• 1 Post
Joined 1Y ago
Cake day: Jan 15, 2022

There is this tool called [age](https://github.com/FiloSottile/age) written in go and a fully compatible Rust implementation called [rage](https://github.com/str4d/rage). They promise to be a simple tool for encrypting files and other things. It only does encryption, using public key cryptography (Curve 25519 or SSH keys) or password based symmetric encryption. *(Please excuse me glossing over some details here)* It only encrypts things, no signatures beyond [AEAD](https://en.wikipedia.org/wiki/Authenticated_encryption) involved. It aims to be minimalistic and do just one thing reasonably well instead of being a mediocre multi tool. It doesn't aim to be a full replacement for things like OpenPGP. AFAICT there hasn't been a proper security audit yet. There seem to be some issues with the design as pointed out [here](https://neilmadden.blog/2019/12/30/a-few-comments-on-age/) which don't look like critical flaws to me, but then again I'm not a cryptography expert. Some of the questions I want to throw into the discussions are: * Is it any good? * In which situation would you use it? * What are some alternatives that do it differently or maybe even better and why is that? Bonus question: Is there a similar tool that uses an audited library like libsodium, and if not, would it be worth developing one?