Passphrase can't be combined with recipient
mykhal opened this issue · comments
Currently, passphrase is obviously intended mainly for privkey storage encryption with scrypt, and cannot be combined with recipient key.
I understand there's a "passphrase distribution" problem (also some usability problem), however, the peers might already have prenegotiated some. It would be nice if age had a feature similar to wireguard PSK. (From normal user standpoint, it might not be clear why recipient + passphrase combination is "forbidden", it should maybe be just discouraged.)
(Sorry for accidental closing, acute slight sleep/coffe insufficiency. DELME.)
Excuse me if I'm not understanding your use case, but wouldn't that just be encrypting the same thing twice? Or are you expecting a multiple-recipients type feature that allows either the passphrase or recipient's key to unlock?
Could be said a) "encrypting twice"; I was meaning additional layer of security with secret "symmetric key" (derived from passphrase, or set directly), for the same single recipient, but maybe different per file/message, if it's useful to do so.
.. I've already meant WireGuard, which has optional PresharedKey in addition to PublicKey
# wg
interface: wg0
public key: TPgxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxFlo=
private key: (hidden)
...
peer: dXKxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxqkc=
allowed ips: xxx.xxx.xxx.xxx/32
...
peer: jOWxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxlDM=
preshared key: (hidden)
allowed ips: xxx.xxx.xxx.xxx/32
...
...