Our great sponsors
-
age
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
mkcert
A simple zero-config tool to make locally trusted development certificates with any names you'd like.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Hardware? I assume if someone was concerned about key access they wouldn't want keys on their filesystem at all but move them into an HSM instead. Since age identities can come from standard input I assume it'd be feasible to put together a workflow there coming from one of the various cli utilities for interacting with keys. There is already a YubiKey specific age plugin [0] getting worked on as well. Currently in beta but looks interesting. Hopefully that will continue to expand to cover other common options. HSM support is pretty important for a modern encryption utility IMO but unfortunately the landscape is pretty all over the place too, so makes sense to just leave it to plugins or as part of a unix flow.
----
0: https://github.com/str4d/age-plugin-yubikey
It's minisign.
I see a libsodium dependency in the sources, anything else?
Don't the binaries at https://github.com/jedisct1/minisign/releases work for you?
This is the same author than mkcert, a great tool that for me is the one stop to make custom certificates for development. It already embeds all knowledge about how modern web browser expect a cert to be in order to work with it, so I don't have to track all the latest whims of each one. Thank you a lot for it!!
https://github.com/FiloSottile/mkcert
gopass already has support for an age backend: https://github.com/gopasspw/gopass/blob/master/docs/backends...
ChaCha20-Poly1305, great. Thank you, I was looking for the algorithm. Just found a similar tool in C++/libsodium yesterday called hpenc[1] that uses AES-GCM or ChaCha20 to encrypt files and streams. But this is even better as it's drop in, I don't have to worry about dependencies and it does much more.
https://github.com/vstakhov/hpenc
> age: error: failed to parse recipient file "person.pub": "person.pub": malformed recipient at line 1
I'm confused as to how you reached this error message; "age -d" doesn't support recipient files / -R, only identity files (which is what age-keygen produces). It would be helptul to open an issue showing how to reproduce; either there's a bug, or documentation could be improved.
> o Not available as a brew install
While age was in beta, it provided a brew tap. But now that 1.0.0 has been released, it has just (3 hours ago!) been added to homebrew-core: https://github.com/Homebrew/homebrew-core/pull/84805