age
File encryption tool with small explicit keys, post-quantum support, and SSH key compatibility
age is a file encryption tool and format that provides a simpler alternative to GPG for encrypting files and data streams. It generates compact public keys (starting with 'age1...') and supports encryption to multiple recipients, allowing any recipient to decrypt the file. The tool integrates with SSH keys, enabling encryption to existing SSH public keys and decryption with SSH private keys.
The tool supports post-quantum encryption through hybrid keys that resist future quantum computer attacks. Post-quantum keys are generated with the -pq flag and produce longer recipients (~2000 characters) starting with 'age1pq1...'. Files can also be encrypted with passphrases, which age can auto-generate securely, and passphrase-protected identity files are supported for remote storage scenarios.
age operates through standard Unix pipes and supports armored output for text-safe transport. The age-inspect command provides metadata analysis of encrypted files without decryption, showing recipient types, post-quantum usage, and size breakdown. A plugin system extends functionality, with hardware PIV token support available through age-plugin-yubikey.
Installation
# via Homebrew
brew install age
# via APT
apt install age
# via Go
go install filippo.io/age/cmd/...@latest