age is a command-line tool that encrypts files. These files are binary, add around 200 bytes of overhead per recipient, together with 16 bytes every 64K of plaintext.
One of the tool’s virtues is that it’s extremely simple. There’s a concise help page and a manual page is also available. Here’s the help page which succinctly summarizes the main options available together with a few examples.
Let’s summarise the features:
- No configuration options.
- Small explicit keys with optional textual keyrights.
- Support for public/private key pairs and passwords, with multiple recipients. Every recipient will be able to decrypt the file.
- Support for encrypted identity files.
- Passphrases – files can be encrypted with a secure passphrase. Passphrase protected files are automatically detected at decrypt time.
- ASCII armored format – PEM encoded, the most common format for X.509 certificates, CSRs, and cryptographic keys.
- Encrypt to SSH keys, with built-in GitHub .keys support.
- Supports encrypting to ssh-rsa and ssh-ed25519 SSH public keys, and decrypting with the respective private key file. However, the recommended key types are age native keys.