age.1 - age - Simple, secure encryption with UNIX-style composability.

age.1 (2812B)
      1 .Dd October 9, 2019
      2 .Dt AGE 1
      3 .Os
      4 .Sh NAME
      5 .Nm age
      6 .Nd encrypt and decrypt data
      7 .Sh SYNOPSIS
      8 .Nm
      9 .Op Fl o Ar file
     10 .Fl G
     11 .Nm
     12 .Op Fl i Ar file
     13 .Op Fl o Ar file
     14 .Ar recipient ...
     15 .Nm
     16 .Op Fl i Ar file
     17 .Op Fl o Ar file
     18 .Fl D
     19 .Op Ar identity-file ...
     20 .Sh DESCRIPTION
     21 The
     22 .Nm
     23 utility encrypts and decrypts data,
     24 reading from standard input and writing to standard output.
     25 By default,
     26 .Nm
     27 will encrypt input for one-or-more
     28 .Ar recipient Ns s .
     29 Other modes of operation are selected with the following options:
     30 .Bl -tag -width Ds
     31 .It Fl D
     32 Decrypt input using one or more
     33 .Ar identity-file Ns s
     34 containing valid identities.
     35 .It Fl G
     36 Generate a new key pair.
     37 .El
     38 .Pp
     39 The other options are as follows:
     40 .Bl -tag -width Ds
     41 .\"It Fl a , alises
     42 .It Fl i Ar file
     43 Read input from
     44 .Ar file .
     45 .It Fl o Ar file
     46 Write output to
     47 .Ar file ,
     48 truncating if there is any data and creating it if it does not exist.
     49 .El
     50 .Pp
     51 A
     52 .Ar recipient
     53 can be one of the following:
     54 .Bl -tag -width Ds
     55 .It Cm pubkey : Ns Ar key
     56 A public key generated using
     57 .Fl G ,
     58 where
     59 .Ar key
     60 is a base64-encoded string.
     61 .It Cm ssh- Ns Oo Cm rsa | ed25519 Oc Ar key
     62 A public key generated using
     63 .Xr ssh-keygen 1 ,
     64 where
     65 .Ar key
     66 is a base64-encoded string.
     67 See the AUTHORIZED_KEYS FILE FORMAT section of
     68 .Xr sshd 8
     69 for a reference to the full format.
     70 .It Cm alias : Ns Ar name
     71 The name of a recipient alias contained in the alias file.
     72 .It Ar file
     73 A file containing a list of any of the key formats mentioned above,
     74 with keys separated by newlines.
     75 .It Ar https://example.tld/file
     76 A key list file located online.
     77 .Nm
     78 will start a network request to download it.
     79 .It Cm github : Ns Ar user
     80 A list of ssh keys for a GitHub
     81 .Ar user .
     82 This is expanded into
     83 .Ql https://github.com/user.keys .
     84 .El
     85 .Pp
     86 An
     87 .Ar identity-file
     88 is either a key-pair generated using
     89 .Fl G
     90 or a ssh private key generated using
     91 .Xr ssh-keygen 1 .
     92 .Sh FILES
     93 The location of the alias file is platform specific.
     94 On
     95 .Ux Ns -like
     96 systems,
     97 .Nm
     98 will look for
     99 .Pa $XDG_CONFIG_HOME/age/aliases.txt
    100 if
    101 .Ev XDG_CONFIG_HOME
    102 is set,
    103 else it will look for
    104 .Pa ~/.config/age/aliases.txt .
    105 On macOS,
    106 .Nm
    107 will look for
    108 .Pa "~/Library/Application Support/age/aliases.txt" .
    109 .Sh EXIT STATUS
    110 .Ex -std
    111 .Sh EXAMPLES
    112 Generate a new key-pair, and encrypt a file using the public key:
    113 .Bd -literal -offset Ds
    114 age -G > age-key
    115 age $(sed -n '2 s/^..//p' age-key) < data.txt > data.txt.age
    116 .Ed
    117 .Pp
    118 Send a backup of a directory to another system:
    119 .Bd -literal -offset Ds
    120 tar cv /path/to/dir | gzip | age alias:sysname | nc sysname 1234
    121 .Ed
    122 .Sh SEE ALSO
    123 .Xr gpg 1 ,
    124 .Xr ssh-keygen 1 ,
    125 .Xr sshd 8
    126 .Sh AUTHORS
    127 .An -nosplit
    128 The specification and implementation for the
    129 .Nm
    130 utility was written by
    131 .An Filippo Valsorda Aq Mt filippo@golang.org .
    132 This implementation is maintained by
    133 .An Stephen Gregoratto Aq Mt dev@sgregoratto.me .