rage VS age

I have already built this into a small feature in my app, but I do plan to integrate it deeper and bake it into the core functionality soon. Which should be another interesting problem to solve as the app has integrated client-side encryption using Age (rage (rage-wasm)). But that's for another day...

_o/ hi all, age author here!

The OP link is the spec, here's a few other things you might find interesting

- the Go reference implementation https://age-encryption.org

- the Go library docs https://pkg.go.dev/filippo.io/age

- the CLI man page https://filippo.io/age/age.1

- an interoperable Rust implementation by @str4d https://github.com/str4d/rage

- a YubiKey plugin by @str4d https://github.com/str4d/age-plugin-yubikey

- the draft plugin protocol specification (which we should really merge) https://github.com/C2SP/C2SP/pull/5/files?short_path=07bf8cc...

- a Windows GUI by @spieglt https://github.com/spieglt/winage

- a discussion of the authentication properties of age https://words.filippo.io/dispatches/age-authentication/

- a discussion of a potential post-quantum plugin https://words.filippo.io/dispatches/post-quantum-age/

- a password-store fork that uses age instead of gpg https://github.com/FiloSottile/passage (see also: how I use it with a YubiKey https://words.filippo.io/dispatches/passage/)

I just added rage (https://github.com/str4d/rage) support, which does support pinentry, see https://github.com/anticomputer/age.el#known-issues for an example of how to use rage instead.

Really appreciate this article. It's a little snarky but it hits the mark and encourages people to try Age, which is a pretty awesome little tool.

https://age-encryption.org/v1

I'm not convinced that whole-disk encryption is sensible for most threat models, but I use the built-in FileVault on macOS (under the reasoning that, at the very least, it can't really hurt).

On Linux, I use age[1] (specifically, rage[2]) to encrypt sensitive files. I wrote a secret manager that uses the latter as an encryption backend[3], and I use `rage-mount` to mount (read-only) views of encrypted archives.

[1]: https://github.com/FiloSottile/age

[2]: https://github.com/str4d/rage

[3]: https://github.com/woodruffw/kbs2

and echoing the result after converting to an age private key

I like that https://github.com/FiloSottile/age has small public keys.

> something fresh

It exists, it's called age..

Some random links

https://github.com/FiloSottile/age

https://www.reddit.com/r/crypto/comments/hr64hr/state_of_age...

https://github.com/FiloSottile/age/discussions/432

> (Acquiring keys, rotating keys, identifying compromised keys, and most importantly either reaches a large enough percentage of emails..

Oh nevermind, age doesn't do any of that. Indeed, it doesn't even do email https://github.com/FiloSottile/age/issues/93

Encrypted secrets thanks to SOPS and Age

I never heard of "Age" before this post. Thank you to share. If others are interested to learn more, here are two other interesting posts about Age:

https://github.com/FiloSottile/age/discussions/432

https://words.filippo.io/dispatches/age-authentication/

of all things I was able to resolve the issue via this github issue: https://github.com/FiloSottile/age/issues/370#issuecomment-1...

Why keep something secret on a public repo? Is that not an oxymoron?

Also, I’m terms of encryption something like age[0] makes it much easier to not shoot yourself in the foot.

[0] https://github.com/FiloSottile/age

Why RSA specifically? For backups, I recommend Tarsnap. But if you really don't want to pay for encrypted cloud hosting, then check out age encryption.

I wouldn't use OpenSSL personally. If you just need simple but secure symmetric encryption, checkout the scrypt(1) encryption utility from Tarsnap. If you need support for public keys, check out age(1).