A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

Overview

The age logo, an wireframe of St. Peters dome in Rome, with the text: age, file encryption

Go Reference man page

age is a simple, modern and secure file encryption tool, format, and Go library.

It features small explicit keys, no config options, and UNIX-style composability.

$ age-keygen -o key.txt
Public key: age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p
$ tar cvz ~/data | age -r age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p > data.tar.gz.age
$ age --decrypt -i key.txt data.tar.gz.age > data.tar.gz

The format specification is at age-encryption.org/v1. age was designed by @Benjojo12 and @FiloSottile.

An alternative interoperable Rust implementation is available at github.com/str4d/rage.

The author pronounces it [aɡe̞], like the Italian “aghe”.

Usage

For the full documentation, read the age(1) man page.

Usage:
    age [--encrypt] (-r RECIPIENT | -R PATH)... [--armor] [-o OUTPUT] [INPUT]
    age [--encrypt] --passphrase [--armor] [-o OUTPUT] [INPUT]
    age --decrypt [-i PATH]... [-o OUTPUT] [INPUT]

Options:
    -e, --encrypt               Encrypt the input to the output. Default if omitted.
    -d, --decrypt               Decrypt the input to the output.
    -o, --output OUTPUT         Write the result to the file at path OUTPUT.
    -a, --armor                 Encrypt to a PEM encoded format.
    -p, --passphrase            Encrypt with a passphrase.
    -r, --recipient RECIPIENT   Encrypt to the specified RECIPIENT. Can be repeated.
    -R, --recipients-file PATH  Encrypt to recipients listed at PATH. Can be repeated.
    -i, --identity PATH         Use the identity file at PATH. Can be repeated.

INPUT defaults to standard input, and OUTPUT defaults to standard output.
If OUTPUT exists, it will be overwritten.

RECIPIENT can be an age public key generated by age-keygen ("age1...")
or an SSH public key ("ssh-ed25519 AAAA...", "ssh-rsa AAAA...").

Recipient files contain one or more recipients, one per line. Empty lines
and lines starting with "#" are ignored as comments. "-" may be used to
read recipients from standard input.

Identity files contain one or more secret keys ("AGE-SECRET-KEY-1..."),
one per line, or an SSH key. Empty lines and lines starting with "#" are
ignored as comments. Passphrase encrypted age files can be used as
identity files. Multiple key files can be provided, and any unused ones
will be ignored. "-" may be used to read identities from standard input.

When --encrypt is specified explicitly, -i can also be used to encrypt to an
identity file symmetrically, instead or in addition to normal recipients.

Multiple recipients

Files can be encrypted to multiple recipients by repeating -r/--recipient. Every recipient will be able to decrypt the file.

$ age -o example.jpg.age -r age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p \
    -r age1lggyhqrw2nlhcxprm67z43rta597azn8gknawjehu9d9dl0jq3yqqvfafg example.jpg

Recipient files

Multiple recipients can also be listed one per line in one or more files passed with the -R/--recipients-file flag.

$ cat recipients.txt
# Alice
age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p
# Bob
age1lggyhqrw2nlhcxprm67z43rta597azn8gknawjehu9d9dl0jq3yqqvfafg
$ age -R recipients.txt example.jpg > example.jpg.age

If the argument to -R (or -i) is -, the file is read from standard input.

Passphrases

Files can be encrypted with a passphrase by using -p/--passphrase. By default age will automatically generate a secure passphrase. Passphrase protected files are automatically detected at decrypt time.

secrets.txt Enter passphrase: ">
$ age -p secrets.txt > secrets.txt.age
Enter passphrase (leave empty to autogenerate a secure one):
Using the autogenerated passphrase "release-response-step-brand-wrap-ankle-pair-unusual-sword-train".
$ age -d secrets.txt.age > secrets.txt
Enter passphrase:

Passphrase-protected key files

If an identity file passed to -i is a passphrase encrypted age file, it will be automatically decrypted.

secrets.txt.age $ age -d -i key.age secrets.txt.age > secrets.txt Enter passphrase for identity file "key.age": ">
$ age-keygen | age -p > key.age
Public key: age1yhm4gctwfmrpz87tdslm550wrx6m79y9f2hdzt0lndjnehwj0ukqrjpyx5
Enter passphrase (leave empty to autogenerate a secure one):
Using the autogenerated passphrase "hip-roast-boring-snake-mention-east-wasp-honey-input-actress".
$ age -r age1yhm4gctwfmrpz87tdslm550wrx6m79y9f2hdzt0lndjnehwj0ukqrjpyx5 secrets.txt > secrets.txt.age
$ age -d -i key.age secrets.txt.age > secrets.txt
Enter passphrase for identity file "key.age":

Passphrase-protected identity files are not necessary for most use cases, where access to the encrypted identity file implies access to the whole system. However, they can be useful if the identity file is stored remotely.

