{"id":13398426,"url":"https://github.com/FiloSottile/age","last_synced_at":"2025-03-14T02:31:20.000Z","repository":{"id":37403852,"uuid":"187403699","full_name":"FiloSottile/age","owner":"FiloSottile","description":"A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.","archived":false,"fork":false,"pushed_at":"2024-04-20T23:08:49.000Z","size":1520,"stargazers_count":15441,"open_issues_count":37,"forks_count":467,"subscribers_count":148,"default_branch":"main","last_synced_at":"2024-05-20T03:18:53.663Z","etag":null,"topics":["age-encryption","built-at-rc"],"latest_commit_sha":null,"homepage":"https://age-encryption.org","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/FiloSottile.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null},"funding":{"custom":"https://github.com/FiloSottile/FiloSottile/blob/main/maintenance.md#funding"}},"created_at":"2019-05-18T20:44:54.000Z","updated_at":"2024-06-16T10:24:30.111Z","dependencies_parsed_at":"2023-02-09T03:15:27.754Z","dependency_job_id":"be3f6b2b-e9d5-480c-84ba-7805ad6d78e4","html_url":"https://github.com/FiloSottile/age","commit_stats":{"total_commits":279,"total_committers":55,"mean_commits":5.072727272727272,"dds":"0.30824372759856633","last_synced_commit":"9f0a2d25ac79da8100d68f3e8b3a1a57ea4a73ba"},"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FiloSottile%2Fage","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FiloSottile%2Fage/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FiloSottile%2Fage/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FiloSottile%2Fage/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/FiloSottile","download_url":"https://codeload.github.com/FiloSottile/age/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243511660,"owners_count":20302595,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["age-encryption","built-at-rc"],"created_at":"2024-07-30T19:00:25.576Z","updated_at":"2025-03-14T02:31:19.986Z","avatar_url":"https://github.com/FiloSottile.png","language":"Go","readme":"\u003cp align=\"center\"\u003e\n    \u003cpicture\u003e\n        \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://github.com/FiloSottile/age/blob/main/logo/logo_white.svg\"\u003e\n        \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://github.com/FiloSottile/age/blob/main/logo/logo.svg\"\u003e\n        \u003cimg alt=\"The age logo, a wireframe of St. Peters dome in Rome, with the text: age, file encryption\" width=\"600\" src=\"https://github.com/FiloSottile/age/blob/main/logo/logo.svg\"\u003e\n    \u003c/picture\u003e\n\u003c/p\u003e\n\n[![Go Reference](https://pkg.go.dev/badge/filippo.io/age.svg)](https://pkg.go.dev/filippo.io/age)\n[![man page](\u003chttps://img.shields.io/badge/age(1)-man%20page-lightgrey\u003e)](https://filippo.io/age/age.1)\n[![C2SP specification](https://img.shields.io/badge/%C2%A7%23-specification-blueviolet)](https://age-encryption.org/v1)\n\nage is a simple, modern and secure file encryption tool, format, and Go library.\n\nIt features small explicit keys, no config options, and UNIX-style composability.\n\n```\n$ age-keygen -o key.txt\nPublic key: age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p\n$ tar cvz ~/data | age -r age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p \u003e data.tar.gz.age\n$ age --decrypt -i key.txt data.tar.gz.age \u003e data.tar.gz\n```\n\n📜 The format specification is at [age-encryption.org/v1](https://age-encryption.org/v1). age was designed by [@Benjojo12](https://twitter.com/Benjojo12) and [@FiloSottile](https://twitter.com/FiloSottile).\n\n🦀 An alternative interoperable Rust implementation is available at [github.com/str4d/rage](https://github.com/str4d/rage).\n\n🌍 [Typage](https://github.com/FiloSottile/typage) is a TypeScript implementation. It works in the browser, in Node.js, and in Bun.\n\n🔑 Hardware PIV tokens such as YubiKeys are supported through the [age-plugin-yubikey](https://github.com/str4d/age-plugin-yubikey) plugin.