A pure Zig implementation of the age file encryption
standard. The specification can be
found at age-encryption.org/v1.
age was designed by @Benjojo and
@FiloSottile.
Like
age
and GIF, zage is pronounced with a hard g sound:
/zɑːgeɪ/ or
ZAH-ghay.
zage is always spelled entirely lowercase.
Caution
zage is currently alpha software and not considered ready for production use
Generate a keypair:
$ zage-keygen -o key.txt
Public key: age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8pEncrypt a file:
$ tar cvz ~/data | zage -r age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p > data.tar.gz.ageDecrypt a file:
$ zage --decrypt -i key.txt data.tar.gz.age > data.tar.gzDownload Zig and run the following commands:
$ git clone [email protected]:eligrubb/zage.git
$ cd zage
$ zig build$ zage --help
Usage:
zage [--encrypt] (-r RECIPIENT | -R PATH)... [-i IDENTITY | -j PLUGIN] [--armor] [-o OUTPUT] [INPUT]
zage [--encrypt] --passphrase [--armor] [-o OUTPUT] [INPUT]
zage --decrypt [-i IDENTITY | -j PLUGIN] [-o OUTPUT] [INPUT]
Arguments:
[INPUT] Path of input file to read from (Default=stdin).
Options:
-o, --output OUTPUT Path of output file to write to (Default=stdout).
-v, --version Print the version information and exit.
-h, --help Print this help message and exit.
Encryption options:
-e, --encrypt Encrypt the input to the output (DEFAULT).
-r, --recipient RECIPIENT Encrypt to the specified RECIPIENT. Can be repeated.
-R, --recipients-file PATH Encrypt to the recipients listed at PATH. Can be repeated.
-p, --passphrase Encrypt with a passphrase.
-a, --armor Encrypt to a PEM encoded format.
-i, --identity IDENTITY Path to file of identities, encrypts the input using
the corresponding recipients. Can be repeated.
-j PLUGIN Use age-plugin-PLUGIN as an identity
Decryption options:
-d, --decrypt Decrypt the input to the output.
-i, --identity IDENTITY Path to file of identities, used to decrypt. Can be repeated.
-j PLUGIN Use age-plugin-PLUGIN as an identity
If OUTPUT exists, it will be overwritten.
RECIPIENT can be:
- An age public key, generated by zage-keygen ("age1...")
- An SSH public key ("ssh-ed25519 AAAA...", "ssh-rsa AAAA...")
PATH is a path to a file containing age recipients, one per line
(ignoring "#" prefixed comments and empty lines). "-" may be used to
read recipients from standard input.
IDENTITY is a path to a file with age identities, one per line
(ignoring "#" prefixed comments and empty lines), or to an SSH key file.
Passphrase-encrypted age identity files can be used as identity files.
Multiple identities may be provided, and any unused ones will be ignored.
"-" may be used to read identities from standard input.$ zage-keygen --help
Usage:
zage-keygen [-o OUTPUT]
zage-keygen -y [-o OUTPUT] [INPUT]
Arguments:
[INPUT] Path of file containing one or more identities (Default=stdin).
Options:
-o, --output OUTPUT Write the result to the file at path OUTPUT (Default=stdout).
-y Read input identity file and write corresponding recipients to output.
-v, --version Print the version information and exit.
-h, --help Print this help message and exit.
If OUTPUT exists, it will be overwritten.$ zig fetch --save ...- age: the original Go implementation
- rage: Rust reference implementation
- typage: official TypeScrypt implementation
- awesome-age: a curated list of age resources, including plugins, tools, integrations, and libraries.
This project is licensed under the MIT license. See the LICENSE file for details.
The Go implementation of age is licensed under the BSD 3-Clause License. The Rust implementation of age is licensed under either Apache License 2.0 or MIT License at your option. The TypeScript implementation of age is licensed under the BSD 3-Clause License