- age.algorithms package
- age.keys package
- age.primitives package
- age.primitives.bech32 module
- age.primitives.encode module
- age.primitives.encrypt module
- age.primitives.hashes module
- age.primitives.hkdf module
- age.primitives.hmac module
- age.primitives.random module
- age.primitives.rsa_oaep module
- age.primitives.scrypt module
- age.primitives.x25519 module
- Module contents
- age.recipients package
- age.utils package
decrypt(infile=None, outfile=None, ask_password=False, keyfiles=None, ascii_armored=False)¶
Decrypt a file encrypted with ‘age encrypt’.
Ciphertext can be passed from the standard input stream and from a file. Plaintext will by default be written to the standard output stream, but a filename can be specified.
Decryption is attempted with keys from the following locations: - Age private keys from ‘age generate’ in file ~/.config/age/keys.txt - Private SSH keys at ~/.ssh/id_* - Age private keys in files passed via KEYFILES.
If the ‘-p’ switch is provided, age will prompt for a password and also attempt to decrypt the message with the given password.
encrypt(recipients=None, infile=None, outfile=None, ask_password=False, ascii_armored=False)¶
Encrypt data for the given recipients.
RECIPIENTS can be a list of either: - aliases (from ~/.config/age/aliases.txt) - age public keys (starting with “age1…”) - SSH public keys (starting with “ssh-rsa” or “ssh-ed25519”) - Files with one key per line (no aliases allowed) - URLs to files with one key per line (no aliases allowed) - GitHub usernames (will fetch SSH public keys from https://github.com/USERNAME.keys)
Plaintext data can be passed via the standard input stream or from a file. Encryption to the standard output stream is only allowed if the stream is not bound to a TTY, in any case an output file can be used.
A password recipient can be added with the ‘-p’ option. age will prompt for the password.
Note that in this case, anyone in possession of the password can tamper with the message, therefore it is recommended to not mix password- and public key recipients.
Generate a new age private/public key pair.
If no FILENAME is given, the command outputs the key pair to the standard output stream.
If FILENAME exists, age will warn if the file permissions allow others to read, write or execute the file.
Return whether object was opened for reading.
If False, read() will raise OSError.
Flush and close the IO object.
This method has no effect if the file is already closed.
Return whether object was opened for writing.
If False, write() will raise OSError.
Recipient(type='', arguments=None, body='')¶
dump_header(header, stream, mac=None)¶
Load OpenSSH key in “”PEM”” format.
The files look like PEM, but aren’t. OpenSSH keys are “proprietary” and can be identified by the line “—–BEGIN OPENSSH PRIVATE KEY—–”.