Comments (27)
I made this for now: https://github.com/schollz/age/ but I'd rather not have to merge upstream to keep it up to date, so it would be nice if this repo is the library.
@FiloSottile, do you plan on having this repo be used as a library?
from age.
It's out! There is now a Go API for age!
https://pkg.go.dev/filippo.io/[email protected]
https://pkg.go.dev/filippo.io/[email protected]/agessh
https://pkg.go.dev/filippo.io/[email protected]/armor
Still in beta so we can fix it if we realize I made some horrible mistake (let me know!) but otherwise I expect it to be pretty stable (and probably to grow an EncryptWithOptions
later).
from age.
Hey folks, sorry for taking so long, I am indeed preparing to expose an API and would love some feedback on the current plan which is to expose the age, agessh, and armor packages!
(Sorry for not just taking #120, but you won't be surprised to learn I have strong opinions on APIs :))
from age.
@ovalseven8 That's great! I should have been more specific - I'm actually wondering if this implementation (filippo.io/age
) is meant to serve as the Go library.
from age.
Exposing age as a library would very much benefit building mobile apps with good encryption through gomobile!
from age.
FYI https://twitter.com/FiloSottile/status/1262279790377291776?s=20
from age.
Thanks for the initial API draft. It's a nice and clean API that seems to provide anything that gopass needs.
Some questions:
- What about
EncryptedSSHIdentity
for encrypted SSH private keys? This would need to be handled by the caller? - Any thoughts about Agent support, e.g. yubikey-agent?
- What about the hard coded recipient limit (20)? Any chance of raising / exposing this?
from age.
According to the age
documentation it's intended to be a library:
This is a design for a simple file encryption CLI tool, Go library, and format.
from age.
perhaps we're just getting caught by the 1.4/1.5 design stricture? If internal
was renamed to library
or impl
would that change the intention of the project?
from age.
@xt0fer exactly, any name change would allow it to be used as a library. However it was probably purposely done to be internal
, just wanted to double check
from age.
I'd welcome this for attempting to compile this under TamaGo (https://github.com/inversepath/tamago).
from age.
Is there any word on this? I'd love to avoid shelling out to age if I can avoid it.
from age.
Apologies in advance for not fully understanding the ask here but since 'age' is using the Go crypto library, why would someone then want to have 'age' be a crypto library for use in a Go program?
I guess I would think one would just use the same libs that 'age' uses for their Go program...please help me see what I am missing...
from age.
@cyb3rz3us it's not "just" using the Go crypto package... it's also implementing a specific format.
The simplest (and probably most naΓ―ve) solution to this issue would be to expose all the packages that are currently in https://github.com/FiloSottile/age/tree/master/internal; but I don't think @FiloSottile really wants to do that π...
from age.
Count me in as wanting this all this age goodness as an importable package.
I think internal/age is the only one that needs moving out of the internal/ directory. That's what PR #119 does.
from age.
Thank you for the feedback, all very useful!
- What about
EncryptedSSHIdentity
for encrypted SSH private keys? This would need to be handled by the caller?
It's specifically for decryption deferral, if you are sure you need to decrypt it you can just use the x/crypto/ssh functions to do so. But I guess it is general enough to be useful, so I moved it to agessh, thanks for the suggestion.
- Any thoughts about Agent support, e.g. yubikey-agent?
@str4d and I worked on a plugin support which should make it possible to implement an agent as a plugin.
- What about the hard coded recipient limit (20)? Any chance of raising / exposing this?
Hmm, yeah, this is a great example of something that would be nice to configure. The current API allows neither returning information about the file nor passing options.
from age.
Thanks for the tool and the API nice and clean!
Just a question, any thoughts about to expose in some way the generation of a X25519Identity
using a seed (i.e. exposing the newX25519IdentityFromScalar
) ?
from age.
Just a question, any thoughts about to expose in some way the generation of a
X25519Identity
using a seed (i.e. exposing thenewX25519IdentityFromScalar
) ?
It used to be exposed but I realized it was probably more of a footgun than useful. What's your use case?
from age.
The use case is to encrypt a file using an existing private key derived from a user's password with scrypt.
from age.
from age.
Apologies, I'd have shared more details about the use case.
I'm experimenting with the idea of password manager that allow to generate services' password using a pure function and (optionally) fallback to custom ones where this is not applicable (i.e. imported passwords). Neither the user's password nor the private key are stored, but the last one is used to derive passwords and store some settings along with the custom passwords into an encrypted file.
I know it is an edge case and probably itself could not justify the addition of the new public method :-)
from age.
Neither the user's password nor the private key are stored, but the last one is used to derive passwords and store some settings along with the custom passwords into an encrypted file.
That sounds like it doesn't need a public key, so maybe you can use the ScryptIdentity
/ ScryptRecipient
?
from age.
Indeed, this was my first try too. In this case I'm able to encrypt but still need to generate another private key with scrypt to generate the services' password :(. But this is something related to my project's UX not to age.
Right now I'm using with success agessh
as below:
// error handling omitted for brevity
key, _ := scrypt.Key([]byte(password), salt, 1<<16, 8, 1, 32)
ed25519Key := ed25519.NewKeyFromSeed(key)
ageIdentity, _ := agessh.NewEd25519Identity(ed25519Key)
servicePassword, _ := fn(key, serviceInfo)
from age.
still need to generate another private key with scrypt to generate the services' password
I don't really understand how this is not compatible with ScryptIdentity / ScryptRecipient, you can use the same passphrase, as the salts will be different.
(This is probably a better fit for the mailing list than the issue tracker.)
from age.
Agreed. Moved the discussion to the mailing list. Thanks @FiloSottile
from age.
The API has now been around for a bit, closing this issue!
from age.
Line 38 in 2e09054
use
[]byte
to replace exists arg password string
should be better?from age.
Related Issues (20)
- Age v1.1.0 fails to build with "go install" HOT 3
- Weird characters in place of terminal escape sequences on Windows Console
- plugin: add library support for using and providing plugins HOT 3
- cmd/age: print a better error message when plugins are missing HOT 1
- command '/bin/sh -c go install filippo.io/age/cmd/...@latest' returned a non-zero code: 1 HOT 3
- Using the same file as input and output produces a corrupt result without notice. HOT 4
- Latest release spins CPU HOT 4
- Allow to use a file named - as INPUT HOT 7
- c2sp.org/age-plugin returns 404 Not Found HOT 1
- Age terminates too soon on MacOS HOT 5
- Can this method be used to encrypt movie files? HOT 1
- report unexpected HOT 1
- age: error: failed to wrap key for recipient #0: test plugin: write |1: broken pipe HOT 16
- Plugin receives only one identity or recipient when there are multiple HOT 1
- failed to decrypt and authenticate payload chunk HOT 1
- Documentation bug in /README.md #encrypting-to-a-github-user HOT 1
- Support `sk-ssh` keys HOT 2
- brew install: not a tagged release
- Specified SSH key is not eligible for claiming. Only RSA and Ed25519 keys are supported for proof generation. HOT 9
- Couldn't decrypt with that SSH key, please choose another one. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from age.