SSH keys

As a convenience feature, age also supports encrypting to ssh-rsa and ssh-ed25519 SSH public keys, and decrypting with the respective private key file. (ssh-agent is not supported.)

$ age -R ~/.ssh/id_ed25519.pub example.jpg > example.jpg.age
$ age -d -i ~/.ssh/id_ed25519 example.jpg.age > example.jpg

Note that SSH key support employs more complex cryptography, and embeds a public key tag in the encrypted file, making it possible to track files that are encrypted to a specific public key.

Encrypting to a GitHub user

Combining SSH key support and -R, you can easily encrypt a file to the SSH keys listed on a GitHub profile.

$ curl https://github.com/benjojo.keys | age -R - example.jpg > example.jpg.age

Keep in mind that people might not protect SSH keys long-term, since they are revokable when used only for authentication, and that SSH keys held on YubiKeys can't be used to decrypt files.

Installation

Homebrew (macOS or Linux) brew install age
MacPorts port install age
Ubuntu 21.04+ apt install age
Debian 11+ (Bullseye) apt install age
Arch Linux pacman -S age
Fedora 33+ dnf install age
OpenBSD 6.7+ pkg_add age (security/age)
FreeBSD pkg install age (security/age)
NixOS / Nix nix-env -i age
Gentoo Linux emerge app-crypt/age
Void Linux xbps-install age

On Windows, Linux, macOS, and FreeBSD you can use the pre-built binaries.

https://dl.filippo.io/age/latest?for=linux/amd64
https://dl.filippo.io/age/v1.0.0-rc.1?for=darwin/arm64
...

If your system has Go 1.13+, you can build from source.

git clone https://filippo.io/age && cd age
go build -o . filippo.io/age/cmd/...

Help from new packagers is very welcome.

Comments
  • Expose Go library functions (please review the API!)

    Expose Go library functions (please review the API!)

    What were you trying to do

    Use age encryption in a Go program by importing it.

    What happened

    Because age uses internal it prevents importing. I suspect this was on purpose, and that's okay, but just wanted to check if this was sought a possibility for this spec.

    Go API 
    opened by schollz 27
  • Don't decrypt unless it's a ramdisk

    Don't decrypt unless it's a ramdisk

    Currently age, just like gpg, supports decrypting to files. However, files are usually stored on permanent storage media. However, on contemporary file systems, deletion of a file does not lead to deletion of its contents in the block device. And even tools like shred don't help you with modern SSDs which have a complicated wear levelling layer between you and the hardware: shredding won't necessarily overwrite the data at all.

    The only way to use age safely is by using a ramdisk. Therefore, age should refuse operation if the location of the decrypted file is not on a ramdisk. If swap is available on the system, even tmpfs is a danger as it can be paged as well. Maybe if swap is detected, a warning could be emitted?

    opened by est31 20
  • Compare and contrast with encpipe

    Compare and contrast with encpipe

    Namaste,

    I am not a cryptographer. I am not a math expert.

    Would it be possible for the good volks here to compare and contrast age with encpipe (https://github.com/jedisct1/encpipe), especially for the encrypted backup use case? The signing of the backup will be handled by signify/minisign.

    I am trying to decide between age and encpipe. My limited understanding layman comparison tells me that encpipe is written in C, is ISC licenced, and seems simple in terms of complexity. On the other hand, age is written in go, is BSD licenced and seems medium in terms of complexity.

    As I said, I am not a cryptographer.

    Dhanyavaad.

    opened by Brahmasmi 14
  • UX: separate public/private key files

    UX: separate public/private key files

    What were you trying to do

    Sharing the public key.

