Using Age for Encryption

Age is a modern encryption tool designed to be simple, secure, and easy to use. It can encrypt and decrypt files with passwords or public-private key pairs, similar to `gpg` but with a simpler approach. Here’s how you can use `age` to encrypt and decrypt sensitive files. ### 1. **Install `age`** You can install `age` on various platforms, including Linux, macOS, and Windows. For **Linux** (via package manager like `yay` on Manjaro or Garuda): ```bash yay -S age ``` For **macOS** (via Homebrew): ```bash brew install age ``` For **Windows** (via Scoop): ```powershell scoop install age ``` Alternatively, you can download the binaries from the official GitHub repo: [age GitHub Releases](https://github.com/FiloSottile/age/releases). --- ### 2. **Encrypt a File** You can encrypt files either with a password or with public-private key pairs. Let's cover both methods. #### A. **Encrypt with a Password** If you want to encrypt with a password, use the following command: ```bash age -p -o secret.txt.age secret.txt ``` - `p`: Prompts for a password. - `o`: Specifies the output file name (`secret.txt.age` in this case). - `secret.txt`: The file you want to encrypt. This command encrypts `secret.txt` into `secret.txt.age`. You will be prompted for a password. #### B. **Encrypt with a Public Key** If you want to use a key pair, you need to generate the key pair first. **Step 1:** Generate a key pair: ```bash age-keygen -o key.txt ``` This generates a key pair and saves it to `key.txt`. The file will contain both the secret and public keys. The public key will look something like: ```bash # public key: age1mwlxg4nxqlg2jylt6y0jcpn6z0spyrlyezh8ngz94dmcp8ck6gw2jse6d2 ``` **Step 2:** Use the public key to encrypt the file: ```bash age -r age1mwlxg4nxqlg2jylt6y0jcpn6z0spyrlyezh8ngz94dmcp8ck6gw2jse6d2 -o secret.txt.age secret.txt ``` - `r`: Specifies the recipient's public key (replace with your actual public key). - `o`: Specifies the output encrypted file (`secret.txt.age`). - `secret.txt`: The file you want to encrypt. --- ### 3. **Decrypt a File** #### A. **Decrypt with a Password** If you used a password to encrypt the file, you can decrypt it with: ```bash age -d -o secret.txt secret.txt.age ``` - `d`: Decrypts the file. - `o`: Specifies the output decrypted file (`secret.txt`). - `secret.txt.age`: The encrypted file. You will be prompted to enter the password. #### B. **Decrypt with a Private Key** If you used a key pair, decrypt the file with the private key: ```bash age -d -i key.txt -o secret.txt secret.txt.age ``` - `d`: Decrypts the file. - `i`: Specifies the file that contains the private key (`key.txt`). - `o`: Specifies the output decrypted file (`secret.txt`). - `secret.txt.age`: The encrypted file. --- ### 4. **Key Management Best Practices** - Keep your private key (`key.txt`) secure. Use proper permissions to restrict access: ```bash chmod 600 key.txt ``` - Back up your private key in a secure location. - Distribute your public key to anyone you want to send encrypted files to. --- By following these steps, you can securely encrypt and decrypt sensitive files using `age`, whether you're using password-based or key-based encryption.