Added init command. Added ability to encrypt/decrypt with multiple ke...

[alanxoc3]

…ys. Did some code deduplication. Cleaned up some error messages.

This works because both the "-i" and "-R" options with age accept multiple public/private keys. With multiple public keys, secrets are encrypted for all the keys. With multiple private keys, if decryption for on key fails, the next one is attempted, until one suceeds. Multiple private keys would have already worked before this commit.

This is technically not backwards compatible. To migrate to this commit version, you'd want to do something like this:

mkdir -p ~/.config/pa mv ~/.age/key.txt ~/.config/pa/privkeys pa init

Or: export PA_PRIVKEYS=~/.age/key.txt pa init

[alanxoc3]

Tested with dash. Feel free to change whatever you see fit. I included a few separate changes in here.

Also, my use case for wanting to encrypt with multiple public keys is so different computers can have different private keys. If one computer gets compromized, at least there are other private keys that are not compromised.

"pass" has similar behavior with gpg subkeys.

I added the "pa init" command, to imitate pass more, but also so the other commands don't have side effects. (In my opinion, the list/show command shouldn't ever create a directory.)

Also, thanks for this script. I'm beginning to make the journey away from pgp/gpg, so it's helpful.

[biox]

I'm reviewing this & pulling pieces out of it - you'll see a stream of commits headed to main w/ credit to you. I'm trying to bust it your commit into reasonable pieces.

[biox]

I pushed 67a48b7, b32ce1a, 7b16e8e, and a4c0427 based on this PR. thanks so much!

[biox]

Closing this for now, but feel free to re-open if you have concerns or something. :heart:

[alanxoc3]

Hey, thanks! I'll try to stop using my fork now.

[biox]

Sounds good, lmk if you run into any issues :smile: