The age backend is an experimental crypto backend based on age. It adds an
encrypted keyring on top (using age in scrypt password mode). It also has
(largely untested) support for specifying recipients as github users. This will
use their ssh public keys for age encryption.
It is well positioned to eventually replace gpg as the default crypto backend.
WARNING: This backend is experimental and the on-disk format likely to change.
To start using the age backend initialize a new (sub) store with the --crypto=age flag:
gopass init --crypto age
gopass recipients add github:user
This will automatically create a new age keypair and initialize the new store.
Existing stores can be migrated using gopass convert --crypto age.
- Encryption using
agelibrary, can be decrypted using theageCLI - Support for native age, ssh-ed25519 and ssh-rsa recipients
- Support for encrypted ssh private keys
- Support for using GitHub users' private keys, e.g.
github:useras recipient - Automatic downloading and caching of SSH keys from GitHub
- Encrypted keyring for age keypairs
The future of this backend largely depends on what is happening in the age project itself.
Assuming age is supporting this, we'd like to:
- Finalize GitHub recipient support
- Add Hardware token support
- Make age the default gopass backend