The quiet, correct answer to 'how do I encrypt this file?'
age has a small surface, honest documentation, and a scheme that has survived real-world use. Our only gripe is key-file ergonomics — an interface problem, not a cryptographic one.
§1 · Context
age solves one problem — file encryption — and does it with discipline.
The format is stable, the reference implementation is small enough to
fully read in a sitting, and the protocol is designed to resist the sort
of bespoke extensibility that has destroyed OpenPGP's soul.
§2 · Findings
Two medium findings: (1) the CLI's passphrase prompt does not indicate
when a passphrase is being re-prompted for an existing file (we can see
operators mistakenly re-type the wrong passphrase); (2) the key-file
format's whitespace handling is forgiving in ways that make hand-editing
safe but copy-paste across chat clients treacherous.
Three low findings are stylistic doc issues.
§3 · Crypto review
The scheme — ChaCha20-Poly1305 + X25519 key agreement — is well-chosen.
Constants are correct. Nothing surprising in the constant-time arithmetic
review.
§4 · Bottom line
Use it. Don't invent your own file-encryption format. If you need a
"recipient can read, nobody else" primitive, this is the one.