UX: no way to get public key from private key

[mgrandi]

there seems to be no way to generate the public key from the private key given the current options available to age-keygen and age, I was wondering if it was worth having this (if it is possible, i am ignorant in this field) in case you ever lose the "public" part of the key

for example, ssh can do this via

ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub

is this useful to add?

[alerque]

I don't know whether the underlying cryptography is age's case would even support this, but if it does and there is a way to derive the public key from the private key that would be a useful addition to the UI.

Another example of this usage would be WireGuard. First you generate the private key using wg genkey, only then can you even generate a public key by passing the private key to wg pubkey. You could compose this to output both keys at once, say by wg keygen | tee /dev/stderr | wg pubkey, but the separate steps are both convenient and make it super clear what key you are outputting when.

I would suggest this two step process of outputting keys is a better way to resolve the current situation where one is sent to a file and the other is output to the terminal. It's of course possible to capture both with the current system but it requires a little more understanding of the shell and is more open to confusion.

[dsprenkels]

I am interested in implementing this!

My current idea is to expand age-keygen:

Usage of ./age-keygen:
  -o FILE
        output to FILE (default stdout)
  -p, --pubkey KEY
        Read the private key file at path KEY and print the corresponding public key.

[mgrandi]

Sounds good, except the name of the argument being pubkey sounds a bit confusing

[dsprenkels]

Sounds good, except the name of the argument being pubkey sounds a bit confusing

It was based on wireguard's wg pubkey command. I'm open to suggestions! :)