age File Encryption Tool

age (Actually Good Encryption) is a free and open-source, simple, modern, and secure file encryption tool and library that uses modern cryptographic best practices by default, with no configuration options for encryption parameters. Created by Filippo Valsorda (a cryptography engineer who previously worked at Google on the Go team and Cloudflare) in 2019, age was designed as a replacement for GPG for file encryption use cases, addressing its complexity, legacy cryptographic choices, and confusing interface. Key features: simplicity: age has a minimal CLI with no configuration options for encryption parameters — all parameters are chosen by the tool using secure defaults. Users only need to specify the recipient. Encryption: uses X25519 (Elliptic Curve Diffie-Hellman) for key agreement, HKDF-SHA-256 for key derivation, and ChaCha20-Poly1305 for authenticated encryption. Each file is encrypted with a random file key wrapped by one or more recipient stanzas. Recipient types: X25519 public keys (age1...), SSH public keys (ssh-rsa, ssh-ed25519), and passphrases (scrypt-based key derivation). Each encryption can target multiple recipients. Identity files: private keys stored in identity files (AGE-SECRET-KEY-1...) that can include comments. Passphrase mode: encrypt files with a passphrase using scrypt for key derivation. Armor mode: ASCII-armored output for embedding in text channels. SSH key support: use existing SSH public keys as recipients. Plugins: extensible recipient plugin system (age-plugin-yubikey for hardware keys). SSH agent integration. Cross-platform: Go binary for Linux, macOS, Windows, FreeBSD. BSD-3-Clause.