mirrors/age
1
0
Fork 0
mirror of https://github.com/FiloSottile/age.git synced 2026-01-08 13:01:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
378 Commits 4 Branches 18 Tags
main
Commit Graph

147 Commits

Author SHA1 Message Date
Filippo Valsorda
e4c611f778 cmd,extra: restore the Version link-time variable 
We don't need it in our builds, but it's useful for downstream packagers.

Fixes #671
Updates NixOS/nixpkgs#474666
Updates golang/go#77020
 2025-12-28 12:49:37 +01:00
Filippo Valsorda
b70af41215 cmd/age: don't output binary plaintext to terminal 
Closes #626
 2025-12-26 23:16:25 +01:00
Filippo Valsorda
abe371e157 all: run "go fix" 2025-12-25 20:48:28 +01:00
Filippo Valsorda
92ac13f51c plugin: add NewTerminalUI 
Closes #611
Closes #591

Co-authored-by: Nicolas Dumazet <nicdumz.commits@gmail.com>
 2025-12-24 17:17:50 +01:00
Filippo Valsorda
41167479ce doc: include warning in age-plugin-batchpass(1) 2025-12-24 12:35:15 +01:00
Filippo Valsorda
db8ed63595 cmd/age-plugin-batchpass: add detailed warning 2025-12-24 12:10:43 +01:00
Filippo Valsorda
f1cc23a3f6 cmd: move compatibility plugins to extra/ directory 2025-12-24 02:40:29 +01:00
Filippo Valsorda
50a81fd5a9 cmd/age-plugin-batchpass: plugin for non-interactive passphrase encryption 
Fixes #603
Closes #641
Closes #520
Updates #256
Updates #182
Updates #257
Updates #275
Updates #346
Updates #386
Updates #445
Updates #590
Updates #572
 2025-12-24 02:27:54 +01:00
Filippo Valsorda
44a4fcc27b age,cmd/age: improve error messages for mixed up identities/recipients 
Not sure why ParseRecipients was hiding errors, when ParseIdentities
doesn't.

For #643
 2025-12-23 23:26:16 +01:00
Filippo Valsorda
2e0f1efe4d age,cmd/age: detect invalid UTF-8 in identity and recipient files 
For #663
 2025-12-23 23:06:00 +01:00
Filippo Valsorda
b4cdeef465 cmd/age: accept leading whitespace before armored data 
It was already accepted by the API, but the CLI did not handle it while
peeking to detect armored input.
 2025-12-23 22:23:41 +01:00
Simone Ragusa
6aae5b48ea cmd/age: fix terminal escape sequences on Windows 
If possible, we enable virtual terminal processing, which is necessary
for using terminal escape sequences on instances of the Windows Console.
When enabling virtual terminal processing fails, we completely avoid
using escape sequences to prevent weird characters to be printed to the
console.

Fixes #474
Closes #475

Co-authored-by: Filippo Valsorda <hi@filippo.io>
 2025-12-23 22:12:19 +01:00
Filippo Valsorda
d36e4ce2c7 cmd/age-inspect: new command 
Fixes #56
Closes #501
 2025-12-23 21:39:39 +01:00
Filippo Valsorda
ca8a69b1b6 age: improve error on empty files 
Fixes #416
 2025-12-23 15:22:55 +01:00
Filippo Valsorda
a36341de15 cmd/age: improve error message when -i is missing 2025-12-23 13:11:49 +01:00
Filippo Valsorda
9795b63263 cmd/age,plugin: add plugin.NotFoundError and CLI hint 
Fixes #486
 2025-12-23 13:11:49 +01:00
Filippo Valsorda
0d5b598cd0 cmd/age: warn about duplicate command-line arguments 
Fixes #284
 2025-12-22 22:08:21 +01:00
Filippo Valsorda
ad7bb569eb cmd/age: fix testscript setup races 2025-12-22 19:41:12 +01:00
Filippo Valsorda
ed44098807 all: upgrade dependencies 
Closes #610
 2025-12-22 19:41:12 +01:00
Filippo Valsorda
de158f906b cmd/age-plugin-tag,cmd/age-plugin-tagpq: new backward compatibility plugins 2025-12-22 19:41:12 +01:00
Filippo Valsorda
c6fcb5300c age,cmd/age,cmd/age-keygen: add post-quantum hybrid keys 2025-12-22 19:41:12 +01:00
Filippo Valsorda
e2d30695f2 cmd/age,tag: implement age1tagpq1.../p256mlkem768tag recipients 
Test vectors generated from hpkewg/hpke-pq@19adaeb (hpkewg/hpke-pq#28 +
hpkewg/hpke-pq#32) and cfrg/draft-irtf-cfrg-concrete-hybrid-kems@1bbca40
(cfrg/draft-irtf-cfrg-concrete-hybrid-kems#16), plus the following diff:

