Age - João's Brain

# Age A simple, modern file encryption tool by Filippo Valsorda. Small explicit keys, no config options, UNIX-style composability. The antidote to GPG complexity. ## Installation ```bash brew install age # Go implementation brew install rage # Rust implementation (compatible) ``` ## Usage ### Encrypt/decrypt with age keys ```bash # Generate a key pair age-keygen -o key.txt # Public key: age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p # Encrypt age -r age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p -o secret.age secret.txt # Decrypt age -d -i key.txt secret.age > secret.txt ``` ### Encrypt with a passphrase ```bash age -p secret.txt > secret.age # Enter passphrase (leave empty to autogenerate a secure one) age -d secret.age > secret.txt ``` ### Multiple recipients ```bash age -r age1abc... -r age1def... -o secret.age secret.txt ``` Or use a recipients file: ```bash # recipients.txt — one key per line, # comments allowed age1abc... age1def... age -R recipients.txt secret.txt > secret.age ``` ### SSH keys age can encrypt to `ssh-ed25519` and `ssh-rsa` public keys: ```bash age -R ~/.ssh/id_ed25519.pub secret.txt > secret.age age -d -i ~/.ssh/id_ed25519 secret.age > secret.txt ``` Encrypt to someone's GitHub keys: ```bash curl https://github.com/username.keys | age -R - secret.txt > secret.age ``` ### SSH keys + 1Password CLI Encrypt using your SSH public key from the agent, decrypt by pulling the private key from 1Password at runtime: ```bash # Encrypt with SSH public key from agent rage -R <(ssh-add -L | grep "My SSH Key" | cut -d' ' -f1,2) \ -o secret.age secret.txt # Decrypt with private key from 1Password op read "op://Vault/Item/private key?ssh-format=openssh" \ | rage -d -i /dev/stdin -o secret.txt secret.age ``` ## Why age over GPG? - No key servers, no web of trust, no config files - Keys are short strings you can paste in a message - Encryption is always to explicit recipients (no "default key" footgun) - Composable with pipes and standard UNIX tools - Specification is simple enough to audit: [age-encryption.org/v1](https://age-encryption.org/v1) ## Ecosystem - [age](https://github.com/FiloSottile/age) — original Go implementation - [rage](https://github.com/str4d/rage) — Rust implementation (interoperable) - [typage](https://github.com/FiloSottile/typage) — TypeScript (works in browser, Node.js, Bun) - [age-plugin-yubikey](https://github.com/str4d/age-plugin-yubikey) — hardware token support - [awesome-age](https://github.com/FiloSottile/awesome-age) — more plugins, tools, and integrations