age,cmd/age: improve error messages for mixed up identities/recipients

Not sure why ParseRecipients was hiding errors, when ParseIdentities doesn't. For #643
2026-01-07 12:35:14 +00:00 · 2025-12-23 23:21:04 +01:00
parent 2e0f1efe4d
commit 44a4fcc27b
2 changed files with 7 additions and 3 deletions
--- a/cmd/age/parse.go
+++ b/cmd/age/parse.go
@@ -91,6 +91,9 @@ func parseRecipientsFile(name string) ([]age.Recipient, error) {
 				warningf("recipients file %q: ignoring unsupported SSH key of type %q at line %d", name, t, n)
 				continue
 			}
+			if strings.HasPrefix(line, "AGE-") {
+				return nil, fmt.Errorf("%q: error at line %d: apparent identity found in recipients file", name, n)
+			}
 			// Hide the error since it might unintentionally leak the contents
 			// of confidential files.
 			return nil, fmt.Errorf("%q: malformed recipient at line %d", name, n)
@@ -235,6 +238,9 @@ func parseIdentities(f io.Reader) ([]age.Identity, error) {
 		}
 		i, err := parseIdentity(line)
 		if err != nil {
+			if strings.HasPrefix(line, "age1") {
+				return nil, fmt.Errorf("error at line %d: apparent recipient found in identities file", n)
+			}
 			return nil, fmt.Errorf("error at line %d: %v", n, err)
 		}
 		ids = append(ids, i)
--- a/parse.go
+++ b/parse.go
@@ -87,9 +87,7 @@ func ParseRecipients(f io.Reader) ([]Recipient, error) {
 		}
 		r, err := parseRecipient(line)
 		if err != nil {
-			// Hide the error since it might unintentionally leak the contents
-			// of confidential files.
-			return nil, fmt.Errorf("malformed recipient at line %d", n)
+			return nil, fmt.Errorf("error at line %d: %v", n, err)
 		}
 		recs = append(recs, r)
 	}