Any plans to support age?

Are there any plans to support age in future?

It tries to solve a lot of things where gpg has a steeper learning curve. For example you could encrypt to any SSH public key as recipient.

As it is very easy to use and there is also a rust implementation and it seems to support plugins to offload ed25519 operations on hardware token, it would be future proof choice for encryption.

Could be nice combined with a pkcs11 plugin or with a plugin for Nitrokey 3 maybe?

3 Likes

Interesting,

haven’t seen age yet … pun intended :nerd_face:
best-case would be to verify that the pkcs#11 plugin via opensc works with it,
I put it on the list for interesting topics for the devblog.

best

That would be an interesting feature in combination with the HSM, as we have key attestation to validate the public key.

A recipient could generate an EC key pair and provide the attestation chain to the sender. Based on the device id, the sender could fingerprint the public key and encrypt to it.

With key domains one could even manage a group of people with access to the private key for decryption.

2 Likes

Nitrokey 3 now also supports age with help of a github.com/olastor/age-plugin-fido2-hmac.

However, an asymmetric encryption using opcard-rs would be more secure as the encryption key only gets derived using fido2-hmac and leaves the token.