All 9 comments
I was actually trying to find the interface that an encryption backend must satisfy. Looking around in the code this seems to be the closest readable definition :
https://github.com/gopasspw/gopass/blob/master/pkg/backend/crypto/plain/backend.go
yml
on 14 Oct 2019
Looks like the best place to start, good find. age is still unstable, so probably best to wait until the API shakes out a bit more.
kfken
on 14 Oct 2019
Good idea. I yet have to read the age specs, but I believe @FiloSottile knows what he's doing.
Once age is stable it shouldn't be difficult to implement it as a backend.
Of course we'd also need to properly implement the agent, otherwise it'd be no fun.
But maybe that's something upstream will take care of. They seem to consider age as a password store backend already.
dominikschulz
on 20 Oct 2019
Hey, I would love for this to happen once we mark the format as stable. I will have indeed to figure out an agent protocol. There's a chance we'll just reuse the ssh-agent one. I will update this issue once that's settled.
FiloSottile
on 21 Oct 2019
Just noticed that age supports ssh public keys, which makes key handling very ... handy.
I'll try to take a stab at replacing the custom crypto backend soon.
However it doesn't support a caching agent (yet).
dominikschulz
on 24 Apr 2020
Disregard that comment. I need to contemplate more on https://github.com/FiloSottile/age/issues/7.
If we could use age as library then perhaps wouldn't even need any kind of (complex) agent support.
I wonder if we can get away with caching the passphrase while gopass is running. This would support the few bulk operations we have. It wouldn't help with external programs calling gopass repeadetly.
dominikschulz
on 24 Apr 2020
I fail to understand the reasoning behind not supporting the standard ssh agent. I was hoping that age would be an nice way out of the GPG complexity. :-(
yml
on 27 Apr 2020
So we have preliminary age support now.
The private key is not (yet?) password protected, so it's not as safe (depending on your attack scenarios) as the other backends. But it works and it can be easily extended. I'm considering to protect the private key with age itself (using the passphrase mode).
I'd absolutely love to use age as a library, especially to make it easier for users who can't easily compile from source or are using windows. But last time I checked age hid it's API in an internal/ package that can't be used from the outside.
dominikschulz
on 8 May 2020
This is awesome! (I'm planning to work on the public API next week!)
FiloSottile
on 8 May 2020
Related issues
worldofpeace
路
4Comments
sudoforge
路
4Comments
sevenmaxis
路
4Comments
dominikschulz
路
4Comments
nostdm
路
5Comments
Most helpful comment
Hey, I would love for this to happen once we mark the format as stable. I will have indeed to figure out an agent protocol. There's a chance we'll just reuse the ssh-agent one. I will update this issue once that's settled.