Package Usage: go: filippo.io/age
Package age implements file encryption according to the age-encryption.org/v1
specification.
For most use cases, use the Encrypt and Decrypt functions with
X25519Recipient and X25519Identity. If passphrase encryption is required, use
ScryptRecipient and ScryptIdentity. For compatibility with existing SSH keys
use the filippo.io/age/agessh package.
age encrypted files are binary and not malleable. For encoding them as text,
use the filippo.io/age/armor package.
age does not have a global keyring. Instead, since age keys are small,
textual, and cheap, you are encouraged to generate dedicated keys for each
task and application.
Recipient public keys can be passed around as command line flags and in
config files, while secret keys should be stored in dedicated files, through
secret management systems, or as environment variables.
There is no default path for age keys. Instead, they should be stored at
application-specific paths. The CLI supports files where private keys are
listed one per line, ignoring empty lines and lines starting with "#". These
files can be parsed with ParseIdentities.
When integrating age into a new system, it's recommended that you only
support X25519 keys, and not SSH keys. The latter are supported for manual
encryption operations. If you need to tie into existing key management
infrastructure, you might want to consider implementing your own Recipient
and Identity.
Files encrypted with a stable version (not alpha, beta, or release candidate)
of age, or with any v1.0.0 beta or release candidate, will decrypt with any
later versions of the v1 API. This might change in v2, in which case v1 will
be maintained with security fixes for compatibility with older files.
If decrypting an older file poses a security risk, doing so might require an
explicit opt-in in the API.
15 versions
Latest release: over 2 years ago
536 dependent packages
View more package details: https://packages.ecosystem.code.gouv.fr/registries/proxy.golang.org/packages/filippo.io/age