kayac(1)
rather than using kaya-rekey if /dev/random is unavailable.
kaya-rekey will give a warning when rekeying if /dev/random is
Please report bugs in kaya-rekey to <firstname.lastname@example.org>
kaya-rekey cannot rekey Kaya binaries generated with a compiler older
than the switch to AES256 encryption (i.e. older than 0.2.0 final
In rare cases, kaya-rekey may not be able to successfully rekey a file
and will print an error instead. You must recompile in this case to get
a new application key.
kaya-rekey is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License (version 2 or any
later version) as published by the Free Software Foundation.