This fork implements experimental support for age as an alternative encryption mechanism.
PGP is still supported. Encryption engine can be selected with -encryption-engine
flag, with possible values of pgp
and age
. Note that -keyring
and -secret-keyring
file format must correspond to the selected encryption engine (PGP
keyrings for PGP, recipient files for age.).
The reason behind that implementation was cumbersome handling of PGP keyrings with gpg
,
lack of maintainers/deprecation of golang.org/x/crypto/openpgp
and general problems with PGP.
Notably, some standalone tools exist for the purpose of PGP keys management, like gpg-tui.
For more information about age
, keys management etc., check https://github.com/FiloSottile/age.
You can use crypt as a command line tool or as a configuration library:
Watch Kelsey explain crypt
in this quick 5 minute video:
The crypt cli and config package require gpg keyrings.
vim app.batch
%echo Generating a configuration OpenPGP key
Key-Type: default
Subkey-Type: default
Name-Real: app
Name-Comment: app configuration key
Name-Email: [email protected]
Expire-Date: 0
%pubring .pubring.gpg
%secring .secring.gpg
%commit
%echo done
Run the following command:
gpg2 --batch --armor --gen-key app.batch
You should now have two keyrings, .pubring.gpg
which contains the public keys, and .secring.gpg
which contains the private keys.
Note the private key is not protected by a passphrase.