\n\n✨ For more plugins, implementations, tools, and integrations, check out the [awesome age](https://github.com/FiloSottile/awesome-age) list.\n\n💬 The author pronounces it `[aɡe̞]` [with a hard *g*](https://translate.google.com/?sl=it\u0026text=aghe), like GIF, and is always spelled lowercase.\n\n## Installation\n\n\u003ctable\u003e\n    \u003ctr\u003e\n        \u003ctd\u003eHomebrew (macOS or Linux)\u003c/td\u003e\n        \u003ctd\u003e\n            \u003ccode\u003ebrew install age\u003c/code\u003e\n        \u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003eMacPorts\u003c/td\u003e\n        \u003ctd\u003e\n            \u003ccode\u003eport install age\u003c/code\u003e\n        \u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003eAlpine Linux v3.15+\u003c/td\u003e\n        \u003ctd\u003e\n            \u003ccode\u003eapk add age\u003c/code\u003e\n        \u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003eArch Linux\u003c/td\u003e\n        \u003ctd\u003e\n            \u003ccode\u003epacman -S age\u003c/code\u003e\n        \u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003eDebian 12+ (Bookworm)\u003c/td\u003e\n        \u003ctd\u003e\n            \u003ccode\u003eapt install age\u003c/code\u003e\n        \u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003eDebian 11 (Bullseye)\u003c/td\u003e\n        \u003ctd\u003e\n            \u003ccode\u003eapt install age/bullseye-backports\u003c/code\u003e\n            (\u003ca href=\"https://backports.debian.org/Instructions/#index2h2\"\u003eenable backports\u003c/a\u003e for age v1.0.0+)\n        \u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003eFedora 33+\u003c/td\u003e\n        \u003ctd\u003e\n            \u003ccode\u003ednf install age\u003c/code\u003e\n        \u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003eGentoo Linux\u003c/td\u003e\n        \u003ctd\u003e\n            \u003ccode\u003eemerge app-crypt/age\u003c/code\u003e\n        \u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003eNixOS / Nix\u003c/td\u003e\n        \u003ctd\u003e\n            \u003ccode\u003enix-env -i age\u003c/code\u003e\n        \u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003eopenSUSE Tumbleweed\u003c/td\u003e\n        \u003ctd\u003e\n            \u003ccode\u003ezypper install age\u003c/code\u003e\n        \u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003eUbuntu 22.04+\u003c/td\u003e\n        \u003ctd\u003e\n            \u003ccode\u003eapt install age\u003c/code\u003e\n        \u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003eVoid Linux\u003c/td\u003e\n        \u003ctd\u003e\n            \u003ccode\u003exbps-install age\u003c/code\u003e\n        \u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003eFreeBSD\u003c/td\u003e\n        \u003ctd\u003e\n            \u003ccode\u003epkg install age\u003c/code\u003e (security/age)\n        \u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003eOpenBSD 6.7+\u003c/td\u003e\n        \u003ctd\u003e\n            \u003ccode\u003epkg_add age\u003c/code\u003e (security/age)\n        \u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003eChocolatey (Windows)\u003c/td\u003e\n        \u003ctd\u003e\n            \u003ccode\u003echoco install age.portable\u003c/code\u003e\n        \u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003eScoop (Windows)\u003c/td\u003e\n        \u003ctd\u003e\n            \u003ccode\u003escoop bucket add extras \u0026\u0026 scoop install age\u003c/code\u003e\n        \u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003epkgx\u003c/td\u003e\n        \u003ctd\u003e\n            \u003ccode\u003epkgx install age\u003c/code\u003e\n        \u003c/td\u003e\n    \u003c/tr\u003e\n\u003c/table\u003e\n\nOn Windows, Linux, macOS, and FreeBSD you can use the pre-built binaries.