Skip to content
Technology
Security
Using Age for Encryption

Using Age for Encryption

Age is a modern encryption tool designed to be simple, secure, and easy to use. It can encrypt and decrypt files with passwords or public-private key pairs, similar to gpg but with a simpler approach. Here’s how you can use age to encrypt and decrypt sensitive files.

1. Install age

You can install age on various platforms, including Linux, macOS, and Windows.

For Linux (via package manager like yay on Manjaro or Garuda):

yay -S age

For macOS (via Homebrew):

brew install age

For Windows (via Scoop):

scoop install age

Alternatively, you can download the binaries from the official GitHub repo: age GitHub Releases.

2. Encrypt a File

You can encrypt files either with a password or with public-private key pairs. Let’s cover both methods.

A. Encrypt with a Password

If you want to encrypt with a password, use the following command:

age -p -o secret.txt.age secret.txt
  • p: Prompts for a password.
  • o: Specifies the output file name (secret.txt.age in this case).
  • secret.txt: The file you want to encrypt.

This command encrypts secret.txt into secret.txt.age. You will be prompted for a password.

B. Encrypt with a Public Key

If you want to use a key pair, you need to generate the key pair first.

Step 1: Generate a key pair:

age-keygen -o key.txt

This generates a key pair and saves it to key.txt. The file will contain both the secret and public keys. The public key will look something like:

# public key: age1mwlxg4nxqlg2jylt6y0jcpn6z0spyrlyezh8ngz94dmcp8ck6gw2jse6d2

Step 2: Use the public key to encrypt the file:

age -r age1mwlxg4nxqlg2jylt6y0jcpn6z0spyrlyezh8ngz94dmcp8ck6gw2jse6d2 -o secret.txt.age secret.txt
  • r: Specifies the recipient’s public key (replace with your actual public key).
  • o: Specifies the output encrypted file (secret.txt.age).
  • secret.txt: The file you want to encrypt.

3. Decrypt a File

A. Decrypt with a Password

If you used a password to encrypt the file, you can decrypt it with:

age -d -o secret.txt secret.txt.age
  • d: Decrypts the file.
  • o: Specifies the output decrypted file (secret.txt).
  • secret.txt.age: The encrypted file.

You will be prompted to enter the password.

B. Decrypt with a Private Key

If you used a key pair, decrypt the file with the private key:

age -d -i key.txt -o secret.txt secret.txt.age
  • d: Decrypts the file.
  • i: Specifies the file that contains the private key (key.txt).
  • o: Specifies the output decrypted file (secret.txt).
  • secret.txt.age: The encrypted file.

4. Key Management Best Practices

  • Keep your private key (key.txt) secure. Use proper permissions to restrict access:

    chmod 600 key.txt

  • Back up your private key in a secure location.

  • Distribute your public key to anyone you want to send encrypted files to.

By following these steps, you can securely encrypt and decrypt sensitive files using age, whether you’re using password-based or key-based encryption.

Port Knocking