{"id":13503840,"url":"https://github.com/str4d/rage","last_synced_at":"2025-10-19T08:54:32.694Z","repository":{"id":37601567,"uuid":"213749542","full_name":"str4d/rage","owner":"str4d","description":"A simple, secure and modern file encryption tool (and Rust library) with small explicit keys, no config options, and UNIX-style composability.","archived":false,"fork":false,"pushed_at":"2025-03-31T14:40:47.000Z","size":3759,"stargazers_count":2921,"open_issues_count":44,"forks_count":112,"subscribers_count":34,"default_branch":"main","last_synced_at":"2025-05-07T08:01:46.538Z","etag":null,"topics":["age-encryption","cli","curve25519","encryption","rust","rust-library","scrypt","secure-by-default","unix-philosophy","yubikey","zero-configuration"],"latest_commit_sha":null,"homepage":"https://age-encryption.org/v1","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/str4d.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"docs/CONTRIBUTING.md","funding":null,"license":"LICENSE-APACHE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-10-08T20:40:49.000Z","updated_at":"2025-05-05T17:13:59.000Z","dependencies_parsed_at":"2023-12-17T17:41:05.584Z","dependency_job_id":"3bb13017-41b9-4faf-be92-94d606d22626","html_url":"https://github.com/str4d/rage","commit_stats":{"total_commits":1102,"total_committers":34,"mean_commits":"32.411764705882355","dds":0.07713248638838477,"last_synced_commit":"17446612f865c705e44fe392d9d41dd102fed137"},"previous_names":[],"tags_count":25,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/str4d%2Frage","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/str4d%2Frage/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/str4d%2Frage/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/str4d%2Frage/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/str4d","download_url":"https://codeload.github.com/str4d/rage/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254110363,"owners_count":22016391,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["age-encryption","cli","curve25519","encryption","rust","rust-library","scrypt","secure-by-default","unix-philosophy","yubikey","zero-configuration"],"created_at":"2024-07-31T23:00:46.388Z","updated_at":"2025-10-19T08:54:27.638Z","avatar_url":"https://github.com/str4d.png","language":"Rust","readme":"\u003cp align=\"center\"\u003e\u003cimg alt=\"The age logo, an wireframe of St. Peters dome in Rome, with the text: age, file encryption\" width=\"600\" src=\"https://user-images.githubusercontent.com/1225294/132245842-fda4da6a-1cea-4738-a3da-2dc860861c98.png\"\u003e\u003c/p\u003e\n\n# rage: Rust implementation of age\n\nrage is a simple, modern, and secure file encryption tool, using the *age*\nformat. It features small explicit keys, no config options, and UNIX-style\ncomposability.\n\nThe format specification is at [age-encryption.org/v1](https://age-encryption.org/v1).\nage was designed by [@Benjojo](https://benjojo.co.uk/) and\n[@FiloSottile](https://bsky.app/profile/did:plc:x2nsupeeo52oznrmplwapppl).\n\nThe reference interoperable Go implementation is available at\n[filippo.io/age](https://filippo.io/age).\n\nHardware PIV tokens such as YubiKeys are supported through the\n[age-plugin-yubikey](https://github.com/str4d/age-plugin-yubikey) plugin.\n\nFor more plugins, implementations, tools, and integrations, check out the\n[awesome age](https://github.com/FiloSottile/awesome-age) list.