Updated documentation

2023-10-10 14:44:31 +02:00 · 2023-10-10 14:44:31 +02:00 · dab5ff3a94
commit dab5ff3a94
parent d4572f353f
3 changed files with 50 additions and 33 deletions
--- a/6
+++ b/6
@ -2,14 +2,14 @@ all:
 	install
 install:
-	mkdir -p /usr/local/share/man/man1 /usr/local/bin /usr/local/etc
+	mkdir -p /usr/local/bin /usr/local/etc
 	cp -R backup.sh /usr/local/bin/backup.sh
 	cp -R sources.bk /usr/local/etc/sources.bk
-	cp -R backup.sh.1 /usr/local/share/man/man1/backup.sh.1
+	cp -R backup.sh.1 /usr/share/man/man1/backup.sh.1
 	chmod 755 /usr/local/bin/backup.sh
 	chmod 644 /usr/local/etc/sources.bk
 uninstall:
 	rm -rf /usr/local/bin/backup.sh
 	rm -ff /usr/local/etc/sources.bk
-	rm -rf /usr/local/share/man/man1/backup.sh.1
+	rm -rf /usr/share/man/man1/backup.sh.1
--- a/README.md
+++ b/README.md
@ -18,7 +18,7 @@ Alternatively, you can install the script, the default sources file and the man
 $> sudo make install
 ```
 This will copy `backup.sh` into `/usr/local/bin/backup.sh`, `sources.bk` into `/usr/local/etc/sources.bk` and
-`backup.sh.1` into `/usr/local/share/man/man1/backup.sh.1`. To uninstall the program along with the sample _sources file_ and the manual page,
+`backup.sh.1` into `/usr/share/man/man1/backup.sh.1`. To uninstall the program along with the sample _sources file_ and the manual page,
 you can issue `sudo make uninstall`.
 At this point you still need to install the following dependencies:
--- a/backup.sh.1
+++ b/backup.sh.1
@ -1,4 +1,4 @@
-.\" Automatically generated by Pandoc 3.1
+.\" Automatically generated by Pandoc 2.17.1.1
 .\"
 .\" Define V font for inline verbatim, using C font in formats
 .\" that render this, and otherwise B font.
@ -14,11 +14,11 @@
 . ftr VB CB
 . ftr VBI CBI
 .\}
-.TH "backup.sh" "1" "March 14, 2023" "Marco Cetica" "General Commands Manual"
+.TH "backup.sh" "1" "October 10, 2023" "Marco Cetica" "General Commands Manual"
 .hy
 .SH NAME
 .PP
-\f[B]backup.sh\f[R] is a POSIX compliant, modular and lightweight backup
+\f[B]backup.sh\f[R] - POSIX compliant, modular and lightweight backup
 utility to save and encrypt your files.
 .SH SYNOPSIS
 .IP
@ -38,7 +38,7 @@ utility to save and encrypt your files.
 This tool is intended to be used on small scale UNIX environment such as
 VPS, small servers and workstations.
 \f[B]backup.sh\f[R] uses \f[I]rsync\f[R], \f[I]tar\f[R] and
-\f[I]openssl\f[R] to copy, compress and encrypt the backup.
+\f[I]gpg\f[R] to copy, compress and encrypt the backup.
 .SH OPTIONS
 .PP
 \f[B]backup.sh\f[R] supports two options: \f[I]backup creation\f[R] and
@ -137,7 +137,7 @@ Elapsed time: 10 seconds.
 .fi
 .PP
 After that, you will find the final backup archive in
-\f[V]/home/john/backup-<HOSTNAME>-<YYYMMDD>.tar.gz.enc\f[R].
+\f[V]/home/john/backup-<HOSTNAME>-<YYYYMMDD>.tar.gz.enc\f[R].
