mirrors/age
1
0
Fork 0
mirror of https://github.com/FiloSottile/age.git synced 2025-12-23 05:25:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

cmd/age: reject passphrase-encrypted files if -i is used

Browse Source 
Passphrase-encrypted files make age(1) block, which would be unexpected
when decrypting files in a script using -i.
This commit is contained in:
Filippo Valsorda
2022-04-26 20:37:10 +02:00
parent 5824a13b57
commit 56f6acca37
2 changed files with 43 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
doc/age.1.ronn
View File

@@ -13,13 +13,13 @@ age(1) -- simple, modern, and secure file encryption
optional and defaults to standard input. Only a single <INPUT> file may be
specified. If `-o` is not specified, <OUTPUT> defaults to standard output.
If `--passphrase` is specified, the file is encrypted with a passphrase
If `-p`/`--passphrase` is specified, the file is encrypted with a passphrase
requested interactively. Otherwise, it's encrypted to one or more
[RECIPIENTS][RECIPIENTS AND IDENTITIES] specified with `-r`/`--recipient` or
`-R`/`--recipients-file`. Every recipient can decrypt the file.
In `--decrypt` mode, passphrase-encrypted files are detected automatically and
the passphrase is requested interactively. Otherwise, one or more
In `-d`/`--decrypt` mode, passphrase-encrypted files are detected automatically
and the passphrase is requested interactively. Otherwise, one or more
[IDENTITIES][RECIPIENTS AND IDENTITIES] specified with `-i`/`--identity` are
used to decrypt the file.
@@ -111,9 +111,10 @@ overhead per recipient, plus 16 bytes every 64KiB of plaintext.
d\. "`-`", causing one of the options above to be read from standard input.
In this case, the <INPUT> argument must be specified.
This option can be repeated. Identities are tried in the order in which
are provided, and the first one matching one of the file's recipients is
used. Unused identities are ignored.
This option can be repeated. Identities are tried in the order in which are
provided, and the first one matching one of the file's recipients is used.
Unused identities are ignored, but it is an error if the <INPUT> file is
passphrase-encrypted and `-i`/`--identity` is specified.
If `-e`/`--encrypt` is explicitly specified (to avoid confusion),
`-i`/`--identity` may also be used to encrypt to the `RECIPIENTS`