\n\n## Installation\n\n| Environment | CLI command |\n|-------------|-------------|\n| Cargo (Rust 1.65+) | `cargo install rage` |\n| Homebrew (macOS or Linux) | `brew install rage` |\n| MacPorts | `port install rage` |\n| Alpine Linux (edge) | `apk add rage` |\n| Arch Linux | `pacman -S rage-encryption` |\n| Debian | [Debian packages](https://github.com/str4d/rage/releases) |\n| NixOS | Add to config: `environment.systemPackages = [ pkgs.rage ];`\u003cbr\u003eOr run `nix-env -i rage` |\n| openSUSE Tumbleweed | `zypper install rage-encryption` |\n| Ubuntu 20.04+ | [Debian packages](https://github.com/str4d/rage/releases) |\n| FreeBSD | `pkg install rage-encryption` |\n| Scoop (Windows) | `scoop bucket add main`\u003cbr\u003e`scoop install main/rage` |\n\nOn Windows, Linux, and macOS, you can use the\n[pre-built binaries](https://github.com/str4d/rage/releases).\n\n\u003e Help from new packagers is very welcome. Please use the package name `rage`;\n\u003e the fallback package name `rage-encryption` should be used only when there are\n\u003e *unavoidable* name conflicts in package systems that use global namespaces. Do\n\u003e not rename any binaries; instead use your package system's conflicting package\n\u003e mechanism to prevent installation of both packages at once.\n\n## Usage\n\n```\nUsage: rage [--encrypt] (-r RECIPIENT | -R PATH)... [-i IDENTITY] [-a] [-o OUTPUT] [INPUT]\n       rage [--encrypt] --passphrase [-a] [-o OUTPUT] [INPUT]\n       rage --decrypt [-i IDENTITY] [-o OUTPUT] [INPUT]\n\nArguments:\n  [INPUT]  Path to a file to read from.\n\nOptions:\n  -h, --help                    Print this help message and exit.\n  -V, --version                 Print version info and exit.\n  -e, --encrypt                 Encrypt the input (the default).\n  -d, --decrypt                 Decrypt the input.\n  -p, --passphrase              Encrypt with a passphrase instead of recipients.\n      --max-work-factor \u003cWF\u003e    Maximum work factor to allow for passphrase decryption.\n  -a, --armor                   Encrypt to a PEM encoded format.\n  -r, --recipient \u003cRECIPIENT\u003e   Encrypt to the specified RECIPIENT. May be repeated.\n  -R, --recipients-file \u003cPATH\u003e  Encrypt to the recipients listed at PATH. May be repeated.\n  -i, --identity \u003cIDENTITY\u003e     Use the identity file at IDENTITY. May be repeated.\n  -j \u003cPLUGIN-NAME\u003e              Use age-plugin-PLUGIN-NAME in its default mode as an identity.\n  -o, --output \u003cOUTPUT\u003e         Write the result to the file at path OUTPUT.\n\nINPUT defaults to standard input, and OUTPUT defaults to standard output.\nIf OUTPUT exists, it will be overwritten.\n\nRECIPIENT can be:\n- An age public key, as generated by rage-keygen (\"age1...\").\n- An SSH public key (\"ssh-ed25519 AAAA...\", \"ssh-rsa AAAA...\").\n\nPATH is a path to a file containing age recipients, one per line\n(ignoring \"#\" prefixed comments and empty lines). \"-\" may be used to\nread recipients from standard input.\n\nIDENTITY is a path to a file with age identities, one per line\n(ignoring \"#\" prefixed comments and empty lines), or to an SSH key file.\nPassphrase-encrypted age identity files can be used as identity files.\nMultiple identities may be provided, and any unused ones will be ignored.\n\"-\" may be used to read identities from standard input.\n```\n\n### Multiple recipients\n\nFiles can be encrypted to multiple recipients by repeating `-r/--recipient`.\nEvery recipient will be able to decrypt the file.\n\n```bash\n$ rage -o example.png.age -r age1uvscypafkkxt6u2gkguxet62cenfmnpc0smzzlyun0lzszfatawq4kvf2u \\\n    -r age1ex4ty8ppg02555at009uwu5vlk5686k3f23e7mac9z093uvzfp8sxr5jum example.png\n```\n\n#### Recipient files\n\nMultiple recipients can also be listed one per line in one or more files passed\nwith the `-R/--recipients-file` flag.\n\n```\n$ cat recipients.txt\n# Alice\nage1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p\n# Bob\nage1lggyhqrw2nlhcxprm67z43rta597azn8gknawjehu9d9dl0jq3yqqvfafg\n$ rage -R recipients.txt example.jpg \u003e example.jpg.age\n```\n\nIf the argument to `-R` (or `-i`) is `-`, the file is read from standard input.