age
File encryption tool with small explicit keys, post-quantum support, and UNIX-style composability.
age is a file encryption tool that uses small explicit keys and follows UNIX composition principles. It generates compact public keys (age1...) and encrypts files using the ChaCha20-Poly1305 algorithm. The tool supports multiple recipients, allowing files to be encrypted to several public keys simultaneously using the -r flag or recipient files with -R.
The tool includes post-quantum cryptographic support through hybrid keys that combine traditional elliptic curve cryptography with post-quantum algorithms like ML-KEM-768. Post-quantum keys use the age1pq1... format and provide protection against future quantum computer attacks. Files encrypted with post-quantum keys are compatible across age implementations that support the plugin system.
age integrates with existing SSH infrastructure by accepting ssh-rsa and ssh-ed25519 public keys as recipients. This allows encrypting files directly to SSH keys from GitHub profiles or local ~/.ssh directories. The tool also supports passphrase-based encryption with automatic secure passphrase generation, and can use passphrase-protected identity files for scenarios where the key file itself needs protection. The age-inspect command provides metadata analysis of encrypted files without decryption, showing recipient types, post-quantum usage, and size breakdowns.
Installation
# via Homebrew
brew install age
# via APT
apt install age
# via Go
go install filippo.io/age/cmd/...@latest