GitHub - FiloSottile/age: A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
github.comThere is this tool called age written in go and a fully compatible Rust implementation called rage. They promise to be a simple tool for encrypting files and other things.
It only does encryption, using public key cryptography (Curve 25519 or SSH keys) or password based symmetric encryption. (Please excuse me glossing over some details here)
It only encrypts things, no signatures beyond AEAD involved. It aims to be minimalistic and do just one thing reasonably well instead of being a mediocre multi tool. It doesn’t aim to be a full replacement for things like OpenPGP.
AFAICT there hasn’t been a proper security audit yet. There seem to be some issues with the design as pointed out here which don’t look like critical flaws to me, but then again I’m not a cryptography expert.
Some of the questions I want to throw into the discussions are:
- Is it any good?
- In which situation would you use it?
- What are some alternatives that do it differently or maybe even better and why is that?
Bonus question: Is there a similar tool that uses an audited library like libsodium, and if not, would it be worth developing one?
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 14 users / day
- 18 users / week
- 24 users / month
- 15 users / 6 months
- 20 subscribers
- 619 Posts
- 1.56K Comments
- Modlog
Can you explain how you intend to use minisign as a replacement for age, please ? 😂
If you have nothing useful to add here you should not answer.
Age has some plugin capabilities, there are plugins for like e.g. Yubikey, so you can also create plugins for file verification. Age is pretty modular in this regard.
Still bossing people around, I see. “You should not answer” “Your post belongs elsewhere”. You never change :) Your intimidation attempts are ineffective on me. You should move on.
Age plugins are not Age. Minisign is an excellent tool. It is not a replacement for Age.
Still trying to undermine peoples opinions by cherry picking things to add nothing useful for the discussion trying to discredit me based on things you do not understand.
You can code plugins surround age and you can utilize them, apparently you do not understand it. You can check signatures with age too, just saying.
Can you provide a link to that “age signature plugin”, please?
Yeah, that’s what I thought. Thank you for playing 🙂