\n\n### Passphrases\n\nFiles can be encrypted with a passphrase by using `-p/--passphrase`. By default\nrage will automatically generate a secure passphrase.\n\n```bash\n$ rage -p -o example.png.age example.png\nType passphrase (leave empty to autogenerate a secure one): [hidden]\nUsing an autogenerated passphrase:\n    kiwi-general-undo-bubble-dwarf-dizzy-fame-side-sunset-sibling\n$ rage -d example.png.age \u003eexample.png\nType passphrase: [hidden]\n```\n\nIf a binary named `pinentry` is available in `$PATH`, it will be used to ask the\nuser for a passphrase. The `PINENTRY_PROGRAM` environment variable can be used\nto set the binary name or path to use. If a `pinentry` binary is not available,\nor `PINENTRY_PROGRAM` is set to the empty string, `rage` will fall back to the\nCLI instead.\n\n### Passphrase-protected identity files\n\nIf an identity file passed to `-i/--identity` is a passphrase-encrypted age\nfile, it will be automatically decrypted.\n\n```\n$ rage -p -o key.age \u003c(rage-keygen)\nPublic key: age1pymw5hyr39qyuc950tget63aq8vfd52dclj8x7xhm08g6ad86dkserumnz\nType passphrase (leave empty to autogenerate a secure one): [hidden]\nUsing an autogenerated passphrase:\n    flash-bean-celery-network-curious-flower-salt-amateur-fence-giant\n$ rage -r age1pymw5hyr39qyuc950tget63aq8vfd52dclj8x7xhm08g6ad86dkserumnz secrets.txt \u003e secrets.txt.age\n$ rage -d -i key.age secrets.txt.age \u003e secrets.txt\nType passphrase: [hidden]\n```\n\nPassphrase-protected identity files are not necessary for most use cases, where\naccess to the encrypted identity file implies access to the whole system.\nHowever, they can be useful if the identity file is stored remotely.\n\n### SSH keys\n\nAs a convenience feature, rage also supports encrypting to `ssh-rsa` and\n`ssh-ed25519` SSH public keys, and decrypting with the respective private key\nfile. (`ssh-agent` is not supported.)\n\n```\n$ rage -R ~/.ssh/id_ed25519.pub example.png \u003e example.png.age\n$ rage -d -i ~/.ssh/id_ed25519 example.png.age \u003e example.png\n```\n\nNote that SSH key support employs more complex cryptography, and embeds a public\nkey tag in the encrypted file, making it possible to track files that are\nencrypted to a specific public key.\n\n### Feature flags\n\nWhen building with Cargo, you can configure rage using `--no-default-features`\nand `--features comma,separated,flags` to enable or disable the following\nfeature flags:\n\n- `mount` enables the `rage-mount` tool, which can mount age-encrypted TAR or\n  ZIP archives as read-only. It is currently only usable on Unix systems, as it\n  relies on `libfuse`.\n\n- `ssh` (enabled by default) enables support for reusing existing SSH key files\n  for age encryption.\n\n- `unstable` enables in-development functionality. Anything behind this feature\n  flag has no stability or interoperability guarantees.\n\n## Rust Library\n\nApplications wishing to use rage as a library should use the [`age`](https://crates.io/crates/age)\ncrate, which rage is built on top of.\n\n## License\n\nLicensed under either of\n\n * Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or\n   http://www.apache.org/licenses/LICENSE-2.0)\n * MIT license ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT)\n\nat your option.\n\n### Contribution\n\nUnless you explicitly state otherwise, any contribution intentionally\nsubmitted for inclusion in the work by you, as defined in the Apache-2.0\nlicense, shall be dual licensed as above, without any additional terms or\nconditions.\n","funding_links":[],"categories":["Applications","Tools","Rust","cli","Frameworks and Libs","Cryptography"],"sub_categories":["Utilities","Third-party Tools","Rust","Collection library"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstr4d%2Frage","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstr4d%2Frage","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstr4d%2Frage/lists"}