search

str4d / rage

A simple, secure and modern file encryption tool (and Rust library) with small explicit keys, no config options, and UNIX-style composability.
https://age-encryption.org/v1
Apache License 2.0
2.69k stars 104 forks source link

UX: Forced binary download??? #540

Closed ghost closed 1 month ago

ghost commented 1 month ago

when i compile this repo on my pc, it makes rage.exe how do i make rage-keygen.exe, with a command at compile time?? Otherwise to use the keygen exe one has to download your binary. So new users tinker, waste time then figure out that the key mode demands that they have to download your binary, because this app uses the key in your custom format. It seems designed to force people to eventually download your binary, AFTER they waste a lot of time trying to figure out why a regular key does not work. ChaCha20 never specified that all keys should start with "age" .

str4d commented 1 month ago

when i compile this repo on my pc, it makes rage.exe how do i make rage-keygen.exe, with a command at compile time??

It should build both by default. Of the three binaries that this repo contains: https://github.com/str4d/rage/blob/bdec23fe8d37065c98af0126f9ce34fc9f613958/rage/Cargo.toml#L148-L159

only rage-mount requires specifying an additional non-default feature flag. I have also confirmed that the pre-built Windows binaries ZIP contains both rage.exe and rage-keygen.exe, so there's no bug in the release code.

If you're trying to run the binaries using cargo run, then you need to specify the --bin flag to run a specific binary. cargo run with no --bin argument runs the default binary which is rage.exe: https://github.com/str4d/rage/blob/bdec23fe8d37065c98af0126f9ce34fc9f613958/rage/Cargo.toml#L13

To run rage-keygen.exe you'd use cargo run --bin rage-keygen (or cargo build --release and then ./target/release/rage-keygen.exe).

ChaCha20 never specified that all keys should start with "age" .

This tool is not a ChaCha20 encryption library. This is an age encryption tool, following the age specification which has its own key format. In particular, native age keys are based on X25519 for public key encryption; using symmetric keys directly would not enable the use case of encrypting to a recipient without being able to decrypt other files.

As a separate process note, consider this your first and final warning that I do not tolerate abuse in my repositories.