Golang AgeWell, many cryptography programs become blotted over time, and support an increasing number of cryptography methods, and often struggle to integrate the most up-to-date methods. This has happened with OpenSSL, which supports so many symmetric key, hashing and public key encryption methods. With GPG/PGP (Pretty Good Privacy), we also see many methods. This page implements the Age (Actually Good Encryption) encryption method. |
Outline
Well, many cryptography programs become blotted over time, and support an increasing number of cryptography methods, and often struggle to integrate the most up-to-date methods. This has happened with OpenSSL, which supports so many symmetric key, hashing and public key encryption methods. With GPG/PGP (Pretty Good Privacy), we also see many methods.
Can we get a nice and simple encryption method for files which is easy to use and secure? Well, Age (Actually Good Encryption) can provide this [here]. Overall, we see large public keys used in GPP, and where it is fairly cumbersome to use. Along with this, it supports so many methods that can make it confusing to use.
We can either use Python or a command line. First, we will investigate the command line. To generate keys we run the following:
$ age-keygen # created: 2024-04-02T15:32:10Z # public key: age1dg6egjq84q22er3w5y47zy4ltjqvjr2yfpqawjk7c6gmq897tsgqacjwtm AGE-SECRET-KEY-1UG8ZSE0NVJ70TPA2LZ99WGDTGP796W7U94PUXJE262Z6JJJUPAUSEHJVP0
We can see we have a public key of “age1dg6egjq84q22er3w5y47zy4ltjqvjr2yfpqawjk7c6gmq897tsgqacjwtm” and a private of “AGE-SECRET-KEY-1UG8ZSE0NVJ70TPA2LZ99WGDTGP796W7U94PUXJE262Z6JJJUPAUSEHJVP0”. These are relatively small keys. We can also password protect our private key with a password:
$ age-keygen | age -p > key.age Enter passphrase (leave empty to autogenerate a secure one): pass Public key: age1axz2uqf9yzvp88ychw5dznj5gx56pkt24f0095jvk5uzuka2yvjq7869el $ type key.age age-encryption.org/v1 -> scrypt srawI7Y9SbnF1rnIm1yEEQ 18 QyYIdNpBFx1IynCmacpAzOmMFdRQItat18gEzrru2jg --- wzgoxd4IN+EHE0ob3hevEoa6WnYslds49vhh2nmWsNE ┌ⁿ╧Öê«░I°"z^°_╫n■aQZ}ÖXûåΘ▓Γz╚▄ÖεßßkÑ╣-ö╢ÜMÖ]|│╖╕ªÆ╤j M»┴¬'Σ╕Ño┼.
To encrypt (with “-e”), we just use Alice’s public key:
$ age -e -r age1axz2uqf9yzvp88ychw5dznj5gx56pkt24f0095jvk5uzuka2yvjq7869el 1.txt > 1.txt.age $ cat 1.txt.age age-encryption.org/v1 -> X25519 OaSHRxjwk4emeqpq0/lb/d+u2PmV0eaXfuVw0H0HCmc 5ZzVYc4XkJpVbf1p6/nV/HX5jeOS7sCWmYHGwi5SYIc --- Xg5u1muna8fRoSsuDYuUY5/Cj9s9b1oS1U91Ln+3tMA Jñ#......
We can now decrypt (“-d”) with:
$ age -d -i key.age 1.txt.age Enter passphrase for identity file "key.age" : Hello
The Python code for this is:
package main import ( "bytes" "encoding/base64" "fmt" "io" "log" "os" "filippo.io/age" ) func main() { msg := "Hello" argCount := len(os.Args[1:]) if argCount > 0 { msg = os.Args[1] } identity, _ := age.GenerateX25519Identity() publicKey := identity.Recipient().String() privateKey := identity.String() recipient, _ := age.ParseX25519Recipient(publicKey) out := &bytes.Buffer{} w, _ := age.Encrypt(out, recipient) if _, err := io.WriteString(w, msg); err != nil { log.Fatalf("Failed to write to encrypted file: %v", err) } fmt.Printf("Message:\t%v\n", msg) fmt.Printf("Public key:\t%v\n", publicKey) fmt.Printf("Private key:\t%v\n", privateKey) fmt.Printf("\nEncrypted file size: %d\nCipher\t%v\n", out.Len(), base64.StdEncoding.EncodeToString(out.Bytes())) w.Close() receiver, _ := age.ParseX25519Identity(privateKey) r, _ := age.Decrypt(out, receiver) buf := new(bytes.Buffer) buf.ReadFrom(r) str := buf.String() fmt.Println("\nDecrypted string\t ", str) }
and a sample run is:
Message: Hello Public key: age1e49qkyngpm50leuv3h5rfvrj7nvt97e485a37ktmtfalz5xlyeksmqpm2n Private key: AGE-SECRET-KEY-1ZD89GG0EXY8A9GV64DQ9ZPG5GK8XZS36EEE5AFSMV6R2D2KY4UKSPKAEWL Encrypted file size: 184 Cipher YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFKzNoQ2cyZWZMczNJMDJtSy9naXpaVFlRd3o0U0Iya2U5RUpiWEhxZFVrCjlSc0NuZnlHNFVFWG1yYmlKN05UcFM5TEUzWVNYZDlObE1RYTds VVV4OGcKLS0tIEFLcjkzSDZFOUlFRFczbENKQ3dQK3l1QWxKVnpTZmp2UTZYOWRzKytNem8KKqtqLDHkaI7SsVBlH+r/MA== Decrypted string Hello
One of the coolest features, is that Age also supports ssh-rsa and ssh-ed25519 SSH public keys, and where we can encrypt and decryt with OpenSSH keys:
$ age -R ~/.ssh/id_ed25519.pub example.jpg > example.jpg.age $ age -d -i ~/.ssh/id_ed25519 example.jpg.age > example.jpg