diff --git a/reference-implementation/src/bin/generate.rs b/reference-implementation/src/bin/generate.rs
index 25e32e5..bc8f209 100644
--- a/reference-implementation/src/bin/generate.rs
+++ b/reference-implementation/src/bin/generate.rs
@@ -26,6 +26,15 @@ fn generate_test_vectors() -> TestVectors {
     // 5. QSF-P384-MLKEM1024 + SHAKE256 + AES-256-GCM
     vectors.push(TestVector:🆕:<QsfP384MlKem1024, Shake256, Aes256Gcm>());
 
+    vectors = TestVectors::new();
+
+    // age1pq - xwing
+    vectors.push(TestVector:🆕:<QsfX25519MlKem768, HkdfSha256, ChaChaPoly>());
+    // age1tag - p256tag
+    vectors.push(TestVector:🆕:<DhkemP256HkdfSha256, HkdfSha256, ChaChaPoly>());
+    // age1tagpq - p256mlkem768tag
+    vectors.push(TestVector:🆕:<QsfP256MlKem768, HkdfSha256, ChaChaPoly>());
+
     vectors
 }
 
diff --git a/reference-implementation/src/test_vectors.rs b/reference-implementation/src/test_vectors.rs
index 24335aa..4134fb5 100644
--- a/reference-implementation/src/test_vectors.rs
+++ b/reference-implementation/src/test_vectors.rs
@@ -369,6 +369,10 @@ impl TestVector {
             (0x0051, 0x0011, 0x0002) => self.v::<QsfP384MlKem1024, Shake256, Aes256Gcm>(),
             (0x0051, 0x0011, 0xffff) => self.v::<QsfP384MlKem1024, Shake256, ExportOnly>(),
 
+            // age pq combinations
+            (0x647a, 0x0001, 0x0003) => self.v::<QsfX25519MlKem768, HkdfSha256, ChaChaPoly>(),
+            (0x0050, 0x0001, 0x0003) => self.v::<QsfP256MlKem768, HkdfSha256, ChaChaPoly>(),
+
             _ => Err(format!(
                 "Unsupported algorithm combination: KEM={:#x}, KDF={:#x}, AEAD={:#x}",
                 self.kem_id, self.kdf_id, self.aead_id
 2025-12-22 19:41:12 +01:00
Filippo Valsorda
e9295dd867 cmd/age,tag: implement age1tag1.../p256tag recipients 
See C2SP/C2SP#156
 2025-12-22 19:41:12 +01:00
Filippo Valsorda
acab3e5c9f plugin: add framework to implement plugins (#580) 
Fixes #485
 2025-12-07 20:10:01 +01:00
Filippo Valsorda
ae74b61b59 cmd/age,internal/stream: improve error messages 2025-12-07 20:01:09 +01:00
Thibault
f882f40aa3 cmd/age: echo terminal input for public plugin prompts 2025-12-07 18:59:13 +01:00
Filippo Valsorda
20eba7e285 cmd/age,cmd/age-keygen: remove unnecessary injected Version 
golang/go#50603 started stamping the VCS tag version.
 2025-12-07 16:24:46 +01:00
Filippo Valsorda
482cf6fc9b plugin: restrict characters in plugin names 
Thanks to ⬡-49016 for reporting this issue.

