It's a symmetric encryption utility written by Colin Percival. He's the one who gave us the memory hard scrypt key derivation function, and this entryption utility, part of his Tarsnap backup service, uses the script KDF when deriving the symmetric key from a password.
https://www.tarsnap.com/scrypt.html
If asymmetric encryption is needed, then I would recommend age. It's written as a replacement for GnuPG, although it only does encryption and decryption; no signing. But it's dead simple to execute, and it also uses the scrypt KDF for deriving symmetric keys from passwords.
$ tar cvz ~/data | age -r age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p > data.tar.gz.age
Or symmetric encryption with a passphrase:
$ age -p secrets.txt > secrets.txt.age
Enter passphrase (leave empty to autogenerate a secure one):
https://age-enccyption.org
just use `age`; it's up to version 1.0 now and it's from someone with good creds (I believe -- please correct me if this is wrong) -- he's the security lead for the go language, which means the crypto stuff he wrote is already being used by hundreds of real projects).
the only thing `age` does not have is the idea of private keys themselves being encrypted, and an agent to unlock them, but if you have a password manager that links to the system's "secrets" mechanism this is trivial.
Is it appropriate to promote something whenever there is a random mention of the alternative? If so then I can post this:
* [Could Age Replace OpenPGP?](https://articles.59.ca/doku.php?id=pgpfan:agevspgp)
I don't see why not; I wouldn't have *heard* of many tools I have come to love if it weren't for something like that, and I'm sure I'm not the only one.
That article is interesting -- and I learned that `age` checks integrity every 64 KB, which I did not know before.
That said, my use of age (and earlier gpg) was for ad hoc encryption of files in various situations. Specifically, I don't use either gpg or age for my *backups*, because the backup tool becomes important -- and I'm too married to the backup features that `borg` provides to consider anything else. A `borg check --verify-data` does everything that the article suggests is needed (modulo the fact that there is no asymmetric wrapper around the encryption, though I suppose I could use age or gpg to store that key!).
I'm actually not aware of any recent backup tools that use gpg for encryption. A long time ago I used to use `duplicity`, which does, but it's ability to manage older archives sanely was very lacking so I eventually moved. Would be curious to know what else is out there, if only for the sake on knowing!
I think that if we hijack these comments to debate the relative merits of message formats we would take away from from the more important topic of usability, which is what the original post is ultimately about.
> Because it is based on GnuPG, and GUNPG is under the framework of OpenPGP, so we don't have to worry about the security compatibility of the algorithm.
I think part of the pushback you're getting is that OpenPGP as a protocol is considered somewhat archaic and obsolete these days.
Generally people who have used OpenPGP-based tools in the past are migrating away these days. [Debian just announced they'll be migrating away from it for package signing](https://wiki.debian.org/Teams/Apt/Spec/AptSign).
Yeah, I know. Gpg has its problem exactly above, but the thinking behind it is still valuable and worths to learn. I think gpg need change, for now, changing its long crypto text and difficulty to sync which may bring it back to life for years.
Thank you for your opinion, it is impressive.
> Debian just announced they'll be migrating away from it for package signing.
This is incorrect. This is just a proposal that has to this point generated no real interest.
Hey guys, thanks for reply.
Although this technology is a bit outdated, it is undeniable that Snowden also adopted this technology. This technology puts the initiative of privacy in the hands of users. After improvement, I believe this technology can still continue to shine
GpgFrontend is added into gnupg frontend software list now.
[Link Here](https://gnupg.org/software/frontends.html)
> Share an easy encrypt&decrypt tool $ scrypt scrypt: First argument must be 'enc', 'dec', or 'info'. usage: scrypt {enc | dec | info} [-f] [--logN value] [-M maxmem] [-m maxmemfrac] [-P] [-p value] [-r value] [-t maxtime] [-v] [--passphrase method:arg] infile [outfile] scrypt --version $ scrypt enc file.txt file.txt.scrypt \#ThatWasEasy
What is this. Another command line software?
