|Project Name||Stars||Downloads||Repos Using This||Packages Using This||Most Recent Commit||Total Releases||Latest Release||Open Issues||License||Language|
|Rage||2,039||13||5 days ago||17||June 13, 2023||46||apache-2.0||Rust|
|A simple, secure and modern file encryption tool (and Rust library) with small explicit keys, no config options, and UNIX-style composability.|
|Libsm||167||5 months ago||1||apache-2.0||Rust|
|A Rust Library of China's Standards of Encryption Algorithms (SM2/3/4)|
|Acme Lib||58||4||4 months ago||16||August 20, 2021||26||other||Rust|
|Rust library for requesting certificates from an ACME provider|
|Rabe||47||a year ago||8||May 30, 2022||2||mit||Rust|
|rabe is an Attribute Based Encryption library, written in Rust|
|Rusty_paseto||18||9 months ago||7||March 06, 2022||mit||Rust|
|A type-driven, ergonomic RUST implementation of the PASETO protocol for secure stateless tokens.|
|Codebreaker Rs||18||7 months ago||1||apache-2.0||Rust|
|A Rust library to decrypt & encrypt any cheat code for CodeBreaker PS2|
|Ossuary||14||4 years ago||2||June 12, 2019||apache-2.0||Rust|
|Rust library for establishing encrypted communication channels|
|Ntge||7||1||2 years ago||1||April 30, 2020||5||mit||Rust|
|Backupper||2||7 months ago||Rust|
|Backup with encryption|
rage is a simple, modern, and secure file encryption tool, using the age format. It features small explicit keys, no config options, and UNIX-style composability.
The reference interoperable Go implementation is available at filippo.io/age.
|Cargo (Rust 1.59+)||
|Homebrew (macOS or Linux)||
On Windows, Linux, and macOS, you can use the pre-built binaries.
Help from new packagers is very welcome.
Usage: rage [--encrypt] -r RECIPIENT [-i IDENTITY] [-a] [-o OUTPUT] [INPUT] rage --decrypt [-i IDENTITY] [-o OUTPUT] [INPUT] Positional arguments: INPUT Path to a file to read from. Optional arguments: -h, --help Print this help message and exit. -V, --version Print version info and exit. -e, --encrypt Encrypt the input (the default). -d, --decrypt Decrypt the input. -p, --passphrase Encrypt with a passphrase instead of recipients. --max-work-factor WF Maximum work factor to allow for passphrase decryption. -a, --armor Encrypt to a PEM encoded format. -r, --recipient RECIPIENT Encrypt to the specified RECIPIENT. May be repeated. -R, --recipients-file PATH Encrypt to the recipients listed at PATH. May be repeated. -i, --identity IDENTITY Use the identity file at IDENTITY. May be repeated. -j PLUGIN-NAME Use age-plugin-PLUGIN-NAME in its default mode as an identity. -o, --output OUTPUT Write the result to the file at path OUTPUT. INPUT defaults to standard input, and OUTPUT defaults to standard output. RECIPIENT can be: - An age public key, as generated by rage-keygen ("age1..."). - An SSH public key ("ssh-ed25519 AAAA...", "ssh-rsa AAAA..."). PATH is a path to a file containing age recipients, one per line (ignoring "#" prefixed comments and empty lines). IDENTITY is a path to a file with age identities, one per line (ignoring "#" prefixed comments and empty lines), or to an SSH key file. Passphrase-encrypted age identity files can be used as identity files. Multiple identities may be provided, and any unused ones will be ignored.
Files can be encrypted to multiple recipients by repeating
Every recipient will be able to decrypt the file.
$ rage -o example.png.age -r age1uvscypafkkxt6u2gkguxet62cenfmnpc0smzzlyun0lzszfatawq4kvf2u \ -r age1ex4ty8ppg02555at009uwu5vlk5686k3f23e7mac9z093uvzfp8sxr5jum example.png
Multiple recipients can also be listed one per line in one or more files passed
$ cat recipients.txt # Alice age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p # Bob age1lggyhqrw2nlhcxprm67z43rta597azn8gknawjehu9d9dl0jq3yqqvfafg $ rage -R recipients.txt example.jpg > example.jpg.age
Files can be encrypted with a passphrase by using
-p/--passphrase. By default
rage will automatically generate a secure passphrase.
$ rage -p -o example.png.age example.png Type passphrase (leave empty to autogenerate a secure one): [hidden] Using an autogenerated passphrase: kiwi-general-undo-bubble-dwarf-dizzy-fame-side-sunset-sibling $ rage -d example.png.age >example.png Type passphrase: [hidden]
If a binary named
pinentry is available in
$PATH, it will be used to ask the
user for a passphrase. The
PINENTRY_PROGRAM environment variable can be used
to set the binary name or path to use. If a
pinentry binary is not available,
PINENTRY_PROGRAM is set to the empty string,
rage will fall back to the
If an identity file passed to
-i/--identity is a passphrase-encrypted age
file, it will be automatically decrypted.
$ rage -p -o key.age <(rage-keygen) Public key: age1pymw5hyr39qyuc950tget63aq8vfd52dclj8x7xhm08g6ad86dkserumnz Type passphrase (leave empty to autogenerate a secure one): [hidden] Using an autogenerated passphrase: flash-bean-celery-network-curious-flower-salt-amateur-fence-giant $ rage -r age1pymw5hyr39qyuc950tget63aq8vfd52dclj8x7xhm08g6ad86dkserumnz secrets.txt > secrets.txt.age $ rage -d -i key.age secrets.txt.age > secrets.txt Type passphrase: [hidden]
Passphrase-protected identity files are not necessary for most use cases, where access to the encrypted identity file implies access to the whole system. However, they can be useful if the identity file is stored remotely.
As a convenience feature, rage also supports encrypting to
ssh-ed25519 SSH public keys, and decrypting with the respective private key
ssh-agent is not supported.)
$ rage -R ~/.ssh/id_ed25519.pub example.png > example.png.age $ rage -d -i ~/.ssh/id_ed25519 example.png.age > example.png
Note that SSH key support employs more complex cryptography, and embeds a public key tag in the encrypted file, making it possible to track files that are encrypted to a specific public key.
When building with Cargo, you can configure rage using
--features comma,separated,flags to enable or disable the following
mount enables the
rage-mount tool, which can mount age-encrypted TAR or
ZIP archives as read-only. It is currently only usable on Unix systems, as it
ssh (enabled by default) enables support for reusing existing SSH key files
for age encryption.
unstable enables in-development functionality. Anything behind this feature
flag has no stability or interoperability guarantees.
Applications wishing to use rage as a library should use the
crate, which rage is built on top of.
Licensed under either of
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.