mirror of
https://github.com/FiloSottile/age.git
synced 2026-03-11 08:55:41 +00:00
Merge ea07fd77f4 into 4a3a4ef00a
This commit is contained in:
commit
b564a0996b
9 changed files with 21 additions and 17 deletions
|
|
@ -1,6 +1,6 @@
|
|||
.\" generated with Ronn-NG/v0.9.1
|
||||
.\" http://github.com/apjanke/ronn-ng/tree/0.9.1
|
||||
.TH "AGE\-INSPECT" "1" "December 2025" ""
|
||||
.TH "AGE\-INSPECT" "1" "January 2026" ""
|
||||
.SH "NAME"
|
||||
\fBage\-inspect\fR \- inspect age(1) encrypted files
|
||||
.SH "SYNOPSIS"
|
||||
|
|
|
|||
|
|
@ -195,7 +195,7 @@ Tip: for machine-readable output, use --json.
|
|||
|
||||
<ol class='man-decor man-foot man foot'>
|
||||
<li class='tl'></li>
|
||||
<li class='tc'>December 2025</li>
|
||||
<li class='tc'>January 2026</li>
|
||||
<li class='tr'>age-inspect(1)</li>
|
||||
</ol>
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
.\" generated with Ronn-NG/v0.9.1
|
||||
.\" http://github.com/apjanke/ronn-ng/tree/0.9.1
|
||||
.TH "AGE\-KEYGEN" "1" "December 2025" ""
|
||||
.TH "AGE\-KEYGEN" "1" "January 2026" ""
|
||||
.SH "NAME"
|
||||
\fBage\-keygen\fR \- generate age(1) key pairs
|
||||
.SH "SYNOPSIS"
|
||||
|
|
|
|||
|
|
@ -150,7 +150,7 @@ age1pq1cd[... 1950 more characters ...]
|
|||
|
||||
<ol class='man-decor man-foot man foot'>
|
||||
<li class='tl'></li>
|
||||
<li class='tc'>December 2025</li>
|
||||
<li class='tc'>January 2026</li>
|
||||
<li class='tr'>age-keygen(1)</li>
|
||||
</ol>
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
.\" generated with Ronn-NG/v0.9.1
|
||||
.\" http://github.com/apjanke/ronn-ng/tree/0.9.1
|
||||
.TH "AGE\-PLUGIN\-BATCHPASS" "1" "December 2025" ""
|
||||
.TH "AGE\-PLUGIN\-BATCHPASS" "1" "January 2026" ""
|
||||
.SH "NAME"
|
||||
\fBage\-plugin\-batchpass\fR \- non\-interactive passphrase encryption plugin for age(1)
|
||||
.SH "SYNOPSIS"
|
||||
|
|
|
|||
|
|
@ -174,7 +174,7 @@ persisted in the shell history or leaked to other users on multi-user systems.</
|
|||
|
||||
<ol class='man-decor man-foot man foot'>
|
||||
<li class='tl'></li>
|
||||
<li class='tc'>December 2025</li>
|
||||
<li class='tc'>January 2026</li>
|
||||
<li class='tr'>age-plugin-batchpass(1)</li>
|
||||
</ol>
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
.\" generated with Ronn-NG/v0.9.1
|
||||
.\" http://github.com/apjanke/ronn-ng/tree/0.9.1
|
||||
.TH "AGE" "1" "December 2025" ""
|
||||
.TH "AGE" "1" "January 2026" ""
|
||||
.SH "NAME"
|
||||
\fBage\fR \- simple, modern, and secure file encryption
|
||||
.SH "SYNOPSIS"
|
||||
|
|
|
|||
|
|
@ -461,7 +461,7 @@ $ age -d -i age-yubikey-identity-388178f3.txt secrets.txt.age
|
|||
|
||||
<ol class='man-decor man-foot man foot'>
|
||||
<li class='tl'></li>
|
||||
<li class='tc'>December 2025</li>
|
||||
<li class='tc'>January 2026</li>
|
||||
<li class='tr'>age(1)</li>
|
||||
</ol>
|
||||
|
||||
|
|
|
|||
|
|
@ -189,7 +189,10 @@ func NewEncryptWriter(key []byte, dst io.Writer) (*EncryptWriter, error) {
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &EncryptWriter{a: aead, dst: dst}, nil
|
||||
// We write at most ChunkSize bytes and
|
||||
// need extra capacity to encrypt in place.
