1. 5

  2. 1

    Nice idea but :

    • I don’t see any documentation about the underlying algorithms used. (I may miss an obvious link)
    • Has it been reviewed independently ?
    1. 2

      The two software utilies being used are “age” and OpenSSH.

      In the case of “age”, the project is on GitHub. The specification is a Google Doc (linked in the project’s README). The underlying algorithms for age are:

      • RFC 4648 base64 without padding.
      • ChaCha20-Poly1305 from RFC 7539 with a zero nonce.
      • X25519 from RFC 7748, including the all-zeroes output check.
      • 32 bytes of HKDF from RFC 5869 with SHA-256.
      • HMAC from RFC 2104 with SHA-256.
      • 32 bytes of scrypt from RFC 7914 with r = 8 and P = 1.
      • RSAES-OAEP from RFC 8017 with SHA-256 and MGF1.
      • The system CSPRNG, such as /dev/urandom.

      I’m not aware of an independent audit of age.

      In the case of OpenSSH, it’s taking advantage of SSH certificate signing and verification. In his example, ED25519 is the core primitive used.