From a36341de15bd08cefa84553f63c529f2a2583047 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <hi@filippo.io>
Date: Tue, 23 Dec 2025 13:06:18 +0100
Subject: [PATCH] cmd/age: improve error message when -i is missing

---
 cmd/age/age.go              | 8 +++++++-
 cmd/age/testdata/scrypt.txt | 5 +++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/cmd/age/age.go b/cmd/age/age.go
index 59b4aa1..e703fba 100644
--- a/cmd/age/age.go
+++ b/cmd/age/age.go
@@ -466,7 +466,7 @@ func decryptPass(in io.Reader, out io.Writer) {
 	identities := []age.Identity{
 		// If there is an scrypt recipient (it will have to be the only one and)
 		// this identity will be invoked.
-		&LazyScryptIdentity{passphrasePromptForDecryption},
+		lazyScryptIdentity,
 	}
 
 	decrypt(identities, in, out)
@@ -492,6 +492,10 @@ func decrypt(identities []age.Identity, in io.Reader, out io.Writer) {
 		errorWithHint(err.Error(),
 			fmt.Sprintf("you might want to install the %q plugin", e.Name),
 			"visit https://age-encryption.org/awesome#plugins for a list of available plugins")
+	} else if errors.As(err, new(*age.NoIdentityMatchError)) &&
+		len(identities) == 1 && identities[0] == lazyScryptIdentity {
+		errorWithHint("the file is not passphrase-encrypted, identities are required",
+			"specify identities with -i/--identity or -j to decrypt this file")
 	} else if err != nil {
 		errorf("%v", err)
 	}
@@ -501,6 +505,8 @@ func decrypt(identities []age.Identity, in io.Reader, out io.Writer) {
 	}
 }
 
+var lazyScryptIdentity = &LazyScryptIdentity{passphrasePromptForDecryption}
+
 func passphrasePromptForDecryption() (string, error) {
 	pass, err := readSecret("Enter passphrase:")
 	if err != nil {
diff --git a/cmd/age/testdata/scrypt.txt b/cmd/age/testdata/scrypt.txt
index 9329885..5e48473 100644
--- a/cmd/age/testdata/scrypt.txt
+++ b/cmd/age/testdata/scrypt.txt
@@ -42,6 +42,11 @@ ttyin wrong
 stderr 'passphrases didn''t match'
 ! exists fail.age
 
+# fail when -i is missing
+age -r age1xmwwc06ly3ee5rytxm9mflaz2u56jjj36s0mypdrwsvlul66mv4q47ryef -o test.age input
+! age -d test.age
+stderr 'file is not passphrase-encrypted, identities are required'
+
 -- terminal --
 password
 password