Merge pull request #96 from str4d/release-0.4.0

Release 0.4.0

README.md

@@ -20,21 +20,35 @@ The reference interoperable Golang implementation is available at
 ## Usage
 
 ```
-Usage: rage [OPTIONS] [INPUT]
+Usage:
+  rage -r RECIPIENT [-a] [-o OUTPUT] [INPUT]
+  rage --decrypt [-i IDENTITY] [-o OUTPUT] [INPUT]
 
 Positional arguments:
-  INPUT                      file to read input from (default stdin)
+  INPUT                      Path to a file to read from.
 
 Optional arguments:
-  -h, --help                 print help message
-  -V, --version              print version info and exit
-  -d, --decrypt              decrypt the input (default is to encrypt)
-  -p, --passphrase           use a passphrase instead of public keys
-  --max-work-factor WF       maximum work factor to allow for passphrase decryption
-  -a, --armor                create ASCII armored output (default is age binary format)
-  -r, --recipient RECIPIENT  recipient to encrypt to (may be repeated)
-  -i, --identity IDENTITY    identity to decrypt with (may be repeated)
-  -o, --output OUTPUT        output to OUTPUT (default stdout)
+  -h, --help                 Print this help message and exit.
+  -V, --version              Print version info and exit.
+  -d, --decrypt              Decrypt the input.
+  -p, --passphrase           Encrypt with a passphrase instead of recipients.
+  --max-work-factor WF       Maximum work factor to allow for passphrase decryption.
+  -a, --armor                Encrypt to a PEM encoded format.
+  -r, --recipient RECIPIENT  Encrypt to the specified RECIPIENT. May be repeated.
+  -i, --identity IDENTITY    Use the private key file at IDENTITY. May be repeated.
+  -o, --output OUTPUT        Write the result to the file at path OUTPUT.
+
+INPUT defaults to standard input, and OUTPUT defaults to standard output.
+
+RECIPIENT can be:
+- An age public key, as generated by rage-keygen ("age1...").
+- An SSH public key ("ssh-ed25519 AAAA...", "ssh-rsa AAAA...").
+- A path or HTTPS URL to a file containing age recipients, one per line
+  (ignoring "#" prefixed comments and empty lines).
+
+IDENTITY is a path to a file with age identities, one per line
+(ignoring "#" prefixed comments and empty lines), or to an SSH key file.
+Multiple identities may be provided, and any unused ones will be ignored.
 ```
 
 ### Multiple recipients
@@ -57,7 +71,7 @@ $ rage -p -o example.png.age example.png
 Type passphrase (leave empty to autogenerate a secure one): [hidden]
 Using an autogenerated passphrase:
     kiwi-general-undo-bubble-dwarf-dizzy-fame-side-sunset-sibling
-$ rage -d -p example.png.age >example.png
+$ rage -d example.png.age >example.png
 Type passphrase: [hidden]
 ```
 

age-core/CHANGELOG.md

@@ -8,6 +8,9 @@ to 1.0.0 are beta releases.
 
 ## [Unreleased]
 
+## [0.4.0] - 2020-03-25
+No changes; version bumped to keep it in sync with `age`.
+
 ## [0.3.1] - 2020-02-11
 ### Fixed
 - Bumped dependencies to `cookie-factory ^0.3.1` to fix nightly builds.

age-core/Cargo.toml

@@ -1,13 +1,16 @@
 [package]
 name = "age-core"
 description = "[BETA] Common functions used across the age crates"
-version = "0.3.1"
+version = "0.4.0"
 authors = ["Jack Grigg <thestr4d@gmail.com>"]
 repository = "https://github.com/str4d/rage"
 readme = "README.md"
 license = "MIT OR Apache-2.0"
 edition = "2018"
 
+[badges]
+maintenance = { status = "experimental" }
+
 [dependencies]
 base64 = "0.11"
 cookie-factory = "0.3.1"

age/CHANGELOG.md

@@ -9,6 +9,8 @@ and this project adheres to Rust's notion of
 to 1.0.0 are beta releases.
 
 ## [Unreleased]
+
+## [0.4.0] - 2020-03-25
 ### Added
 - `age::Decryptor::new(R: Read)`, which parses an age file header and returns
   a context-specific decryptor.
@@ -39,6 +41,9 @@ to 1.0.0 are beta releases.
 - `age::Decryptor::trial_decrypt` (replaced by context-specific decryptors).
 - `age::Decryptor::trial_decrypt_seekable` (merged into the context-specific
   decryptors).
+- `age::Error::ArmoredWhenSeeking`
+- `age::Error::MessageRequiresKeys`
+- `age::Error::MessageRequiresPassphrase`
 
 ### Fixed
 - Key files with Windows line endings are now correctly parsed.

age/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "age"
 description = "[BETA] A simple, secure, and modern encryption tool."
-version = "0.3.1"
+version = "0.4.0"
 authors = ["Jack Grigg <thestr4d@gmail.com>"]
 repository = "https://github.com/str4d/rage"
 readme = "README.md"
@@ -14,7 +14,7 @@ edition = "2018"
 maintenance = { status = "experimental" }
 
 [dependencies]
-age-core = { version = "0.3.1", path = "../age-core" }
+age-core = { version = "0.4.0", path = "../age-core" }
 
 # Dependencies required by the age specification:
 # - Base64 from RFC 4648

age/README.md

@@ -18,7 +18,7 @@ The reference interoperable Golang implementation is available at
 Add this line to your `Cargo.toml`:
 
