Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

separate public/private key files #104

Closed
wants to merge 6 commits into from
Closed

separate public/private key files #104

wants to merge 6 commits into from

Conversation

downneck
Copy link

@downneck downneck commented Feb 22, 2020
edited
Loading

Closes #91
"age-keygen" with no flags will generate ~/.age/me.pub and ~/.age/me.key
"age-keygen -o filename" now generates ~/.age/filename.pub and ~/.age/filename.key
"age -d" will load ~/.age/*.key as well as ~/.ssh/id_rsa and ~/.ssh/id_ed25519
"age -r me" will encrypt using the key found in ~/.age/me.pub
"age -r marysmith" will encrypt using the key found in ~/.age/marysmith.pub

@downneck
separates pub and key files to address #91
2b16096 
"age-keygen" with no flags will generate ~/.age/me.pub and ~/.age/me.key

"age-keygen -o filename" now generates ~/.age/filename.pub and ~/.age/filename.key

"age -d" will load ~/.age/*.key as well as ~/.ssh/id_rsa and ~/.ssh/id_ed25519

"age -r me" will encrypt using the key found in ~/.age/me.pub

"age -r marysmith" will encrypt using the key found in ~/.age/marysmith.pub
@downneck
duh
af9b91c
@downneck
generic username
85522e6
@downneck
for consistency sake
3b1e3fb
@downneck
duh, again
d201a95
@downneck downneck mentioned this pull request Feb 22, 2020
Closed
@str4d
Copy link

str4d commented Feb 22, 2020

You should use ~/.config/age to match the spec regarding age user data storage. See also #15.

@downneck
Copy link
Author

@str4d thanks! updated.

@alxiong
Copy link

alxiong commented Jun 28, 2020
edited
Loading

I'm wondering whether all pub keys should be put into a single file with annotated alias or should they be in separate files

@FiloSottile already had a proposal in his doc:

Encryption to an alias (stored at ~/.config/age/aliases.txt, change with -aliases)
$ cat ~/.config/age/aliases.txt
filippo: pubkey:jqmfMHBjlb7HoIjjTsCQ9NHIk_q53Uy_ZxmXBhdIpx4
ben: pubkey:ZAE2ZnRdItykp0ncAZJ2FAzIIfTvmGcgIx/759QhnQw github:Benjojo
$ tar cv ~/xxx | age -r alias:filippo > xxx.tar.age

I feel that the alias approach is more concise and easier for #110 (if applicable).

If so, then age-keygen -a myalias would append an entry in ~/.config/age/aliases.txt and putting private key in ~/.config/age/myalias.key

@FiloSottile
Copy link
Owner

We went through a few different ideas for how to add these conveniences, but ultimately none of them felt right because age is meant to be an explicit tool without opinions on how keys are exchanged or managed.

We ended up removing aliases, as well as default identities, and we don't have a .config path anymore. Applications and users should manage keys as they prefer.

@angelacastaneda
Copy link

for anyone missing the conveniences of default keys, I made a shell script that tries to emulate the gpg experience.

i.e.

  • age -e <file> produce an ascii armored .age file in the same directory encrypted with the $age_def_rec file
  • age -d <file> decrypts the file to stdout with the $age_def_id file
  • anything that's not a file or doesn't uses -e/-d flags gets sent to the proper age binary location at $age_bin

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FiloSottile FiloSottile Awaiting requested review from FiloSottile

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

UX: separate public/private key files
5 participants
@downneck @str4d @alxiong @FiloSottile @angelacastaneda