rage(1)
A command-line tool to encrypt and decrypt files using age, a simple, modern, and secure file encryption format.
Synopsis
rage [OPTION]... [FILE]...Description
rage is a Rust implementation of the age encryption format, providing fast and easy file encryption without complex key management. It supports both symmetric encryption (with a passphrase) and asymmetric encryption (with public/private keypairs).
Files are encrypted by default with a random key, and decryption requires the corresponding passphrase or private key. The tool is designed to be simple enough for casual use yet secure enough for sensitive data.
Common options
| Flag | What it does |
|---|---|
-e, --encrypt | Encrypt the input (default mode if no -d flag) |
-d, --decrypt | Decrypt the input |
-p, --passphrase | Encrypt with a passphrase instead of a public key; prompts for password |
-r, --recipient | Encrypt for a recipient's public key (can be used multiple times) |
-i, --identity | Use a private key file for decryption (can be used multiple times) |
-o, --output | Write output to a file instead of stdout |
-a, --armor | Encrypt to ASCII-armored format (base64) instead of binary |
-g, --generate-key | Generate a new age keypair and exit |
Examples
Encrypt a file with a passphrase; prompts for password interactively
rage -p secrets.txt -o secrets.txt.ageDecrypt a file by prompting for the passphrase
rage -d secrets.txt.age -o secrets.txtGenerate a new age keypair and save the public key
rage -g > key.txtEncrypt a file for a specific recipient's public key
rage -r AGE1QL3Z5CV5FQ69DQDS8GF55A... document.pdf -o document.pdf.ageDecrypt using a private key from a file
rage -d -i ~/.age/key.txt secrets.txt.ageEncrypt a tar archive with passphrase as ASCII armor and pipe to email
tar czf - /path/to/files | rage -p -a | mail [email protected]Encrypt a file for multiple recipients (all can decrypt it)
rage -r AGE1... -r AGE2... file.txt -o file.txt.ageDecrypt from stdin to stdout
cat encrypted.txt.age | rage -d