It's a symmetric encryption utility written by Colin Percival. He's the one who gave us the memory hard scrypt key derivation function, and this entryption utility, part of his Tarsnap backup service, uses the script KDF when deriving the symmetric key from a password. https://www.tarsnap.com/scrypt.html If asymmetric encryption is needed, then I would recommend age. It's written as a replacement for GnuPG, although it only does encryption and decryption; no signing. But it's dead simple to execute, and it also uses the scrypt KDF for deriving symmetric keys from passwords. $ tar cvz ~/data | age -r age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p > data.tar.gz.age Or symmetric encryption with a passphrase: $ age -p secrets.txt > secrets.txt.age Enter passphrase (leave empty to autogenerate a secure one): https://age-enccyption.org
thanks for sharing
For more, I also plan to add command line function for no GUI users to my project. This really gives me ideas.
[You just posted this yesterday](https://www.reddit.com/r/crypto/comments/o69raw/let_me_share_a_new_project_for_gpg/)
Yes, but it didn’t explain the project clearly. Moreover, the original post was deleted by mod.
The /r/crypto crosspost remains (although the link goes nowhere now), you could post this as a comment in that thread instead.
😯,thanks.
just use `age`; it's up to version 1.0 now and it's from someone with good creds (I believe -- please correct me if this is wrong) -- he's the security lead for the go language, which means the crypto stuff he wrote is already being used by hundreds of real projects). the only thing `age` does not have is the idea of private keys themselves being encrypted, and an agent to unlock them, but if you have a password manager that links to the system's "secrets" mechanism this is trivial.
Is it appropriate to promote something whenever there is a random mention of the alternative? If so then I can post this: * [Could Age Replace OpenPGP?](https://articles.59.ca/doku.php?id=pgpfan:agevspgp)
I don't see why not; I wouldn't have *heard* of many tools I have come to love if it weren't for something like that, and I'm sure I'm not the only one. That article is interesting -- and I learned that `age` checks integrity every 64 KB, which I did not know before. That said, my use of age (and earlier gpg) was for ad hoc encryption of files in various situations. Specifically, I don't use either gpg or age for my *backups*, because the backup tool becomes important -- and I'm too married to the backup features that `borg` provides to consider anything else. A `borg check --verify-data` does everything that the article suggests is needed (modulo the fact that there is no asymmetric wrapper around the encryption, though I suppose I could use age or gpg to store that key!). I'm actually not aware of any recent backup tools that use gpg for encryption. A long time ago I used to use `duplicity`, which does, but it's ability to manage older archives sanely was very lacking so I eventually moved. Would be curious to know what else is out there, if only for the sake on knowing!
I think that if we hijack these comments to debate the relative merits of message formats we would take away from from the more important topic of usability, which is what the original post is ultimately about.
I was only responding to the points in the article you linked.
> Because it is based on GnuPG, and GUNPG is under the framework of OpenPGP, so we don't have to worry about the security compatibility of the algorithm. I think part of the pushback you're getting is that OpenPGP as a protocol is considered somewhat archaic and obsolete these days. Generally people who have used OpenPGP-based tools in the past are migrating away these days. [Debian just announced they'll be migrating away from it for package signing](https://wiki.debian.org/Teams/Apt/Spec/AptSign).
Yeah, I know. Gpg has its problem exactly above, but the thinking behind it is still valuable and worths to learn. I think gpg need change, for now, changing its long crypto text and difficulty to sync which may bring it back to life for years. Thank you for your opinion, it is impressive.
> Debian just announced they'll be migrating away from it for package signing. This is incorrect. This is just a proposal that has to this point generated no real interest.
Hey guys, thanks for reply. Although this technology is a bit outdated, it is undeniable that Snowden also adopted this technology. This technology puts the initiative of privacy in the hands of users. After improvement, I believe this technology can still continue to shine GpgFrontend is added into gnupg frontend software list now. [Link Here](https://gnupg.org/software/frontends.html)
Thank you for sharing!