Encrypt and decrypt files with Age or Rage

Keep It Simple

Authenticated Data

Even though Age can be used for file encryption in a very simple way, it is particularly useful in scenarios where information is encrypted or decrypted as a data stream. By default, Age processes data from standard input and returns the results on standard output. Age's natural habitat is therefore the command line, scripts, or cronjobs.

Age not only ensures the confidentiality of the data, but also its authenticity and integrity. During decryption, the tool immediately checks the integrated Message Authentication Code (MAC). The principle known as "authenticated encryption with associated data" (AEAD) checks for possible changes to the ciphertext for each block, preventing various attacks on the encryption or the integrity of the data in the process. Unlike GnuPG, however, the files cannot be cryptographically signed, and Age does not support attribution to an author through a signature.

Conclusions

Age is a simple alternative to GnuPG that lets you encrypt and decrypt data asymmetrically, easily, and reliably. The clear design and the deliberate omission of options for configuring the encryption method help ensure secure use for everyday tasks. Thanks to support for different key types, you can also use the widespread SSH keys of your recipients.

Infos

  1. Age Go implementation: https://github.com/FiloSottile/age
  2. Rage Rust variant: https://github.com/str4d/rage

The Author

Dr. Matthias W¸bbeling is an IT security enthusiast, scientist, author, consultant, and speaker. As a Lecturer at the University of Bonn in Germany and Researcher at Fraunhofer FKIE, he works on projects in network security, IT security awareness, and protection against account takeover and identity theft. He is the CEO of the university spin-off Identeco, which keeps a leaked identity database to protect employee and customer accounts against identity fraud. As a practitioner, he supports the German Informatics Society (GI), administrating computer systems and service back ends. He has published more than 100 articles on IT security and administration.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Filesystem Encryption

    The revelation of wide-spread government snooping has sparked a renewed interest in data storage security via encryption. In this article, we review some options for encrypting files, directories, and filesystems on Linux.

  • Efficient password management in distributed teams
    Team members often need certain information to authenticate against servers. You don't want to save this secret data in plain text, but you don't want to retype it every time, either. How can you share these secrets?
  • Secure data transfer with FTP alternative MFT
    Although FTP still does loyal service despite its age, if you need to send sensitive data, you should consider managed file transfer.
  • Secure Alternative to FTP

    Although FTP still does loyal service despite its age, if you need to send sensitive data, you should consider managed file transfer.

  • Safe Files

    Encrypting your data is becoming increasingly important, but you don’t always have to use an encrypted filesystem. Sometimes just encrypting files is enough.

comments powered by Disqus