|
||||
const capacity = ChunkSize + chacha20poly1305.Overhead
|
||||
return &EncryptWriter{a: aead, dst: dst, buf: *bytes.NewBuffer(make([]byte, 0, capacity))}, nil
|
||||
}
|
||||
|
||||
func (w *EncryptWriter) Write(p []byte) (n int, err error) {
|
||||
|
|
@ -246,7 +249,7 @@ func (w *EncryptWriter) flushChunk(last bool) error {
|
|||
if last {
|
||||
setLastChunkFlag(&w.nonce)
|
||||
}
|
||||
w.buf.Grow(chacha20poly1305.Overhead)
|
||||
// We know w.buf.Bytes() has enough capacity for the overhead.
|
||||
ciphertext := w.a.Seal(w.buf.Bytes()[:0], w.nonce[:], w.buf.Bytes(), nil)
|
||||
_, err := w.dst.Write(ciphertext)
|
||||
incNonce(&w.nonce)
|
||||
|
|
@ -272,7 +275,11 @@ func NewEncryptReader(key []byte, src io.Reader) (*EncryptReader, error) {
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &EncryptReader{a: aead, src: src}, nil
|
||||
// We read at most ChunkSize + 1 bytes from src and
|
||||
// need extra capacity to encrypt in place and
|
||||
// to prevent r.buf.ReadFrom from growing the buffer.
|
||||
const capacity = ChunkSize + 1 + max(chacha20poly1305.Overhead, bytes.MinRead)
|
||||
return &EncryptReader{a: aead, src: src, buf: *bytes.NewBuffer(make([]byte, 0, capacity))}, nil
|
||||
}
|
||||
|
||||
func (r *EncryptReader) Read(p []byte) (int, error) {
|
||||
|
|
@ -312,16 +319,14 @@ func (r *EncryptReader) feedBuffer() error {
|
|||
return err
|
||||
}
|
||||
|
||||
if last := r.buf.Len() <= ChunkSize; last {
|
||||
if r.buf.Len() <= ChunkSize {
|
||||
setLastChunkFlag(&r.nonce)
|
||||
|
||||
// After Grow, we know r.buf.Bytes() has enough capacity for the
|
||||
// overhead. We encrypt in place and then do a Write to include the
|
||||
// We know r.buf.Bytes() has enough capacity for the overhead.
|
||||
// We encrypt in place and then do a Write to include the
|
||||
// overhead in the buffer.
|
||||
r.buf.Grow(chacha20poly1305.Overhead)
|
||||
plaintext := r.buf.Bytes()
|
||||
r.a.Seal(plaintext[:0], r.nonce[:], plaintext, nil)
|
||||
incNonce(&r.nonce)
|
||||
r.buf.Write(plaintext[len(plaintext) : len(plaintext)+chacha20poly1305.Overhead])
|
||||
r.ready = r.buf.Len()
|
||||
|
||||
|
|
@ -335,7 +340,6 @@ func (r *EncryptReader) feedBuffer() error {
|
|||
panic("stream: internal error: unexpected buffer length")
|
||||
}
|
||||
tailByte := r.buf.Bytes()[ChunkSize]
|
||||
r.buf.Grow(chacha20poly1305.Overhead)
|
||||
plaintext := r.buf.Bytes()[:ChunkSize]
|
||||
r.a.Seal(plaintext[:0], r.nonce[:], plaintext, nil)
|
||||
incNonce(&r.nonce)
|
||||
|
|
|
|||
Loading…
Reference in a new issue