rage
C2SP
| rage | C2SP | |
|---|---|---|
| 36 | 15 | |
| 2,326 | 227 | |
| - | 4.4% | |
| 9.0 | 7.4 | |
| 23 days ago | 27 days ago | |
| Rust | Python | |
| Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
rage
- Do any libraries exist for zero-trust file storage (storing client-encrypted data on the server without the key)?
-
JSON compression in the browser, with gzip and the Compression Streams API.
I have already built this into a small feature in my app, but I do plan to integrate it deeper and bake it into the core functionality soon. Which should be another interesting problem to solve as the app has integrated client-side encryption using Age (rage (rage-wasm)). But that's for another day...
-
Age: Modern file encryption format with multiple pluggable recipients
_o/ hi all, age author here!
The OP link is the spec, here's a few other things you might find interesting
- the Go reference implementation https://age-encryption.org
- the Go library docs https://pkg.go.dev/filippo.io/age
- the CLI man page https://filippo.io/age/age.1
- an interoperable Rust implementation by @str4d https://github.com/str4d/rage
- a YubiKey plugin by @str4d https://github.com/str4d/age-plugin-yubikey
- the draft plugin protocol specification (which we should really merge) https://github.com/C2SP/C2SP/pull/5/files?short_path=07bf8cc...
- a Windows GUI by @spieglt https://github.com/spieglt/winage
- a discussion of the authentication properties of age https://words.filippo.io/dispatches/age-authentication/
- a discussion of a potential post-quantum plugin https://words.filippo.io/dispatches/post-quantum-age/
- a password-store fork that uses age instead of gpg https://github.com/FiloSottile/passage (see also: how I use it with a YubiKey https://words.filippo.io/dispatches/passage/)
- rage: A simple, secure and modern encryption tool (and Rust library) with small explicit keys, no config options, and UNIX-style composability.
-
age.el: age encryption support for Emacs
I just added rage (https://github.com/str4d/rage) support, which does support pinentry, see https://github.com/anticomputer/age.el#known-issues for an example of how to use rage instead.
- Axcrypt -- or is there something better Reddit would recommend?
-
The PGP Problem (2019)
Really appreciate this article. It's a little snarky but it hits the mark and encourages people to try Age, which is a pretty awesome little tool.
https://age-encryption.org/v1
-
Ask HN: What does everyone use for encrypting their personal stuff?
I'm not convinced that whole-disk encryption is sensible for most threat models, but I use the built-in FileVault on macOS (under the reasoning that, at the very least, it can't really hurt).
On Linux, I use age[1] (specifically, rage[2]) to encrypt sensitive files. I wrote a secret manager that uses the latter as an encryption backend[3], and I use `rage-mount` to mount (read-only) views of encrypted archives.
[1]: https://github.com/FiloSottile/age
[2]: https://github.com/str4d/rage
[3]: https://github.com/woodruffw/kbs2
- Age – a simple, modern and secure file encryption tool, format, and Go library
- Tiny backup/encryption tool for CLI usage.
C2SP
- Sunlight, a Certificate Transparency log implementation
-
Do any libraries exist for zero-trust file storage (storing client-encrypted data on the server without the key)?
Age is a modern, respected crypto solution: https://github.com/C2SP/C2SP/blob/main/age.md
-
argon2 vs bcrypt vs scrypt vs pbkdf2
Argon2 is the best choice, but scrypt may be more easily available: https://github.com/C2SP/C2SP/issues/10
-
Age: Modern file encryption format with multiple pluggable recipients
Hi! I read and appreciated your issues and discussions, sorry I didn't get to respond to them yet, but I've been thinking about it.
Although I don't disagree that parsing text is hard, I also think that parsing variable-size binary formats is hard (and there is a tall, tall pile of bugs to confirm that). Really, parsing is hard. Rather than count on one design or the other to be bug-proof, I worked on a large test suite to help implementations catch their parsing bugs. [https://c2sp.org/CCTV/age] I think it would have found one of the issues you reported if that implementation had integrated it, and I am going to add vectors for various resource exhaustion scenarios which I hope would have found the other. (I am not going to look at what it is exactly, so I will know if I made the suite comprehensive enough without being too specific about this bug.)
I also liked your observation that it would have been nice if the header was streamable. [https://github.com/C2SP/C2SP/issues/28] It went on the pile labeled "regrets / for v2 when it comes", thank you.
-
age.el: age encryption support for Emacs
I think it's ironic that you imply a "dozen of immature crypto libraries" are used in the Age spec. It's quite the opposite and the Age spec provides a reduction in so-called "yolo crypto" versus the OpenPGP spec. See: https://github.com/C2SP/C2SP/blob/main/age.md and also give https://latacora.micro.blog/2019/07/16/the-pgp-problem.html# for a pretty accurate overview of what's wrong with OpenPGP.
-
Pa – a simple password manager based on age
… okay, then look at the spec, which is beautifully simple: https://github.com/C2SP/C2SP/blob/main/age.md#the-scrypt-rec...
- The recent security issues with LastPass made me wonder - couldn't I just use an encrypted notepad app on my phone to achieve the same level of security?
-
Age WASM - age encryption tool in the browser
I had the same question. I believe it refers to “Actually Good Encryption” (https://github.com/C2SP/C2SP/blob/main/age.md).
What are some alternatives?
age - A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
sops - Simple and flexible tool for managing secrets
PasswordPusher - 🔐 An application to securely communicate passwords over the web. Passwords automatically expire after a certain number of views and/or time has passed. Track who, what and when.
age.el - Transparent age encryption support for Emacs modeled after EPG/EPA
age-plugin-yubikey - YubiKey plugin for age
croc - Easily and securely send things from one computer to another :crocodile: :package:
pa - a simple password manager. encryption via age, written in portable posix shell
tarssh - A simple SSH tarpit inspired by endlessh
passage - A fork of password-store (https://www.passwordstore.org) that uses age (https://age-encryption.org) as backend.
wormhole-gui - Cross-platform application for easy encrypted file, folder, and text sharing between devices. [Moved to: https://github.com/Jacalz/rymdport]