\n\n```\nhttps://dl.filippo.io/age/latest?for=linux/amd64\nhttps://dl.filippo.io/age/v1.1.1?for=darwin/arm64\n...\n```\n\nIf your system has [a supported version of Go](https://go.dev/dl/), you can build from source.\n\n```\ngo install filippo.io/age/cmd/...@latest\n```\n\nHelp from new packagers is very welcome.\n\n### Verifying the release signatures\n\nIf you download the pre-built binaries, you can check their\n[Sigsum](https://www.sigsum.org) proofs, which are like signatures with extra\ntransparency: you can cryptographically verify that every proof is logged in a\npublic append-only log, so you can hold the age project accountable for every\nbinary release we ever produced. This is similar to what the [Go Checksum\nDatabase](https://go.dev/blog/module-mirror-launch) provides.\n\n```\ncat \u003c\u003c EOF \u003e age-sigsum-key.pub\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1WpnEswJLPzvXJDiswowy48U+G+G1kmgwUE2eaRHZG\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAz2WM5CyPLqiNjk7CLl4roDXwKhQ0QExXLebukZEZFS\nEOF\ncat \u003c\u003c EOF \u003e sigsum-trust-policy.txt\nlog 154f49976b59ff09a123675f58cb3e346e0455753c3c3b15d465dcb4f6512b0b https://poc.sigsum.org/jellyfish\nwitness poc.sigsum.org/nisse 1c25f8a44c635457e2e391d1efbca7d4c2951a0aef06225a881e46b98962ac6c\nwitness rgdd.se/poc-witness  28c92a5a3a054d317c86fc2eeb6a7ab2054d6217100d0be67ded5b74323c5806\ngroup  demo-quorum-rule all poc.sigsum.org/nisse rgdd.se/poc-witness\nquorum demo-quorum-rule\nEOF\n\ncurl -JLO \"https://dl.filippo.io/age/v1.2.0?for=darwin/arm64\"\ncurl -JLO \"https://dl.filippo.io/age/v1.2.0?for=darwin/arm64\u0026proof\"\n\ngo install sigsum.org/sigsum-go/cmd/sigsum-verify@v0.8.0\nsigsum-verify -k age-sigsum-key.pub -p sigsum-trust-policy.txt \\\n    age-v1.2.0-darwin-arm64.tar.gz.proof \u003c age-v1.2.0-darwin-arm64.tar.gz\n```\n\nYou can learn more about what's happening above in the [Sigsum\ndocs](https://www.sigsum.org/getting-started/).\n\n## Usage\n\nFor the full documentation, read [the age(1) man page](https://filippo.io/age/age.1).\n\n```\nUsage:\n    age [--encrypt] (-r RECIPIENT | -R PATH)... [--armor] [-o OUTPUT] [INPUT]\n    age [--encrypt] --passphrase [--armor] [-o OUTPUT] [INPUT]\n    age --decrypt [-i PATH]... [-o OUTPUT] [INPUT]\n\nOptions:\n    -e, --encrypt               Encrypt the input to the output. Default if omitted.\n    -d, --decrypt               Decrypt the input to the output.\n    -o, --output OUTPUT         Write the result to the file at path OUTPUT.\n    -a, --armor                 Encrypt to a PEM encoded format.\n    -p, --passphrase            Encrypt with a passphrase.\n    -r, --recipient RECIPIENT   Encrypt to the specified RECIPIENT. Can be repeated.\n    -R, --recipients-file PATH  Encrypt to recipients listed at PATH. Can be repeated.\n    -i, --identity PATH         Use the identity file at PATH. Can be repeated.\n\nINPUT defaults to standard input, and OUTPUT defaults to standard output.\nIf OUTPUT exists, it will be overwritten.\n\nRECIPIENT can be an age public key generated by age-keygen (\"age1...\")\nor an SSH public key (\"ssh-ed25519 AAAA...\", \"ssh-rsa AAAA...\").\n\nRecipient files contain one or more recipients, one per line. Empty lines\nand lines starting with \"#\" are ignored as comments. \"-\" may be used to\nread recipients from standard input.\n\nIdentity files contain one or more secret keys (\"AGE-SECRET-KEY-1...\"),\none per line, or an SSH key. Empty lines and lines starting with \"#\" are\nignored as comments. Passphrase encrypted age files can be used as\nidentity files. Multiple key files can be provided, and any unused ones\nwill be ignored. \"-\" may be used to read identities from standard input.\n\nWhen --encrypt is specified explicitly, -i can also be used to encrypt to an\nidentity file symmetrically, instead or in addition to normal recipients.