rage v0.5.0

rage

Added

• Italian, Spanish, and Chinese translations!
• ssh feature flag, enabled by default. It can be disabled to remove support
  for ssh-rsa and ssh-ed25519 recipients and identities. ssh-rsa keys are
  now supported without the unstable feature flag.

Changed

• MSRV is now 1.45.0.

Removed

• Default identity path (identities should instead be set per-use).
• Default alias path (for unstable aliases feature).

age

Added

• Italian, Spanish, and Chinese translations!
• New core traits, implemented by all relevant age types:
  • age::Identity, representing an identity that can decrypt an age file.
  • age::Recipient, representing a potential recipient of an age file.
• Separate modules and structs for different recipient types:
  • age::x25519
  • age::ssh (behind the ssh feature flag).
• age::EncryptError, representing errors that can occur during encryption.
• age::IdentityFile struct, for parsing a list of native age identities
  (currently only age::x25519::Identity) from a file.
• Asynchronous APIs for encryption and decryption, enabled by the async
  feature flag:
  • age::Encryptor::wrap_async_output()
  • age::Decryptor::new_async()
  • age::decryptor::RecipientsDecryptor::decrypt_async()
  • age::decryptor::PassphraseDecryptor::decrypt_async()
• Explicit armoring support, enabled by the armor feature flag:
  • age::armor::ArmoredReader, which can be wrapped around an input to handle
    a potentially-armored age file.
  • age::armor::ArmoredWriter, which can be wrapped around an output to
    optionally apply the armored age format.

Changed

• MSRV is now 1.45.0.
• Changes due to the new core traits:
  • age::Encryptor::with_recipients now takes Vec<Box<dyn Recipient>>.
  • age::decryptor::RecipientsDecryptor now takes
    impl Iterator<Item = Box<dyn Identity>> in its decryption methods.
  • age::cli_common::read_identities now returns Vec<Box<dyn Identity>>, as
    it abstracts over age::IdentityFile and age::ssh::Identity. When the
    ssh feature flag is enabled, it also takes an unsupported_ssh argument
    for handling unsupported SSH identities.
  • age::Error has been renamed to age::DecryptError.
• Changes due to explicit armoring support:
  • age::Encryptor::wrap_output now only generates the non-malleable binary
    age format. To optionally generate armored age files, use
    encryptor.wrap_output(ArmoredWriter::wrap_output(output, format)).
  • age::Decryptor now only decrypts the non-malleable binary age format. To
    handle age files that are potentially armored, use
    Decryptor::new(ArmoredReader::new(input)).
  • age::Format has been moved to age::armor::Format.
• SSH support is now disabled by default, behind the ssh feature flag.
  ssh-rsa keys are now supported without the unstable feature flag.
• age::Callbacks has been moved to age::decryptor::Callbacks.

Removed

• age::SecretKey (replaced by age::x25519::Identity and
  age::ssh::Identity).
• age::keys::RecipientKey (replaced by age::x25519::Recipient and
  age::ssh::Recipient).
• age::keys::{Identity, IdentityKey} (replaced by age::Identity trait on
  individual identities, and age::IdentityFile for parsing identities).
• age::decryptor::RecipientsDecryptor::decrypt_with_callbacks() (identities
  are now expected to handle their own callbacks, and
  age::cli_common::read_identities now adds callbacks to SSH identities).
• Default identity path:
  • age::cli_common::get_config_dir.
  • The no_default parameter for age::cli_common::read_identities.

age-core

Added

• Several structs used when implementing the age::Identity and
  age::Recipient traits:
  • age_core::format::FileKey
  • age_core::format::Stanza
• age_core::format::grease_the_joint, for generating a random valid recipient
  stanza. No other guarantees are made about the stanza's fields.
• age_core::primitives::{aead_decrypt, aead_encrypt, hkdf}, to enable these
  common primitives to be reused in plugins.

Changed

• MSRV is now 1.41.0.
• age_core::format::write::age_stanza now takes args: &[impl AsRef<str>].

rage v0.4.0

rage

Added

• rage-mount can now mount ASCII-armored age files.

Changed

• [rage] -p/--passphrase flag can no longer be used with -d/--decrypt
  (passphrase-encrypted files are now detected automatically).

Removed

• -p/--passphrase flag from rage-mount (passphrase-encrypted files are now
  detected automatically).

Fixed

• [Unix] Files encrypted with a passphrase can now be decrypted with rage when
  piped over stdin.

age

Added

• age::Decryptor::new(R: Read), which parses an age file header and returns
  a context-specific decryptor.
• age::decryptor module containing the context-specific decryptors.
  • Their decryption methods return the concrete type StreamReader<R>,
    enabling them to handle seekable readers.
• age::Encryptor::with_recipients(Vec<RecipientKey>)
• age::Encryptor::with_user_passphrase(SecretString)
• Support for encrypted OpenSSH keys created with ssh-keygen prior to OpenSSH
  7.6.
• age::cli_common::file_io::OutputWriter::is_terminal

Changed

• age::Decryptor has been refactored to auto-detect the decryption type. As a
  result, both identity-based and passphrase-based decryption need to be
  handled.
• age::StreamReader has been moved into the age::stream module, along with
  StreamWriter which was previously public but has now been formally exposed
  in the API for documentation purposes.
• age::Encryptor is now an opaque struct, and must be created via its new
  constructors.
• age::Encryptor::wrap_output now consumes self, making it harder to
  accidentally reuse a passphrase for multiple encrypted files.
• age::cli_common::read_identities now takes an additional file_not_found
  parameter for customising the error when an identity filename is not found.

