**WARNING**: a critical bug affects version 1.0.22 through 1.0.27
http://www.daemonology.net/blog/2011-01-18-tarsnap-critical-security-bug.html

**WARNING**: Due to a change in the Tarsnap key file format, key files
generated by the tarsnap-keygen and tarsnap-keymgmt utilities from
Tarsnap 1.0.22 and later cannot be used by pre-1.0.22 versions of
Tarsnap. (However, old key files can still be used with new versions of
Tarsnap.)

Changes since 1.0.21:
* Add support for passphrase-protected key files using AES256-CTR,
  HMAC-SHA256, and the scrypt key derivation function via a
  --passphrased option to tarsnap-keygen and tarsnap-keymgmt.
* Tarsnap key files are now base64-encoded (i.e., printable).
* Bug fix for non-FreeBSD systems: The autoconf script now correctly
  detects support for reading file flags, allowing them to be archived
  (and unbreaking --nodump support).
* Minor bug fixes and typographical corrections.