Added How it works and FAQ

aurelg · Nov 22, 2018 · e7fa97c · e7fa97c
1 parent 6548104
commit e7fa97c
Showing 1 changed file with 41 additions and 12 deletions.
diff --git a/README.md b/README.md
@@ -14,9 +14,7 @@ Inspired by [magic-wormhole](https://github.com/warner/magic-wormhole) and
 
 On machine A:
 
-```
-ipfs-wormhole.sh send <file or directory>
-```
+`ipfs-wormhole.sh send <file or directory>`
 
 Will encrypt and add the file (or the directory as a compressed tarball) to
 IPFS, and output a tag. If xclip is installed, the command to retrieve it will
@@ -26,22 +24,53 @@ be copied to the clipboard.
 
 On machine B:
 
-```
-ipfs-wormhole.sh receive <tag>
-```
+`ipfs-wormhole.sh receive <tag>`
 
 Will retrieve the file over IPFS if IPFS is installed and running, or if it's
 not, over HTTPS thanks to the [Cloudflare IPFS
 gateway](https://cloudflare-ipfs.com), decrypt it and save it locally.
 
 ## Check dependencies
 
-```
-ipfs-wormhole.sh checkdeps
-```
+`ipfs-wormhole.sh checkdeps`
 
 ## Update from the github repo
 
-```
-ipfs-wormhole.sh update
-```
+`ipfs-wormhole.sh update`
+
+# How it works
+
+Your data is encrypted on the sender's machine, using `gpg` and its default
+symmetric cipher (depending on your configuration), with a temporary random
+password generated by `pwgen`.
+
+Once encrypted, your data is made available for others from your machine using
+[IPFS](https://ipfs.io).
+
+The temporary password (as well as the base64 encrypted filename, for that
+matter) is concatenated to the IPFS hash in a `tag`, which consequently has to
+be transmitted over a secure channel to the recipient's machine (e.g. `ssh`).
+
+On the recipient's machine, the encrypted data is retrieved:
+
+- from IPFS if IPFS is runnning
+- over HTTPS from the Cloudflare IPFS gateway if IPFS it not running (or not
+  installed).
+
+The encrypted data is subsequently decrypted on the recipient's machine with the
+password (extracted from the tag), and saved with the proper file name (also
+extracted from the tag).
+
+Confidentiality is not an issue as long as you trust `gpg`, its default
+symmetric cipher (it's up to you to change it), and `pwgen`.
+
+# FAQ
+
+## Who owns my data once I use ipfs-wormhole?
+
+Yes. `ipfs-wormhole` is end-to-end encrypted with `gpg`.
+
+## Where does it store my data?
+
+Yourself. Your data are routed the sender's machine to the recipient's machine
+over [IPFS](https://ipfs.io).