search

FiloSottile / age

A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
https://age-encryption.org
BSD 3-Clause "New" or "Revised" License
17.07k stars 500 forks source link

Clarify -e -i docs #339

Closed FiloSottile closed 2 years ago

FiloSottile commented 3 years ago

Incorporate the suggestions in https://github.com/FiloSottile/age/discussions/337#discussioncomment-1424735.

Discussed in https://github.com/FiloSottile/age/discussions/337

Originally posted by **puenka** September 30, 2021 I'm a bit confused by what's actually happening when using `-i` to encrypt a file. The man-page states the following: ``` If -e/--encrypt is explicitly specified (to avoid confusion), -i/--identity may also be used to encrypt to the RECIPIENTS corresponding to the IDENTITIES listed at PATH. This allows using an identity file as a symmetric key, if desired. ``` What kind of encryption does this run? Is this equivalent to creating a public key from the identities and encrypting the file with those keys as recipients? Or is this actually a different kind of encryption algorithm, which the documentation implies (as using the identity "as a symmetric key" is something different than using it "like a list of symmetric keys", where I would understand the latter as the procedure outlined above.) What it definitely doesn't do is using the file itself as a key, in the sense that a copy of the file itself is needed to decrypt. This is clear by the first half of the documentation, but the second half kind of contradicts this, doesn't it? This can be easily checked by encrypting using `-i` with a file containing two identities - either single identity can be used to decrypt the file afterwards. A related question is the recommended storage of keyfiles. The generated keyfile is an identity file with a public key as a comment. Let's call this file `keyfile` and another file containing just the public key itself (which is a recipient file) `keyfile.pub`. I could thus use ``` age -R keyfile.pub [INPUT] ``` or ``` age -e -i keyfile [INPUT] ``` to encrypt a file. Do these two produce the same output? As there is some randomness involved, I cannot simply check the output files with checksums. Should I keep a separate `keyfile.pub` on my local machine containing just the public key if I want to encrypt something or is the `keyfile` itself sufficient because the method is the same? Maybe these questions even deserve addressing/clarification in the documentation? If I understand what's happening, I'll have my try to incorporate it there!
covert-encryption commented 2 years ago

You can always convert a secret key into the corresponding public key and as far as I can tell the output is always unique.

I agree, the use of -i to specify recipients is somewhat confusing, and it could be better to use -R for it instead. However, I can see the reasoning behind this solution because now the commands for encrypt and decrypt become symmetric too

age -e -i priv.key ...
age -d -i priv.key ...

I still haven't decided what to do with covert, which attempts to stay compatible with age using the exact same options, but is also using -i during encryption to mean that the file should be signed with that identity.