age-keygen

Generate a new key pair

$ age-keygen

$ age-keygen -o [key.txt]

$ age-keygen -y [~/.ssh/id_ed25519]

age-keygen [-o file] [-y]

age-keygen generates X25519 key pairs for use with the age encryption tool. The private key (identity) is printed to stdout or written to a file, while the public key is included as a comment in the output.
The generated keys are simple text strings: public keys start with "age1" and private keys start with "AGE-SECRET-KEY-1".

-o file

Write key to file instead of stdout

Convert existing key to age format (print public key)

Keep the private key secret; anyone with it can decrypt files meant for you. There's no key revocation mechanism. Back up your keys securely. The -y flag requires an ed25519 SSH key or age private key.

age-keygen was released alongside age in 2019 by Filippo Valsorda. It provides a minimal key generation tool that follows the same design philosophy as age itself: simple, secure, and with no unnecessary options.

age(1), ssh-keygen(1), gpg(1)