It’s spelled age and pronounced aghe

Introduction

Let’s start from the assumption that we are lazy and have probably never taken the time to distinguish between safe IT elements and those to stay away from. If you have the feeling that it’s not just about software but about something broader, which goes beyond the simple container of our activities, you’re in the right place. Continue reading the article.

BalziBox is a site that is halfway between informative and practical. If you are interested in the IT part you can skip the paragraphs by clicking here.

We find ourselves at the center of opposing interests: on the one hand the user uses IT systems to carry out their activities, on the other the companies pursue profit.

In our IT life journey we have experienced traumatic events - loss of content - which we have certainly all been affected to some extent. The most common causes are a damaged disk or the loss of photos from the cell phone which no longer allowed us to review the memories of the photos of our dear newborn son.

So, what did we do? Well, we created a zip with password to preserve some important documents and subscribed to the cloud to sleep soundly.

We are targeted by cyber scams. Those who should take care of us, for example banks, continually offer us free newsletters and courses to protect us from events that could make us lose money. This mandatory information basically protects the credit institution and will tell you: “dear account holder, I warned you, you were not careful and you are owed nothing in compensation if you lost money recklessly!”

Distorted example of privacy and encryption

Dear readers, I bring you a concrete example of a distorted use case, an explosive mix that feeds on fake encryption and privacy.

The GP issues a certificate, which is sent to the patient’s inbox. The software provides for password-protected document transmission; the password itself, however, is sent in clear text in a subsequent e-mail, which represents nonsense of biblical proportions.

Still…

The certificate contains both the part intended for the employer (single non-separable document) and a section for the patient complete with diagnosis. Some might argue that it is sufficient to communicate only the certificate code to the employer but, if the latter requests a copy of the attachment and since the document is not divisible, in the end the diagnosis is also transmitted.

Those who are a bit clever know that it is possible to edit with Libre Office the pdf document so that the certificate which had as diagnosis: “psychotic obsessive privacy syndrome” can be eliminated with blank space.

Example of how idiots put together useless processes, while with this article we rack our brains to understand if there is something more modern in the field of cryptography.

I felt protected in the castle

If you are of the opinion that you have nothing to hide and that you trust the software you use, count to ten and read here; obviously you are of the opinion that the cloud is the solution to your data storage problems then you must necessarily read here.

I make some further considerations. How many people have thought of generating their own encryption key with PGP/GPG¹, probably in the circle of people I frequent, this number does not exceed the fingers of one hand. A more widespread knowledge of what in IT is a digital signature² with integrity control has occurred in public administration, together with all the digital decay attached and connected. (It is not the purpose of this article to delve into these concepts).

And if at a certain moment you take a look outside the castle and discover that your GPG is a sieve of insecure code and full of vulnerabilities such that it is considered computer archaeology to be avoided learn more .

It’s the fault of Marco Crotta ³ who in his video suggests a software called age. Initially it seemed interesting to me but I didn’t fully understand its potential. I went from a superficial test to reconsidering its use only at a later time, when I then realized how necessary it was. You need to have a certain maturity on the topic to grasp its true significance. The comments on the video, coming from a more expert context, do not seem to have understood the essence of the message, raising doubts as to why age should be used instead of GPG.

age

Actually Good Encryption briefly called age (with lowercase letters) created by Filippo Valsorda an Italian Cryptographic Engineer with an impressive CV, has decided to leave his job in the Go Goole team to undertake new paths as a “professional open source maintainer”.

My grandmother said chisto guaglione tene ‘a capa gloriosa ⁴

age is a secure, lightweight and free open project that introduces a new encryption format. It presents itself as a real and concrete substitute for GPG, thanks also to the use of modern algorithms valid for symmetric and asymmetric encryption[^5].

References:

1. Link to software
2. Author’s site

Installation

The program is available on many platforms: Windows, macOS and Linux. I prefer the Linux environment, due to the unbearable takers present in current operating systems.

Consiglio di installare l’ultima versione disponibile aggiornata prelevando direttamente i binari da Github , di seguito riporto i comandi da eseguire da terminale.

# latest version of the program
curl -JLO "https://dl.filippo.io/age/latest?for=linux/amd64"

# check the downloaded version and change the variable
AGE_VERSION="v1.2.1"

tar -xzf age-$AGE_VERSION-linux-amd64.tar.gz
sudo mv age/age /usr/local/bin/
sudo mv age/age-keygen /usr/local/bin/

## Check the installed version
age --version
age-keygen --version

age with passphrase

This is symmetric encryption - a single key is used to encrypt and decrypt data. The person who encrypts the message and the person who decrypts it must both know the same key.

# command to encrypt a document (binary format)
age --passphrase --output output.txt.age input.txt

# command to encrypt a document (text format)
age --passphrase --armor --output output.txt.age input.txt

# or
age -p -o output.txt.age input.txt
age -p input.txt > output.txt.age

# command to decrypt a document
age --decrypt --output input.txt output.txt.age

# or
age -d -o input.txt output.txt.age
age -d output.txt.age > input.txt

age with a public/private key pair

This is asymmetric encryption - it uses two related keys: a public key, usable by anyone to encrypt the message, and a private key, held exclusively by the recipient, necessary to decipher it.

Generate public and private key without password.

# show public and private key in terminal
age-keygen

# generate and save the key pair
age-keygen -o private.txt

# or
age-keygen > private.txt

Generate public and private key with password.

# generate and save the key pair
age-keygen | age -p -a > private.age

# delete the password saving the readable keys
age -d private.age > private.txt

Result of generating an unprotected key pair, used as an example.

$ age-keygen 
# created: 2025-10-17T09:00:00+01:00
# public key: age1j0t50snfg3uj3faecysjsvvfmkq603gpphjczg646t0px89wjezqaxmqa2
AGE-SECRET-KEY-1FQHR26K7QYQKS7GJZAVGQ3UVQR634RKVPZSEZ5NZKJWYQVS4QGUSX34T88

To encrypt a file you need to write down the public key of the recipient -r alternatively there can be one or more recipients recovered from a file -R. The -a armor command if entered allows you to obtain the output in ASCII PEM/armored format will only have printable characters (A‑Z, a‑z, 0‑9, +, /, = and the headers —–BEGIN AGE ENCRYPTED FILE—– … —–END AGE ENCRYPTED FILE—–.

# by encrypting a file with a public key
age -e -a -r age1j0t50snfg3uj3faecysjsvvfmkq603gpphjczg646t0px89wjezqaxmqa2 \
    lorem_ipsum.txt > lorem_ipsum.txt.age

# by decrypting the example file
age -d -i private.txt lorem_ipsum.txt.age > decrypt.txt  

Conclusions

To fully enjoy it, you need to roll up your sleeves, create your own backup scripts and experiment with the countless implementations available for free on the web.