Age: Simple, Modern, and Secure File Encryption Tool
- Github: github.com/FiloSottile/age
- Documentation for age: filippo.io/age/age.1
- Documentation for age-keygen: filippo.io/age/age-keygen.1
Age (Actually Good Encryption) was designed by @Benjojo12 and @FiloSottile as a replacement to file encryption tools like GPG using modern algorithm.
If you have used PGP (Pretty Good Privacy) or GPG (Gnu Privacy Guard) before then you would have noticed that these tools have a few drawbacks such as
- long public key
- complicated usage - GPG not only does file encryption, but signing services, key management etc
- potential security vulnerabilities due to its age - eg lack of forward secrecy
Age solves most of these drawbacks of GPG and I recommend using age over PGP/GPG for file encryption if possible. It features small explicit keys, no config options, and UNIX-style composability.
How is “age” pronounced?
The authors pronounces it “aɡe̞”, like the Italian “aghe”.
ageis made up of 2 components -
age-keygenwhich is responsible for public private keys generation and
ageitself which is the main tool for encrypting & decrypting files.
agesupports different forms of encryption:
- passphrase protection (interactive) - use passphrase to encrypt and decrypt files.
- asymmetric encryption (aka public-key cryptography) - specify one or more recipients’ public key during encryption. Every recipient will be able to decrypt the file using their individual private key.
- By combining the features above, a user also have the option to use a passphrase encrypted key for encryption & decryption.
- Another convenient feature age also supports is encrypting to
ssh-rsapublic keys. This provides users the flexibility and compatibility to work with websites such as Github which don’t support
agenative keys at the moment.
- For example, anyone could encrypt file using my ssh public key at https://github.com/yaeba.keys and trust that only I will be able to decrypt it using the private key.
Most universal way to install
age is to download the latest binary/executable from Github releases and move to somewhere on your PATH.
For me I used the following commands
▶ curl -Ls https://github.com/FiloSottile/age/releases/download/v1.0.0/age-v1.0.0-linux-arm.tar.gz | tar zxf - -C /tmp ▶ sudo mv /tmp/age/age* /usr/local/bin ▶ age --version v1.0.0 ▶ age-keygen --version v1.0.0
- Generate an
ageidentity file (public-private key pair)
▶ age-keygen -o key.txt Public key: age108h70qwx39k5h5x6l9hg566nwm5652lzvamre8vep2e3plsn44uqgy8gla
- You can also generate a passphrase-protected identity file
▶ age-keygen | age -p > key.age Public key: age1yhm4gctwfmrpz87tdslm550wrx6m79y9f2hdzt0lndjnehwj0ukqrjpyx5 Enter passphrase (leave empty to autogenerate a secure one):
- To encrypt a file using
▶ age -e \ -r age108h70qwx39k5h5x6l9hg566nwm5652lzvamre8vep2e3plsn44uqgy8gla \ file.jpg > file.jpg.age
Note that you can repeat
-r <public-key>to add multiple recipients who can decrypt the file.
Alternatively, to encrypt a file using passphrase
▶ age -e -p file.jpg > file.jpg.age Enter passphrase (leave empty to autogenerate a secure one):
- To decrypt a file using
▶ age -d -i key.txt file.jpg.age > file.jpg
Passphrase protected identity files are automatically detected at decrypt time, and user will be automatically prompted for passphrase.
Similarly, to decrypt a file using passphrase, simply input the passphrase when prompted
▶ age -d file.jpg.age > file.jpg Enter passphrase:
Leave a comment