Age is a simple, modern and secure file encryption tool, format, and Go library
age is a simple, secure file encryption tool that supports UNIX-style composability, multiple recipients, and SSH public keys. It is easy to install and use across various platforms.
Read original article
age is a modern file encryption tool that emphasizes simplicity and security. It utilizes small explicit keys, requires no configuration, and supports UNIX-style composability. Users can generate keys and encrypt files using straightforward command-line instructions. For example, a key can be generated with `age-keygen`, and files can be encrypted and decrypted using the `age` command.
Installation is straightforward across various platforms, with package managers available for macOS, Linux, and Windows. Key features include support for multiple recipients, encryption with passphrases, and the ability to encrypt files using SSH public keys. Additionally, users can verify release signatures for pre-built binaries, enhancing security.
For comprehensive usage details, users can refer to the age man page, while additional resources include the official specification and a curated list of plugins and tools. An alternative implementation in Rust, called rage, is also available. The tool is maintained by Filippo Valsorda, focusing on user-friendliness and robust encryption capabilities.
Related
More Memory Safety for Let's Encrypt: Deploying ntpd-rs
Let's Encrypt enhances memory safety with ntpd-rs, a secure NTP implementation, part of the Prossimo project. Transitioning to memory-safe alternatives aligns with broader security goals, supported by community and sponsorships.
The XAES-256-GCM extended-nonce AEAD
XAES-256-GCM is a secure AEAD algorithm with 256-bit keys and 192-bit nonces, aiming for safety, compliance, and ease of use. It complements other AEAD implementations and receives support from various clients.
Rye: A Hassle-Free Python Experience
Rye is a Python project and package management tool for developers. It simplifies Python installations, project management, dependencies, and virtual environments. Installation instructions are available for Linux, macOS, and Windows systems. Users need Rust and Cargo for Rye.
How can a time traveler encrypt info so it's only decryptable after a given date
A time traveler can generate a secure encryption key using astronomical events like novas or historical timestamps, ensuring unpredictability and reliability while minimizing human interaction for data access.
Swift Homomorphic Encryption
Apple has released an open-source Swift package for homomorphic encryption, enabling secure computations on encrypted data. It enhances privacy for cloud services and supports applications like iOS 18's Live Caller ID Lookup.
- Many users appreciate Age for its simplicity and user-friendly experience compared to GPG/PGP.
- There are calls for Age to become a standard tool on Unix systems, reflecting a desire for more Unix-philosophy aligned encryption tools.
- Concerns are raised about the security of Age, with some users suggesting it should be paired with other tools for integrity and authenticity.
- Several users mention various implementations and projects related to Age, indicating a growing ecosystem.
- Some commenters advocate for traditional tools like GnuPG, emphasizing the importance of established standards in encryption.
18 commentsHere are some previous discussions
132 points on Feb 26, 2023 | 77 comments | https://news.ycombinator.com/item?id=34936504
126 points on Sept 26, 2022 | 54 comments | https://news.ycombinator.com/item?id=32980141
113 points on June 11, 2022 | 33 comments | https://news.ycombinator.com/item?id=31705670
494 points on Sept 6, 2021 | 88 comments | https://news.ycombinator.com/item?id=28435613
466 points on Dec 27, 2019 | 199 comments | https://news.ycombinator.com/item?id=21895671
and here some related resources
- a list of age ecosystem projects https://github.com/FiloSottile/awesome-age
- the format specification https://c2sp.org/age
- the Go library docs https://pkg.go.dev/filippo.io/age
- the CLI man page https://filippo.io/age/age.1
- the large reusable test suite (which I should write about!) https://c2sp.org/CCTV/age
- an interoperable Rust implementation by @str4d https://github.com/str4d/rage
- an official TypeScript implementation https://github.com/FiloSottile/typage (based on libsodium.js in the latest version, and on pure-js Noble libraries on main)
- a YubiKey plugin by @str4d https://github.com/str4d/age-plugin-yubikey
- the plugin protocol specification https://c2sp.org/age-plugin
- a Windows GUI by @spieglt https://github.com/spieglt/winage
- a discussion of the authentication properties of age https://words.filippo.io/dispatches/age-authentication/
- a discussion of the plugin architecture https://words.filippo.io/dispatches/age-plugins/
- a discussion of a potential post-quantum plugin https://words.filippo.io/dispatches/post-quantum-age/
- a password-store fork that uses age instead of gpg https://github.com/FiloSottile/passage (see also: how I use it with a YubiKey https://words.filippo.io/dispatches/passage/)
Anyway, just want to say that Age is great!
P.S. The author also did an analysis of Restic the backup tool [2] which also prompted me to setup nice backup solution for my machines. Pretty cool.
[0]: https://github.com/ryantm/agenix
Is using age like this to encrypt my files before uploading them to untrusted cloud storage not ok?
tar > age > cloud
Some comments mention signing with minisign. Should I be doing that like this:
tar > age > minisign > cloud
The option and argument handling is intuitive; it makes sense instantly. It gives a more grounded understanding of what's happening with the encryption process, especially because of the short-form recipient format.
Also, setting it up with a Yubikey and Passage (a GNU pass alternative for Age) was a breeze.
[1] https://github.com/FiloSottile/typage
[2] https://github.com/getsops/sops?tab=readme-ov-file#encryptin...
Lol, or 'git' according to one of my more sensitive colleagues.
From their FAQ [0]:
>Kryptor uses strong, fast, and modern cryptographic algorithms, offering post-quantum security. It also addresses security limitations of tools like age and Minisign.
>Unlike most tools, Kryptor limits metadata by using an indistinguishable from random encrypted file format. Encrypted files have no identifiable headers and are randomly padded. File names can also be encrypted.
And from their Secure section [1]:
>Private key encryption for protection at rest, unlike age.
[0]: https://www.kryptor.co.uk/faq#why-should-i-use-kryptor-over-...
Even then openssl or sq can solve the problem in the same number of commands but with sntabdards.
Most people are best off going with a modern implementation of the PGP standard, ideally via a smart card to protect you from key exfil via malware.
Tools like Keyfork, Sequoia, and/or openpgp-card-tool are almost certainly what you want for most personal signing, encryption, and authentication use cases.
You get broad compatibility with many many different tools.
So maybe take the "secure" claims with a grain of salt.
Related
More Memory Safety for Let's Encrypt: Deploying ntpd-rs
Let's Encrypt enhances memory safety with ntpd-rs, a secure NTP implementation, part of the Prossimo project. Transitioning to memory-safe alternatives aligns with broader security goals, supported by community and sponsorships.
The XAES-256-GCM extended-nonce AEAD
XAES-256-GCM is a secure AEAD algorithm with 256-bit keys and 192-bit nonces, aiming for safety, compliance, and ease of use. It complements other AEAD implementations and receives support from various clients.
Rye: A Hassle-Free Python Experience
Rye is a Python project and package management tool for developers. It simplifies Python installations, project management, dependencies, and virtual environments. Installation instructions are available for Linux, macOS, and Windows systems. Users need Rust and Cargo for Rye.
How can a time traveler encrypt info so it's only decryptable after a given date
A time traveler can generate a secure encryption key using astronomical events like novas or historical timestamps, ensuring unpredictability and reliability while minimizing human interaction for data access.
Swift Homomorphic Encryption
Apple has released an open-source Swift package for homomorphic encryption, enabling secure computations on encrypted data. It enhances privacy for cloud services and supports applications like iOS 18's Live Caller ID Lookup.