rage

Encrypt a file for user and save it to message.age

$ echo "[Your secret message]" | rage --encrypt --recipient [user] --output [path/to/message.age]

$ rage --decrypt --identity [path/to/identity_file] --output [message]

rage [OPTIONS] [FILE...]
rage -d [OPTIONS] [FILE...]

-e, --encrypt
    Encrypts the input (this is the default behavior).

-d, --decrypt
    Decrypts the input.

-o FILE, --output FILE
    Writes the output to the specified FILE instead of standard output.

-a, --armor
    Encodes the encrypted output in a PEM-encoded armored format, making it suitable for text-based transmission.

-r RECIPIENT, --recipient RECIPIENT
    Specifies a recipient for encryption. This can be an age public key (e.g., age1...) or an SSH public key.

-i FILE, --identity FILE
    Specifies an identity file (private key) for decryption. This can be an age identity file or an SSH private key.

-p, --passphrase
    Uses a passphrase for encryption or decryption, prompting interactively for the passphrase.

--pinentry
    Uses pinentry for passphrase or identity input, providing a secure graphical prompt for credentials.

--ssh-key-path PATH
    Adds a directory or file to search for SSH private keys for decryption, useful for custom key locations.

rage is a modern command-line tool for encrypting and decrypting files and streams, fully compatible with the age file format. Written in Rust, it aims to provide a simple, secure, and robust encryption solution. It supports multiple recipient types, including X25519 public keys for secure key exchange, SSH public keys for convenient integration with existing infrastructure, and passphrase-based encryption for simple use cases. rage prioritizes secure defaults and forward secrecy, making it a reliable choice for protecting sensitive data. It can be used for securely sharing files, backing up data, or encrypting arbitrary streams of bytes. Its design focuses on ease of use while adhering to strong cryptographic principles.

rage uses the age file format, which is intentionally distinct from PGP/GPG. Consequently, files encrypted with age cannot be decrypted by GPG, and vice-versa. Users should be aware of this ecosystem difference. The overall security of encrypted data depends heavily on the secure management of private keys or passphrases; their loss or compromise will lead to data loss or unauthorized access. Unlike GPG, there is no inherent "web of trust"; recipients must be explicitly specified.

For passphrase-based encryption, rage utilizes scrypt, a computationally intensive key derivation function, to protect against brute-force attacks on the passphrase. This significantly increases the effort required for an attacker to guess the passphrase, enhancing security.

When encrypting with X25519 recipients, rage incorporates forward secrecy. This cryptographic property ensures that even if a recipient's long-term private key is compromised in the future, past communications encrypted with that key remain secure because a unique, ephemeral key is generated for each encryption operation.

The age encryption format was developed by Filippo Valsorda with the goal of creating a simple, modern, and secure alternative to older, more complex formats like PGP. rage is a popular and actively maintained Rust implementation of the age specification. It emerged as a performant and reliable command-line tool, quickly gaining traction for its ease of use, robust design, and adherence to strong cryptographic principles, becoming a preferred choice for age encryption in the Linux ecosystem and beyond.

age(1), gpg(1), ssh(1)