    What happened

    I needed to open the file and copy-paste the public key characters in order to share the public key. Having a separate file for the public key would make it more easy for me to share using standard tools, avoids copy-pasting user errors and avoids shoulder surfing issues.

    opened by sebastianv89 14
  • Hardware tokens

    Hardware tokens

    Hi there,

    This isn't really a bug report.

    I was wondering if there's any plan to allow the use of hardware tokens (like yubikey) with age?

    I'm super-keen to ditch gpg, but I'd also like to be able to use my yubikeys!

    Thanks

    opened by vext01 10
  • Get recipient keys from https:// and file:// URLs

    Get recipient keys from https:// and file:// URLs

    This patch includes support for https:// and file:// URLs as recipient arguments. The URL is fetched and each line is added as a recipient.

    e.g.

    -r https://github.com/<user>.keys       (Use GitHub keys)
    -r file:///home/<user>/.ssh/<key>.pub   (Use local SSH key)
    

    This is mostly useful to allow recipient keys to be specified directly from a GitHub URL (or other service which provides an equivalent)

    opened by paulc 10
  • Is it safe to use age for long term storage?

    Is it safe to use age for long term storage?

    I see that age is still marked as beta in the releases page, but I'm wondering if it is stable enough for me to (symmetric) encrypt a file with it now, and come back to decrypt it after some years with a new version of age?

    p.s: thanks for making such a user friendly encryption tool.

    opened by jarjarfan666 9
  • Manual pages

    Manual pages

    Inspired by https://twitter.com/FiloSottile/status/1277084905428656129 I thought I'd quickly throw together a couple of man pages, based on the README. :-)

    opened by jamesog 9
  • Add --version and --help flags to executables

    Add --version and --help flags to executables

    Closes #74 , Closes #101 This patch adds flags for access to the usage message and the version tag/hash as requested in #74 and #57, respectively.

    age and age-keygen with the --help or -h flag will print their usage message and exit, and age will also print usage when no flags or arguments are passed. Per #22, I didn't add age help.
    age-keygen now has a usage message.

    ~~-v and~~ (Removed, see below) --version work for both age and age-keygen, and will print the most recent git info at time of compilation. There are two build scripts (bash and Powershell) that grab the most recent tag and current short hash, and uses -ldflags to pass them to main.version and main.commit (named for compatibility with goreleaser defaults). Current format is

    Version: [most recent tag]
    Hash: [shorthash] 
    

    and
    Version: [most recent tag] when on a tagged commit or the --release flag is passed to the script.
    I also updated the Homebrew formula for this, but it doesn't currently have an effect

    opened by RKinsey 9
  • UX: Encrypt private key by default

    UX: Encrypt private key by default

    What were you trying to do

    I was playing with the Age beta, generating keys

    What happened

    I think that in spite of solid UNIX file permissions, the default behaviour should be to encrypt private keys with a symmetric key derived from a password.

    Is there an intention to add this feature to Age? If not how best should users. secure plaintext private key material?

    Reading the document on Age I see:

    Maybe native support for key wrapping (to implement password-protected keys)

    However surely that's a fundamental need, otherwise private key material sits in plaintext.

    opened by johnalanwoods 9
  • umask in warning message is confusing

    umask in warning message is confusing

    https://github.com/FiloSottile/age/blob/e43cf8b4a2d571df8dcb30783a460acbf188adb4/cmd/age-keygen/keygen.go#L41-L42

    066 sets the file to writable by group and everyone but not the user. I think it's meant to be 0660.

    opened by str4d 9
Releases(v1.1.0-rc.1)
Owner
Filippo Valsorda
Cryptogopher. Go security lead. @recursecenter alum. RC F'13, F2'17.
Filippo Valsorda
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.6k Oct 3, 2022
Small utility to sign a small json containing basic kyc information. The key generated by it is fully compatible with cosmos based chains.

Testnet signer utility This utility generates a signed JSON-formatted ID to prove ownership of a key used to submit tx on the blockchain. This testnet

Archway Network 62 Sep 10, 2022
A tool for secrets management, encryption as a service, and privileged access management

Deploy HCP Vault & AWS Transit Gateways via Terraform https://medium.com/hashicorp-engineering/deploying-hcp-vault-using-the-hcp-terraform-provider-5e

Temur Yunusov 0 Nov 23, 2021
Sekura is an Encryption tool that's heavily inspired by the Rubberhose file system.

