search

FiloSottile / age

A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
https://age-encryption.org
BSD 3-Clause "New" or "Revised" License
15.75k stars 475 forks source link

Age terminates too soon on MacOS #504

Closed Jack15911 closed 12 months ago

Jack15911 commented 1 year ago

Environment

What were you trying to do: Open and run Age on MacOS with M2 architecture

What happened: I gained a Gatekeeper exception by using Finder - right click - Open. Age appeared to open in a terminal window and delivered possibly the result I would receive if I entered "age --help". Then the session appeared to terminate and I could not get a next line prompt. With the Gatekeeper exception now established I can double-click the icon to execute it, but I still get the same result.

<Last login: Wed May  3 18:51:09 on ttys000
/Users/abc/Downloads/Age/age/age ; exit;
abc@MacBook-Air ~ % /Users/abc/Downloads/Age/age/age ; exit;
Usage:
    age [--encrypt] (-r RECIPIENT | -R PATH)... [--armor] [-o OUTPUT] [INPUT]
    age [--encrypt] --passphrase [--armor] [-o OUTPUT] [INPUT]
    age --decrypt [-i PATH]... [-o OUTPUT] [INPUT]

Options:
    -e, --encrypt               Encrypt the input to the output. Default if omitted.
    -d, --decrypt               Decrypt the input to the output.
    -o, --output OUTPUT         Write the result to the file at path OUTPUT.
    -a, --armor                 Encrypt to a PEM encoded format.
    -p, --passphrase            Encrypt with a passphrase.
    -r, --recipient RECIPIENT   Encrypt to the specified RECIPIENT. Can be repeated.
    -R, --recipients-file PATH  Encrypt to recipients listed at PATH. Can be repeated.
    -i, --identity PATH         Use the identity file at PATH. Can be repeated.

INPUT defaults to standard input, and OUTPUT defaults to standard output.
If OUTPUT exists, it will be overwritten.

RECIPIENT can be an age public key generated by age-keygen ("age1...")
or an SSH public key ("ssh-ed25519 AAAA...", "ssh-rsa AAAA...").

Recipient files contain one or more recipients, one per line. Empty lines
and lines starting with "#" are ignored as comments. "-" may be used to
read recipients from standard input.

Identity files contain one or more secret keys ("AGE-SECRET-KEY-1..."),
one per line, or an SSH key. Empty lines and lines starting with "#" are
ignored as comments. Passphrase encrypted age files can be used as
identity files. Multiple key files can be provided, and any unused ones
will be ignored. "-" may be used to read identities from standard input.

When --encrypt is specified explicitly, -i can also be used to encrypt to an
identity file symmetrically, instead or in addition to normal recipients.

Example:
    $ age-keygen -o key.txt
    Public key: age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p
    $ tar cvz ~/data | age -r age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p > data.tar.gz.age
    $ age --decrypt -i key.txt -o data.tar.gz data.tar.gz.age

Saving session...
...copying shared history...
...saving history...truncating history files...
...completed.

[Process completed]

>

Edit: Using MacPorts, I installed age successfully, and it's currently running. It does not run after install using pre-compiled binary directly into Mac Applications. If it's supposed to install directly, then it isn't working; if there are other steps necessary, please include those notes in the Readme.

supermarin commented 12 months ago 
<Last login: Wed May  3 18:51:09 on ttys000
/Users/abc/Downloads/Age/age/age ; exit;
abc@MacBook-Air ~ % /Users/abc/Downloads/Age/age/age ; exit;

; exit; effectively kills the terminal session if I'm not missing something?

Jack15911 commented 12 months ago 
<Last login: Wed May  3 18:51:09 on ttys000
/Users/abc/Downloads/Age/age/age ; exit;
abc@MacBook-Air ~ % /Users/abc/Downloads/Age/age/age ; exit;

; exit; effectively kills the terminal session if I'm not missing something?

Yes.

FiloSottile commented 12 months ago

age is a command line binary, you need to execute it from a terminal regardless of how you install it, not from Finder.

supermarin commented 12 months ago

@Jack15911 What we could have communicated better: ; exit part is added by macOS when you click on the binary in Finder, it has nothing to do with age. If you execute age from your terminal, it should print help but not close the terminal session.

Jack15911 commented 12 months ago

Thanks. There are a couple of related things that cause me concern. First, I need to use MacOS Terminal for age, but command line is not my first language and it's a bit of a struggle. I now have the age binary working, but having to use "./age" seems clumsy. I'll search for a way to ideally put age and age-keygen into Applications properly. (It worked better under MacPorts, but I eliminated that due to excess tweaks required.) My Linux command line works fine.

Second, I'd like to do an article to help popularize age - I write well, but but I'm not professional and have no journal to which to offer my efforts. I expect many of them will accept free content, however. (I have noted that at least two "How To" articles I've read on age are wrong and aren't following the man page.) I'm particularly interested in age "encrypt to delete" and would like to showcase this for people who have the SSD wear-leveling problem with deleting.

As I mentioned, however, at this point I'm still struggling with making age run under MacOS, so the article is a mid-range goal.