Fixes GHSA-32gq-x56h-299c
 2024-12-18 16:01:18 +01:00
Alexander Yastrebov
cda3988cc7 all: fix staticcheck warnings (#589) 
Co-authored-by: Filippo Valsorda <github@bip.filippo.io>
 2024-12-18 15:55:57 +01:00
Filippo Valsorda
bd0511b415 cmd/age: detect output/input file reuse when possible 
Fixes #491
 2024-06-16 14:40:13 +02:00
Filippo Valsorda
febaaded87 cmd/age: create file for empty decryptions 
Fixes #555
Updates #159
Updates #57
 2024-06-16 13:55:32 +02:00
Filippo Valsorda
93055632ad cmd/age: fix FreeBSD tests 2023-08-06 19:39:31 +02:00
Filippo Valsorda
9fd564d543 .github/workflows: update and fix CI 2023-08-06 18:29:16 +02:00
Filippo Valsorda
c89f0b932e age,plugin: add RecipientWithLabels 2023-08-05 21:34:47 +02:00
Filippo Valsorda
dd733c5c0f cmd/age: grease the client-controlled plugin phases 2023-08-05 21:34:14 +02:00
Filippo Valsorda
6976c5fca5 plugin: expose package 2023-08-05 21:34:14 +02:00
Filippo Valsorda
8e3f74c283 cmd/age: deflake TestScript and update testscript 2023-01-02 13:34:35 +01:00
Filippo Valsorda
5471e05672 Revert "all: temporarily disable testscript tests" 
This reverts commit 90a446549a.
 2022-12-29 21:53:31 +01:00
Filippo Valsorda
c6dcfa1efc all: temporarily disable testscript tests 
They require a replace directive that breaks "go install". Will revert
this after tagging a new latest release.
 2022-12-26 15:36:58 -05:00
Filippo Valsorda
7354aa0d08 internal/bech32: remove data length limit 
Fixes #453
 2022-12-23 12:28:06 +01:00
Filippo Valsorda
36ae5671cf cmd/age: buffer armored ciphertext before prompting 
A partial solution, still missing bracketed paste support.

Updates #364
 2022-07-12 22:30:19 +02:00
Filippo Valsorda
8a02f4801f cmd/age: improve terminal-related testscripts 2022-07-12 22:26:51 +02:00
Filippo Valsorda
e41463e117 cmd/age: fix autogenerated password log line 
The newline was dropped in 0ab5c73.
 2022-07-12 22:26:51 +02:00
Filippo Valsorda
0ab5c738fb cmd/age: ensure TUI output goes all to the terminal 2022-07-03 12:48:48 +02:00
Filippo Valsorda
de7c1fb565 agessh: support PKCS#8-encoded Ed25519 private keys 
OpenSSH never generated them (unencrypted, and golang.org/x/crypto/ssh
doesn't support encrypted PKCS#8 for now, so the encrypted_keys.go
change is technically superfluous) but there are other systems that
produce them (for example, 1Password). Unfortunately, ParseRawPrivateKey
returns a value type for PKCS#8 and a pointer type for the OpenSSH
format (golang/go#51974), so we need to handle both.

Fixes #429
 2022-07-03 12:48:48 +02:00
Filippo Valsorda
92fb4d508c agessh: properly detect public key mismatch for encrypted keys 2022-07-03 12:48:48 +02:00
Filippo Valsorda
331b242a9c cmd/age: add scrypt testscript 2022-07-03 12:48:48 +02:00
Filippo Valsorda
c50f1ae2e1 cmd/age: replace tests with testscript 2022-06-21 12:41:38 +01:00
Filippo Valsorda
92713afd1e tests: add scrypt tests and move Go files from testdata 2022-06-15 20:38:59 +02:00
Filippo Valsorda
787044bdb6 testdata: convert last chunk tests to testkit 2022-06-15 19:38:18 +02:00