1 unstable release
0.1.0 | Apr 16, 2024 |
---|
#816 in Cryptography
138 downloads per month
22KB
235 lines
Age Plugin: OpenPGP Card
This age plugin allows you to reuse your OpenPGP Card devices (such as Yubikeys or Nitrokeys) for age decryption.
Why? OpenPGP Card, contrary to its name, is just a generic cryptographic device but most importantly the spec and the real-world devices (e.g. Yubikeys) in the wild support ed25519.
If you don't need ed25519 age-plugin-yubikey
provides a more polished experience.
This plugin assumes that you have already provisioned the card.
oct admin generate
may be used to provision the card with a new ed25519 key.
Usage
Running the tool directly outputs public keys and identity stubs for all connected cards:
$ age-plugin-openpgp-card | tee identity.txt
# Card ident 0006:15422467
# age1dkfzfyk58yvkf07n32nygkyuqxtnq2am427sy79gjkh6krf96frsucn0me
AGE-PLUGIN-OPENPGP-CARD-1XQCRQD36XY6NGV3JXSMRWAN88PC
Note that the public key looks like a regular age ed25519 key. The stub encodes the card identifier and is mostly irrelevant.
Any age-compatible tool can be used for encryption:
$ echo I like strawberries | rage -r age1dkfzfyk58yvkf07n32nygkyuqxtnq2am427sy79gjkh6krf96frsucn0me -a > encrypted.age
And the identity stubs are required for decryption:
$ rage -d -i identity.txt < encrypted.age
I like strawberries
The plugin will ask you for the PIN using built-in plugin protocol (this would usually show a pin-entry prompt).
License
This project is licensed under either of:
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in this crate by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
Dependencies
~8–20MB
~266K SLoC