Giters

FiloSottile / age

A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

Home Page:https://age-encryption.org

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Clarify -e -i docs

FiloSottile opened this issue · comments

commented

Incorporate the suggestions in #337 (comment).

Discussed in #337

Originally posted by puenka September 30, 2021
I'm a bit confused by what's actually happening when using -i to encrypt a file.

The man-page states the following:

If -e/--encrypt is explicitly specified (to avoid confusion),
-i/--identity may also be used to encrypt to the RECIPIENTS
corresponding to the IDENTITIES listed at PATH. This allows
using an identity file as a symmetric key, if desired.

What kind of encryption does this run? Is this equivalent to creating a public key from the identities and encrypting the file with those keys as recipients? Or is this actually a different kind of encryption algorithm, which the documentation implies (as using the identity "as a symmetric key" is something different than using it "like a list of symmetric keys", where I would understand the latter as the procedure outlined above.)

What it definitely doesn't do is using the file itself as a key, in the sense that a copy of the file itself is needed to decrypt. This is clear by the first half of the documentation, but the second half kind of contradicts this, doesn't it?
This can be easily checked by encrypting using -i with a file containing two identities - either single identity can be used to decrypt the file afterwards.

A related question is the recommended storage of keyfiles. The generated keyfile is an identity file with a public key as a comment. Let's call this file keyfile and another file containing just the public key itself (which is a recipient file) keyfile.pub.
I could thus use

age -R keyfile.pub [INPUT]

or

age -e -i keyfile [INPUT]

to encrypt a file. Do these two produce the same output? As there is some randomness involved, I cannot simply check the output files with checksums. Should I keep a separate keyfile.pub on my local machine containing just the public key if I want to encrypt something or is the keyfile itself sufficient because the method is the same?

Maybe these questions even deserve addressing/clarification in the documentation? If I understand what's happening, I'll have my try to incorporate it there!

commented

You can always convert a secret key into the corresponding public key and as far as I can tell the output is always unique.

I agree, the use of -i to specify recipients is somewhat confusing, and it could be better to use -R for it instead. However, I can see the reasoning behind this solution because now the commands for encrypt and decrypt become symmetric too

age -e -i priv.key ...
age -d -i priv.key ...

I still haven't decided what to do with covert, which attempts to stay compatible with age using the exact same options, but is also using -i during encryption to mean that the file should be signed with that identity.