How to Use the Command 'age' (with Examples)

How to Use the Command 'age' (with Examples)

Age is a lightweight, modern, and secure file encryption tool designed for simplicity and reliability. It allows users to effortlessly encrypt and decrypt files, making it ideal for individuals or organizations that need to securely store or transmit sensitive data. Age integrates seamlessly with public and private key pairs, ensuring that data remains protected from unauthorized access.

Use Case 1: Generate an Encrypted File that Can be Decrypted with a Passphrase

Code:

age --passphrase --output path/to/encrypted_file path/to/unencrypted_file

Motivation:

Using a passphrase to encrypt a file is a straightforward method for securing data when a user prefers not to manage public and private keys. This method is particularly useful for personal use or small-scale projects where simplicity and ease of use are paramount. It allows for secure file sharing without the need to exchange cryptographic keys, which can sometimes be a hassle to manage.

Explanation:

  • age: The command that initiates the age encryption process.
  • --passphrase: This flag indicates that the encryption should be done using a passphrase. The user will be prompted to enter a passphrase, which will be used to derive a key for encrypting the file.
  • --output path/to/encrypted_file: Specifies the path where the encrypted file will be stored. It directs age to write the encrypted data into this file.
  • path/to/unencrypted_file: This is the file that you want to encrypt. It contains the plaintext data you wish to protect.

Example Output:

Upon executing the command, age will prompt for a passphrase. Once the passphrase is entered, it encrypts the file and produces an encrypted file at the specified output location, without displaying any output messages, maintaining the confidentiality of your file.

Use Case 2: Encrypt a File with One or More Public Keys Entered as Literals

Code:

age --recipient public_key --output path/to/encrypted_file path/to/unencrypted_file

Motivation:

This use case is critical when data needs to be shared securely with specific individuals. By using public keys, you ensure that only recipients who possess the corresponding private keys can decrypt the data, providing a high level of security and control over who can access the information.

Explanation:

  • --recipient public_key: Here, a public key is provided directly in the command line. This key is used to encrypt the file in such a way that only the holder of the corresponding private key can decrypt it. This flag can be repeated to specify multiple recipients.
  • --output path/to/encrypted_file: Directs where the encrypted data will be saved.
  • path/to/unencrypted_file: Specifies the original file that needs encryption.

Example Output:

The command encrypts the file and places the encrypted version in the specified location. There might not be any on-screen output, but the security of knowing that only designated key holders can access the file is the real result.

Use Case 3: Encrypt a File to One or More Recipients with Their Public Keys Specified in a File

Code:

age --recipients-file path/to/recipients_file --output path/to/encrypted_file path/to/unencrypted_file

Motivation:

When sharing sensitive information with numerous recipients, managing multiple public keys in a file is convenient. It simplifies the encryption process by maintaining a list of public keys, making mass communication more manageable and reducing the complexity inherent when multiple recipients are involved.

Explanation:

  • --recipients-file path/to/recipients_file: Points to a file containing a list of public keys (one per line). This setup is convenient for sharing encrypted data with multiple parties.
  • --output path/to/encrypted_file: Indicates where the encrypted file should be saved.
  • path/to/unencrypted_file: The original data file that is to be encrypted.

Example Output:

The process concludes with an encrypted file saved at the designated output path. The encryption process ensures that each recipient listed can independently decrypt the information using their private key.

Use Case 4: Decrypt a File with a Passphrase

Code:

age --decrypt --output path/to/decrypted_file path/to/encrypted_file

Motivation:

Decrypting a file with a passphrase is essential for accessing data that was previously secured without the need for more complex key management. It’s a practical method for users who opted for passphrase encryption, providing a straightforward way to regain access to their protected information.

Explanation:

  • --decrypt: This flag specifies that the operation to be performed is decryption, reversing the encryption process.
  • --output path/to/decrypted_file: Denotes where the decrypted file will be saved upon successful decryption.
  • path/to/encrypted_file: Specifies the encrypted file to be decrypted.

Example Output:

When executed, the command will prompt for the passphrase and, if correct, decrypt the file. The decrypted content is then written to the specified output path.

Use Case 5: Decrypt a File with a Private Key File

Code:

age --decrypt --identity path/to/private_key_file --output path/to/decrypted_file path/to/encrypted_file

Motivation:

For users who have encrypted files using public keys, decrypting with a private key ensures that only authorized holders can access the content. This approach is critical for maintaining the confidentiality of shared data in a professional or organizational environment.

Explanation:

  • --decrypt: Indicates that decryption is to be performed.
  • --identity path/to/private_key_file: Specifies the private key file to be used in the decryption process. This key must correspond to one of the public keys used during encryption.
  • --output path/to/decrypted_file: The location where the resulting decrypted file should be saved.
  • path/to/encrypted_file: The encrypted file that needs decryption.

Example Output:

The use of the private key will decrypt the file, saving the plaintext version to the specified output file. The process assures that only those with the correct private key can access the content, as designed.

Conclusion:

The age command provides robust tools for securing files through encryption and decryption. Whether using simple passphrases or managing public and private keys, age ensures that your data is protected and accessible only by authorized users. Each use case highlighted here serves as a step-by-step guide to safeguard files in different scenarios, offering a secure, user-friendly solution for data encryption needs.

Tags :

Related Posts

How to Use the Command 'netstat' (with Examples)

How to Use the Command 'netstat' (with Examples)

The netstat command is a powerful utility in Unix-like operating systems that displays network-related information such as open connections, routing tables, interface statistics, masquerade connections, and multicast memberships.

Read More
How to Use the Command 'find' (with examples)

How to Use the Command 'find' (with examples)

The find command is a powerful and versatile tool used in Unix and Unix-like operating systems to search for files and directories within a directory hierarchy.

Read More
How to use the command 'encfs' (with examples)

How to use the command 'encfs' (with examples)

EncFS is a user-space cryptographic filesystem that provides an encrypted, virtualized layer on top of existing files and directories.

Read More