From b4cdeef465ea10df5bd89f1c743519b68a2001be Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <hi@filippo.io>
Date: Tue, 23 Dec 2025 22:23:18 +0100
Subject: [PATCH] cmd/age: accept leading whitespace before armored data

It was already accepted by the API, but the CLI did not handle it while
peeking to detect armored input.
---
 cmd/age/age.go              |  4 +++-
 cmd/age/testdata/armor.txt  | 21 +++++++++++++++++++++
 internal/inspect/inspect.go |  5 ++++-
 3 files changed, 28 insertions(+), 2 deletions(-)
 create mode 100644 cmd/age/testdata/armor.txt

diff --git a/cmd/age/age.go b/cmd/age/age.go
index e703fba..2ff0a8c 100644
--- a/cmd/age/age.go
+++ b/cmd/age/age.go
@@ -481,7 +481,9 @@ func decrypt(identities []age.Identity, in io.Reader, out io.Writer) {
 			"consider using -o or -a to encrypt files in PowerShell")
 	}
 
-	if start, _ := rr.Peek(len(armor.Header)); string(start) == armor.Header {
+	const maxWhitespace = 1024
+	start, _ := rr.Peek(maxWhitespace + len(armor.Header))
+	if strings.HasPrefix(string(bytes.TrimSpace(start)), armor.Header) {
 		in = armor.NewReader(rr)
 	} else {
 		in = rr
diff --git a/cmd/age/testdata/armor.txt b/cmd/age/testdata/armor.txt
new file mode 100644
index 0000000..d977f5b
--- /dev/null
+++ b/cmd/age/testdata/armor.txt
@@ -0,0 +1,21 @@
+age -d -i key.txt armored_with_leading_and_trailing_whitespace.txt
+stdout test
+
+-- key.txt --
+# created: 2025-12-23T22:21:12+01:00
+# public key: age15w9kgvgggmfra4sz6vk39kz4mveuq2sfv5vmcu090y0k2sluepaqv7z2fv
+AGE-SECRET-KEY-18J6FVYJE2AFSJ0RPH6M29GMUU62UVRSCNWUJZSGETH6R38Q5AZ3S2DHAZ9
+
+-- armored_with_leading_and_trailing_whitespace.txt --
+
+   
+
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5ODhFNHR6RVg0SGVHZFBM
+clBEclEzZ3NvOGhqVE9tcFZnbTc2c3R5a0Q4ClZjVzBLNjdxRElZV3E0Z3ZpZ255
+T3JWTFBHRFA2cytpWWtkeU45dDRadmcKLS0tIHV3L3hOVmJjL0hMRXBQa05lMlRs
+ZW45TndPeE9GcmRNeWFkR3YxeHg0YzQKJBp6KRlFFUE8jbAQUBlcAwaaQcPAflJD
+pWGoOjYP33gTxJHNPg==
+-----END AGE ENCRYPTED FILE-----
+
+   
diff --git a/internal/inspect/inspect.go b/internal/inspect/inspect.go
index 9e63447..abcd1e3 100644
--- a/internal/inspect/inspect.go
+++ b/internal/inspect/inspect.go
@@ -5,6 +5,7 @@ import (
 	"bytes"
 	"fmt"
 	"io"
+	"strings"
 
 	"filippo.io/age/armor"
 	"filippo.io/age/internal/format"
@@ -38,7 +39,9 @@ func Inspect(r io.Reader, fileSize int64) (*Metadata, error) {
 
 	tr := &trackReader{r: r}
 	br := bufio.NewReader(tr)
-	if start, _ := br.Peek(len(armor.Header)); string(start) == armor.Header {
+	const maxWhitespace = 1024
+	start, _ := br.Peek(maxWhitespace + len(armor.Header))
+	if strings.HasPrefix(string(bytes.TrimSpace(start)), armor.Header) {
 		r = armor.NewReader(br)
 		data.Armor = true
 	} else {