age
Simple and modern file encryption
TLDR
SYNOPSIS
age [-e|-d] [-a] [-i identity] [-r recipient] [-R file] [-o output] [input]
DESCRIPTION
age is a simple, modern file encryption tool with small explicit keys, no config options, and composable with Unix pipes. It's designed as a replacement for GPG with a cleaner interface and fewer footguns.age supports encryption to one or more recipients, passphrase encryption, and can use SSH keys for recipient-based encryption. The format is designed to be simple and auditable.
PARAMETERS
-e, --encrypt
Encrypt input (default operation)-d, --decrypt
Decrypt input-p, --passphrase
Encrypt with passphrase-r, --recipient recipient
Encrypt to recipient public key (repeatable).-R, --recipients-file file
Read recipients from file, one per line (repeatable).-i, --identity identity
Identity (private key) file for decryption (repeatable). May also be used with -e for SSH or encrypted identities.-o file
Output file (default: stdout)-a, --armor
Use ASCII armored format
CAVEATS
age does not sign files; use age + signify or minisign for authenticated encryption. Keys are not interchangeable with GPG keys. No built-in key management; keys are just files.
HISTORY
age was designed by Ben Cartwright-Cox and Filippo Valsorda and first released in 2019. It was created to address the complexity and usability issues of GPG while providing a secure, simple encryption tool suitable for modern use cases.
SEE ALSO
age-keygen(1), gpg(1), ssh-keygen(1)