 ```
-age = "0.3"
+age = "0.4"
 ```
 
 See the [documentation](https://docs.rs/age) for examples.

age/src/cli_common/file_io.rs

@@ -11,7 +11,7 @@ use crate::util::LINE_ENDING;
 
 const SHORT_OUTPUT_LENGTH: usize = 20 * 80;
 const TRUNCATED_TTY_MSG: &[u8] =
-    b"[truncated; use a pipe, a redirect, or -o/--output to see full message]";
+    b"[truncated; use a pipe, a redirect, or -o/--output to decrypt the entire file]";
 
 #[derive(Debug)]
 struct DenyBinaryOutputError;

age/src/error.rs

@@ -6,11 +6,9 @@ use std::io;
 /// The various errors that can be returned during the decryption process.
 #[derive(Debug)]
 pub enum Error {
-    /// Seeking was attempted on an ASCII-armored encrypted message, which is unsupported.
-    ArmoredWhenSeeking,
-    /// The message failed to decrypt.
+    /// The age file failed to decrypt.
     DecryptionFailed,
-    /// The message used an excessive work factor for passphrase encryption.
+    /// The age file used an excessive work factor for passphrase encryption.
     ExcessiveWork {
         /// The work factor required to decrypt.
         required: u8,
@@ -19,17 +17,13 @@ pub enum Error {
     },
     /// The age header was invalid.
     InvalidHeader,
-    /// The MAC in the message header was invalid.
+    /// The MAC in the age header was invalid.
     InvalidMac,
     /// An I/O error occurred during decryption.
     Io(io::Error),
     /// Failed to decrypt an encrypted key.
     KeyDecryptionFailed,
-    /// The provided message requires keys to decrypt.
-    MessageRequiresKeys,
-    /// The provided message requires a passphrase to decrypt.
-    MessageRequiresPassphrase,
-    /// None of the provided keys could be used to decrypt the message.
+    /// None of the provided keys could be used to decrypt the age file.
     NoMatchingKeys,
     /// An unknown age format, probably from a newer version.
     UnknownFormat,
@@ -38,7 +32,6 @@ pub enum Error {
 impl fmt::Display for Error {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         match self {
-            Error::ArmoredWhenSeeking => write!(f, "Armored messages not supported for seeking"),
             Error::DecryptionFailed => write!(f, "Decryption failed"),
             Error::ExcessiveWork { required, target } => {
                 writeln!(f, "Excessive work parameter for passphrase.")?;
@@ -52,10 +45,6 @@ impl fmt::Display for Error {
             Error::InvalidMac => write!(f, "Header MAC is invalid"),
             Error::Io(e) => e.fmt(f),
             Error::KeyDecryptionFailed => write!(f, "Failed to decrypt an encrypted key"),
-            Error::MessageRequiresKeys => write!(f, "This message requires keys to decrypt"),
-            Error::MessageRequiresPassphrase => {
-                write!(f, "This message requires a passphrase to decrypt")
-            }
             Error::NoMatchingKeys => write!(f, "No matching keys found"),
             Error::UnknownFormat => {
                 writeln!(f, "Unknown age format.")?;

age/src/format.rs

@@ -1,4 +1,4 @@
-//! The age message format.
+//! The age file format.
 
 use rand::{
     distributions::{Distribution, Uniform},

age/src/format/ssh_rsa.rs

@@ -49,7 +49,7 @@ impl RecipientLine {
             &mut h,
             Some(SSH_RSA_OAEP_LABEL.to_owned()),
         )
-        .expect("pubkey is valid and message is not too long");
+        .expect("pubkey is valid and file key is not too long");
 
         RecipientLine {
             tag: ssh_tag(&ssh_key),

age/src/keys.rs

@@ -49,7 +49,7 @@ impl FileKey {
     }
 }
 
-/// A secret key for decrypting an age message.
+/// A secret key for decrypting an age file.
 pub enum SecretKey {
     /// An X25519 secret key.
     X25519(StaticSecret),
@@ -330,7 +330,7 @@ impl Identity {
     }
 }
 
-/// A key that can be used to encrypt an age message to a recipient.
+/// A key that can be used to encrypt a file to a recipient.
 #[derive(Clone, Debug)]
 pub enum RecipientKey {
     /// An X25519 recipient key.

age/src/lib.rs

@@ -1,4 +1,4 @@
-//! *Library for encrypting and decryping age messages*
+//! *Library for encrypting and decryping age files*
 //!
 //! age is a simple, secure, and modern encryption tool with small explicit keys, no
 //! config options, and UNIX-style composability.

age/src/primitives/stream.rs

@@ -128,7 +128,7 @@ impl Stream {
     }
 }
 
-/// Writes an encrypted age message.
+/// Writes an encrypted age file.
 pub struct StreamWriter<W: Write> {
     stream: Stream,
     inner: ArmoredWriter<W>,
@@ -197,7 +197,7 @@ enum StartPos {
     Explicit(u64),
 }
 
-/// Provides access to a decrypted age message.
+/// Provides access to a decrypted age file.
 pub struct StreamReader<R: Read> {
     stream: Stream,
     inner: ArmoredReader<R>,
@@ -254,14 +254,14 @@ impl<R: Read> Read for StreamReader<R> {
                     // Stream has ended before seeing the last chunk.
                     return Err(io::Error::new(
                         io::ErrorKind::UnexpectedEof,
-                        "message is truncated",
+                        "age file is truncated",
                     ));
                 } else {
                     return Ok(0);
                 }
             }
 
-            // This check works for all cases except when the message is an integer
+            // This check works for all cases except when the age file is an integer
             // multiple of the chunk size. In that case, we try decrypting twice on a
             // decryption failure.
             let last = end < ENCRYPTED_CHUNK_SIZE;
@@ -507,7 +507,7 @@ mod tests {
     }
 
     #[test]
-    fn stream_fails_to_decrypt_truncated_message() {
+    fn stream_fails_to_decrypt_truncated_file() {
         let key = [7; 32];
         let data = vec![42; 2 * CHUNK_SIZE];