Orca's rambling

age

Manpage: AGE(1)

age is a simple, modern and secure file encryption tool.

1. Encrypt with passphrase

$ age --encrypt --passphrase [--armor] [-o OUTPUT] [INPUT]

INPUT default to stdin if not specified. OUTPUT default to stdout if not specified. --armor encrypts to an ASCII-only “armored” encoding which can then be transferred via text-only channel. Decryption of ASCII armoring is transparently detected and handled. Passphrase will be asked interactively, age will offer to generate secure random passphrase for user.

2. Decrypt with password

$ age --decrypt [-o OUTPUT] [INPUT]

Passphrase will be asked interactively.

3. Generate age keypair

Generate an IDEITITY:

$ age-keygen [-o OUTPUT]

If -o is omitted, IDENTITY is written to stdout.

Example:

$ age-keygen -o key
Public key: age1y2n9rq6qdgvadshl3743ys77f2npaw86c30w6e96s5ax8kchx3rsjeaq20

Convert an IDENTITY to a RECIPIENT:

$ age-keygen -y [-o OUTPUT] [INPUT]

Example:

$ age-keygen -y key
age1y2n9rq6qdgvadshl3743ys77f2npaw86c30w6e96s5ax8kchx3rsjeaq20

IDENTITY is the private key, RECIPIENT is used to encrypt a file, so that its linked IDENTITY can be used to decrypt the encrypted file.

IDENTITY is a FILE, RECIPIENT is a string.

The one line that mattered in IDENTITY starts with AGE-SECRET-KEY-.

4. Encrypt with recipient

$ age --encrypt -r=RECIPIENT [--armor] [-o OUTPUT] [INPUT]

5. Decrypt with identity

$ age --decrypt -i IDENTITY [-o OUTPUT] [INPUT]