It allows for multiple, independent file systems on a single disk whose existence can only be verified if you posses the correct password.

null 51 Feb 1, 2022
Easy to use encryption library for Go

encryptedbox EncryptedBox is an easy to use module for Go that can encrypt or sign any type of data. It is especially useful when you must serialize y

Jesse Swidler 17 Jul 20, 2022
Lattigo: lattice-based multiparty homomorphic encryption library in Go

Lattigo: lattice-based multiparty homomorphic encryption library in Go Lattigo i

null 1 Aug 17, 2022
A simple, semantic and developer-friendly golang package for encoding&decoding and encryption&decryption

A simple, semantic and developer-friendly golang package for encoding&decoding and encryption&decryption

null 282 Sep 26, 2022
Go Encrypt! Is a simple command-line encryption and decryption application using AES-256 GCM.

Go Encrypt! Go Encrypt! is a command-line application used to easily encrypt and decrypt files with the AES-256 GCM encryption algorithm. Usage Usage

Peter Georgas 0 Jan 5, 2022
Split and distribute your private keys securely amongst untrusted network

cocert An experimental tool for splitting and distributing your private keys safely* cocert, generates ECDSA - P521 key and uses a technique known as

Furkan Türkal 188 Aug 29, 2022
Go implementation of a vanity attempt to generate Bitcoin private keys and subsequently checking whether the corresponding Bitcoin address has a non-zero balance.

vanity-BTC-miner Go implementation of a vanity attempt to generate Bitcoin private keys and subsequently checking whether the corresponding Bitcoin ad

Lih Ingabo 1 Jun 3, 2022
🌰 encrypt/decrypt using ssh keys

ssh-vault ?? encrypt/decrypt using ssh private keys Documentation https://ssh-vault.com Usage $ ssh-vault -h Example: $ echo "secret" | ssh-vault -u

ssh-vault 358 Sep 27, 2022
An easy-to-use XChaCha20-encryption wrapper for io.ReadWriteCloser (even lossy UDP) using ECDH key exchange algorithm, ED25519 signatures and Blake3+Poly1305 checksums/message-authentication for Go (golang). Also a multiplexer.

Quick start Prepare keys (on both sides): [ -f ~/.ssh/id_ed25519 ] && [ -f ~/.ssh/id_ed25519.pub ] || ssh-keygen -t ed25519 scp ~/.ssh/id_ed25519.pub

null 26 Sep 27, 2022
A super easy file encryption utility written in go and under 800kb

filecrypt A super easy to use file encryption utility written in golang ⚠ Help Wanted on porting filecrypt to other programing languages NOTE: if you

Flew Software 79 Aug 27, 2022
Encryption Abstraction Layer and Utilities for ratnet

What is Bencrypt? Bencrypt is an abstraction layer for cryptosystems in Go, that lets applications use hybrid cryptosystems without being coupled to t

null 17 Jul 23, 2022
The minilock file encryption system, ported to pure Golang. Includes CLI utilities.

Go-miniLock A pure-Go reimplementation of the miniLock asymmetric encryption system. by Cathal Garvey, Copyright Oct. 2015, proudly licensed under the

Cathal Garvey 172 Sep 21, 2022
DERO Homomorphic Encryption Blockchain Protocol

Homomorphic encryption is a form of encryption allowing one to perform calculations on encrypted data without decrypting it first. The result of the computation is in an encrypted form, when decrypted the output is the same as if the operations had been performed on the unencrypted data.

null 104 Sep 22, 2022
A document encryption solution for the reMarkable 2 ePaper tablet.

Remarkable 2 Encryption This repository contains multiple tools to encrypt the home folder of the reMarkable 2 epaper tablet using gocryptfs. Detailed

RedTeam Pentesting GmbH 30 Sep 24, 2022
Go implementation of the Data At Rest Encryption (DARE) format.

Secure IO Go implementation of the Data At Rest Encryption (DARE) format. Introduction It is a common problem to store data securely - especially on u

Object Storage for the Era of the Hybrid Cloud 303 Sep 18, 2022
Encryption & Decryption package for golang

encdec Encryption & Decryption package for golang func main() { startingTime := time.Now() privKey, pubKey := GenerateRsaKeyPair() fmt.Println("Priva

MD MOSTAIN BILLAH 3 Feb 11, 2022