 .PP
 You can also use \f[B]backup.sh\f[R] from a crontab rule:
 .IP
@ -172,7 +172,7 @@ For instance:
 .IP
 .nf
 \f[C]
-$> ./backup.sh --extract backup-<hostname>-<YYYMMDD>.tar.gz.enc badpw1234
+$> ./backup.sh --extract backup-<hostname>-<YYYYMMDD>.tar.gz.enc badpw1234
 \f[R]
 .fi
 .PP
@ -190,8 +190,7 @@ backup-ssh-<YYYYMMDD>
 .SS How does backup.sh work?
 .PP
 \f[B]backup.sh\f[R] uses \f[I]rsync\f[R] to copy the files,
-\f[I]tar\f[R] to compress the backup and \f[I]openssl\f[R] to encrypt
+\f[I]tar\f[R] to compress the backup and \f[I]gpg\f[R] to encrypt it.
 it.
 By default, rsync is being used with the following parameters:
 .IP
 .nf
@ -213,36 +212,54 @@ That is:
 \f[R]
 .fi
 .PP
-After that the backup folder is being encrypred using openssl.
+After that the backup folder is being encrypted using gpg.
 By default, it is used with the following parameters:
 .IP
 .nf
 \f[C]
-$> openssl enc -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 -salt -k \[dq]$PASSWORD\[dq] > file.tar.gz.enc
+$> gpg -a \[rs]
        --symmetric \[rs]
        --cipher-algo=AES256 \[rs]
        --no-symkey-cache \[rs]
        --pinentry-mode=loopback \[rs]
        --batch --passphrase-fd 3 3<<< \[dq]$PASSWORD\[dq] \[rs]
        --output \[dq]$OUTPUT\[dq] \[rs]
        \[dq]$INPUT\[dq]
 \f[R]
 .fi
 .PP
-This command encrypts the backup using the AES-256-CBC symmetric
+This command encrypts the backup using the AES-256 symmetric encryption
-encryption algorithm with a 256bit key.
+algorithm with a 256bit key.
-Here is what each option means:
+Here is what each flag do: - \f[V]--symmetric\f[R]: Use symmetric
-.IP
+encryption;
-.nf
+.PD 0
-\f[C]
+.P
- enc: encrypt mode: tell openssl to use encryption functionality;  
+.PD
- aes-256-cbc: encryption algorithm: this option tells openssl which encryption algorithm to use;  
+- \f[V]--cipher-algo=AES256\f[R]: Use AES256 algorithm;
- md sh512: hashing algorithm: this option tells openssl which hashing algorithm to use for key derivation,
+.PD 0
-    i.e., converting the text-based password(\[ga]$PASSWORD\[ga]) into an encryption key;  
+.P
- pbkdf2: key deriving algorithm: this option tells openssl which key deriving algorithm to use. In this case
+.PD
-    we use the _password-based key derivation function 2_ algorithm;  
+- \f[V]--no-symkey-cache\f[R]: Do not save password on GPG\[cq]s cache;
- iter 100000: number of iterations: this options tells openssl the number of iteration to use for the key derivation
+.PD 0
-    function;  
+.P
- salt: enable salting: this option tells openssl to add a random salt to the key derivation process in order to 
+.PD
-    avoid rainbow table based attacks.
+- \f[V]--pinentry-mode=loopback --batch\f[R]: Do not prompt the user;
-\f[R]
+.PD 0
-.fi
+.P
 .PD
 - \f[V]--passphrase-fd 3 3<< \[dq]$PASSWORD\[dq]\f[R]: Read password
 without revealing it on \f[V]ps\f[R];
 .PD 0
 .P
 .PD
 - \f[V]--output\f[R]: Specify output file;
 .PD 0
 .P
 .PD
 - \f[V]$INPUT\f[R]: Specify input file.
 .SH EXAMPLES
 .PP
-Below there are some examples that demostrate \f[B]backup.sh\f[R]\[cq]s
+Below there are some examples that demonstrate \f[B]backup.sh\f[R]\[cq]s
 usage.
 .IP "1." 3
 Create a backup of \f[V]/etc/ssh\f[R], \f[V]/var/www\f[R] and