Removed

• age::Decryptor::trial_decrypt (replaced by context-specific decryptors).
• age::Decryptor::trial_decrypt_seekable (merged into the context-specific
  decryptors).
• age::Error::ArmoredWhenSeeking
• age::Error::MessageRequiresKeys
• age::Error::MessageRequiresPassphrase

Fixed

• Key files with Windows line endings are now correctly parsed.

age-core

No changes; version bumped to keep it in sync with age.

rage v0.3.1

Version bump to fix nightly builds. No other changes from v0.3.0.

rage v0.3.0

Crates galore! The changes in the age library crate are reflected in the CLI tools in the rage crate.

rage

(relative to the CLI tools in age 0.2.0)

Added

• -V / --version flags to all binaries.
• Completion files for Bash, Elvish, Fish, PowerShell, and Zsh can be generated
  with cargo run --example generate-completions.
• The Debian package will install completion files for Bash, Fish, and Zsh.

Changed

• If a pinentry binary is available, it will be used preferentially to request
  secrets such as passphrases. The previous CLI input will be used if pinentry
  is not available.

age

Added

• age::Callbacks, which encapsulates any requests that might be necessary
  during the decryption process.
• age::cli_common::UiCallbacks, which implements Callbacks with requests to
  the user via age::cli_common::read_secret.
• age::Decryptor::with_identities(Vec<Identity>)
• age::Decryptor::with_identities_and_callbacks(Vec<Identity>, Box<dyn Callbacks>)
• age::Encryptor will insert a random recipient stanza into the header, to
  keep age's joint well oiled.

Changed

• The CLI tools have been moved into the rage crate.
• The age::Decryptor::Keys enum case has been renamed to Identities and
  altered to store a Box<dyn Callbacks> internally.
• age::Decryptor::trial_decrypt and age::Decryptor::trial_decrypt_seekable
  both no longer take a request_passphrase argument.
• age::cli_common::read_secret:
  • Takes an additional prompt parameter.
  • Uses the system pinentry binary for requesting secrets if available.
  • Returns pinentry::Error instead of io::Error.
• age::cli_common::read_or_generate_passphrase now returns pinentry::Error
  instead of io::Error.
• Core age parsers and serializers have been moved into the age-core crate.

Fixed

• Fixed several crashes in the armored format reader, found by fuzzing. The
  reader also now correctly enforces a canonical armor marker and line lengths.
• Recipient stanzas with empty bodies are correctly parsed.

age-core

(relative to age 0.2.0)

Fixed

• Base64 padding is now correctly rejected by the age stanza parser.

rage v0.2.0

Added

• The library crate can be compiled to WASM.
• When encrypting to a passphrase, rage will generate a secure passphrase if the
  user does not provide one.
• SecretKey::to_string -> secrecy::SecretString, which zeroizes most internal
  state. (Zeroizing all internal state requires changes to the bech32 crate.)
• RecipientKey implements Display, and can be converted to a string using
  recipient.to_string().
• Decryptor::with_passphrase constructor.
• --max-work-factor WF argument for rage and rage-mount, to enable overriding
  the default maximum (which is around 16 seconds of work).

Changed

• age::Encryptor::wrap_output now takes an age::Format enum argument instead
  of a boolean flag.
• Recipients are now parsed as filenames last instead of first. If a filename
  happens to also be a valid recipient format, the file will be ignored. This
  can be overridden by using an absolute file path.
• The filename - (hyphen) is now treated as an explicit request to read from
  standard input or write to standard output when used as an input or output
  filename.
• -o - will override protections for terminals when standard output is not
  being piped elsewhere: output will not be truncated, and binary data will be
  printed directly to the terminal.
• Armored encrypted output can now be printed to the terminal. Large files will
  be truncated (to protect the terminal), corrupting the encryption. This can be
  overriden with -o -.
• The Decryptor::Passphrase enum case has been altered to store an optional
  maximum work factor.

Removed

• SecretKey::to_str (replaced by SecretKey::to_string).
• RecipientKey::to_str (replaced by Display implementation and
  recipient.to_string()).

Fixed

• Corrected encoding of example recipients in manpages.
• Re-enabled the default identities file (#41).
• Fixed parser to reject encrypted OpenSSH keys if they contain invalid
  bcrypt_pbkdf parameters.
• [Unix] rage-keygen -o filename now creates files with mode 600 (i.e. the
  output file is no longer world-readable).
• Unknown recipient lines are now parsed and ignored during decryption, instead
  of causing a hard failure.

rage v0.1.1

This time with binaries!

Added

• Debian packaging support via cargo deb. See docs/debian.md
  for details.

Changed

• Moved the num_traits dependency behind the unstable feature flag.
• The generate-docs example now generates (the equivalent of ) gzip -9
  manpages, for ease of use in Debian packaging.

Fixed

• Decrypted chunks inside the STREAM implementation are now zeroized after use.

rage v0.1.0

This is the first beta release of the age crate and rage tool suite.

Note: The 0.X version series is being used for beta releases. The first non-beta release will be version 1.0.0.