\n```\n\n### Multiple recipients\n\nFiles can be encrypted to multiple recipients by repeating `-r/--recipient`. Every recipient will be able to decrypt the file.\n\n```\n$ age -o example.jpg.age -r age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p \\\n    -r age1lggyhqrw2nlhcxprm67z43rta597azn8gknawjehu9d9dl0jq3yqqvfafg example.jpg\n```\n\n#### Recipient files\n\nMultiple recipients can also be listed one per line in one or more files passed with the `-R/--recipients-file` flag.\n\n```\n$ cat recipients.txt\n# Alice\nage1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p\n# Bob\nage1lggyhqrw2nlhcxprm67z43rta597azn8gknawjehu9d9dl0jq3yqqvfafg\n$ age -R recipients.txt example.jpg \u003e example.jpg.age\n```\n\nIf the argument to `-R` (or `-i`) is `-`, the file is read from standard input.\n\n### Passphrases\n\nFiles can be encrypted with a passphrase by using `-p/--passphrase`. By default age will automatically generate a secure passphrase. Passphrase protected files are automatically detected at decrypt time.\n\n```\n$ age -p secrets.txt \u003e secrets.txt.age\nEnter passphrase (leave empty to autogenerate a secure one):\nUsing the autogenerated passphrase \"release-response-step-brand-wrap-ankle-pair-unusual-sword-train\".\n$ age -d secrets.txt.age \u003e secrets.txt\nEnter passphrase:\n```\n\n### Passphrase-protected key files\n\nIf an identity file passed to `-i` is a passphrase encrypted age file, it will be automatically decrypted.\n\n```\n$ age-keygen | age -p \u003e key.age\nPublic key: age1yhm4gctwfmrpz87tdslm550wrx6m79y9f2hdzt0lndjnehwj0ukqrjpyx5\nEnter passphrase (leave empty to autogenerate a secure one):\nUsing the autogenerated passphrase \"hip-roast-boring-snake-mention-east-wasp-honey-input-actress\".\n$ age -r age1yhm4gctwfmrpz87tdslm550wrx6m79y9f2hdzt0lndjnehwj0ukqrjpyx5 secrets.txt \u003e secrets.txt.age\n$ age -d -i key.age secrets.txt.age \u003e secrets.txt\nEnter passphrase for identity file \"key.age\":\n```\n\nPassphrase-protected identity files are not necessary for most use cases, where access to the encrypted identity file implies access to the whole system. However, they can be useful if the identity file is stored remotely.\n\n### SSH keys\n\nAs a convenience feature, age also supports encrypting to `ssh-rsa` and `ssh-ed25519` SSH public keys, and decrypting with the respective private key file. (`ssh-agent` is not supported.)\n\n```\n$ age -R ~/.ssh/id_ed25519.pub example.jpg \u003e example.jpg.age\n$ age -d -i ~/.ssh/id_ed25519 example.jpg.age \u003e example.jpg\n```\n\nNote that SSH key support employs more complex cryptography, and embeds a public key tag in the encrypted file, making it possible to track files that are encrypted to a specific public key.\n\n#### Encrypting to a GitHub user\n\nCombining SSH key support and `-R`, you can easily encrypt a file to the SSH keys listed on a GitHub profile.\n\n```\n$ curl https://github.com/benjojo.keys | age -R - example.jpg \u003e example.jpg.age\n```\n\nKeep in mind that people might not protect SSH keys long-term, since they are revokable when used only for authentication, and that SSH keys held on YubiKeys can't be used to decrypt files.\n","funding_links":["https://github.com/FiloSottile/FiloSottile/blob/main/maintenance.md#funding"],"categories":["File Encryption","Go","Security","HarmonyOS","开源类库","Command Line Utilities","📝 Prerequisites","others","Open source library","安全","Go (531)","Relational Databases","Categorías","\u003ca name=\"Go\"\u003e\u003c/a\u003eGo","🛠️ Productivity"],"sub_categories":["Categories","HTTP Clients","Windows Manager","加密/解密","Snippets Manager","Tools","🔧 Tools","Encrypt And Decrypt","HTTP客户端","Esenciales","☸️ Kubernetes","Encryption"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FFiloSottile%2Fage","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FFiloSottile%2Fage","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FFiloSottile%2Fage/lists"}