Switching from GPG to Age
17 days ago
- #encryption
- #workflow
- #security
- The author previously used GPG keys stored on YubiKeys for encryption and signing, following drduh's guide.
- As sub-keys neared expiration, the author considered renewing or rotating them but decided to let them expire due to primarily using them for encryption.
- The author is now experimenting with 'age' for encryption and 'minisign' for signatures.
- Switched from 'pass' to 'passage' (a fork of 'pass' using 'age') for password management, with an easy migration script provided.
- No installer for 'passage' exists, but it's a simple shell script that can be placed on the $PATH.
- The author no longer uses 'gpg-agent' for SSH, opting for dedicated SSH keys per machine for better security and monitoring.
- Started using 'chezmoi' for encrypted configuration files, including storing secrets like paid fonts in a public repo.
- Found setting up 'age' with YubiKeys using 'age-plugin-yubikey' much easier than GPG, taking only 30 minutes.
- The author enjoys exploring new tools for core workflows, finding 'age' to be a refreshing and efficient alternative.