GitHub - FiloSottile/age: A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
github.com
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability. - GitHub - FiloSottile/age: A simple, modern and secure encry...

There is this tool called age written in go and a fully compatible Rust implementation called rage. They promise to be a simple tool for encrypting files and other things.

It only does encryption, using public key cryptography (Curve 25519 or SSH keys) or password based symmetric encryption. (Please excuse me glossing over some details here)

It only encrypts things, no signatures beyond AEAD involved. It aims to be minimalistic and do just one thing reasonably well instead of being a mediocre multi tool. It doesn’t aim to be a full replacement for things like OpenPGP.

AFAICT there hasn’t been a proper security audit yet. There seem to be some issues with the design as pointed out here which don’t look like critical flaws to me, but then again I’m not a cryptography expert.

Some of the questions I want to throw into the discussions are:

  • Is it any good?
  • In which situation would you use it?
  • What are some alternatives that do it differently or maybe even better and why is that?

Bonus question: Is there a similar tool that uses an audited library like libsodium, and if not, would it be worth developing one?