#!/bin/bash
#
# This example shows how to configure afio to write GnuPG encrypted archives.

# GnuPG is a complete and free replacement for PGP. Because it does not use
# IDEA or RSA it can be used without any restrictions. GnuPG is a RFC2440
# (OpenPGP) compliant application.

# This example uses a pass phrase in a file, for increased security.
# the file permissions of this file should be set to -rw--------
# (group and world unreadable) to keep the pass phrase secure

dir_to_backup=/usr/include/linux
passphrasefile=my_passphrasefile

# gpg has built-in compression but this feature cannot be used with
# afio (it should be disabled using the -z 0 to gpg, which can be set using
# -Q -z -Q 0 in afio).

find $dir_to_backup |afio -ovz -Z -U -P gpg -Q --symmetric -Q --passphrase-fd=3 -Q --no-verbose -Q --batch -Q --no-options -Q -z -Q 0 -3 3 my_archive_file 3<$passphrasefile

# The reason why gpg built-in compression cannot be used is as
# follows. When compression is used, and gpg is run twice on the same
# input file, it can generate differing outputs with different
# lengths.  This is a problem for afio if the output length is larger
# than the afio -M option value.  If the length is larger than the -M
# value, then afio will call the 'compression' program twice, once to
# get the 'compressed' file length and once to get the actual file
# contents and write them to the archive, and if the lenght is bigger
# in the second run then the data in the archive will be truncated
# (and therefore corrupted).  Afio does emit an error message when
# this happens, but it might be overlooked.

# the archive written with this script can be unpacked with afio_unpack_gpg