Was playing with GPG a few months ago, but it’s a giant plodding unwieldy piece of crap (yeah I guess people who’ve been using it for years or decades swear by it - I’m not one of them)…
Then the other day (~week ago?) I found “age” :
and it kicks arse, and nicely follows the UNIX philosophy…
I’ve used it to build my own password management “system”… HATE using that clunky piece of crap KeepAss (and all its many forks and variants!) - it looks and feels like something written for Windows 3.1… Sure its kludgy, and clunky (my password system) and I’m hoping messy and complex enough to obfuscate simple basic snooping by other parties, i.e. it wouldn’t stop someone determined, but also - where I’m travelling with that info, its on a fully encrypted HDD using LUKS or Apple’s system - there’s a tiny risk if someone got into my house and stole my desktop computer, piecing it all together, but if I got burgled and my desktop computer stolen, compromised passwords is the least of my worries!
So - now - using AGE I can “on the fly” decrypt and read encrypted text files (they’re never written, but I’m guessing they’re probably in RAM somewhere) - in the terminal…
And I use AGE to decrypt them to plain text files again, edit them, then re-encrypt (manual steps).
I’m using Resilio Sync to synchronise that across 5 computers, one of which is readonly (so I can only decrypt for read), and one of which is a “Resilio Sync” encrypted folder (EVERYTHING in that folder is encrypted - not just my “age” encrypted files) which I can then use to sync and “decrypt” a 5th target - e.g. when/if I go back into the office, I can RSL unencrypted sync from the encrypted sync folder. I host the RSL encrypted target on my RPi Zero W “gadget”…
I’ve ordered a Pi Zero 2 W to replace the Pi Zero W (similar specs, same RAM, except instead of 1 armel/armhf core, I’ve got 4 arm64 cores - note : I’ll still run 32 bit armhf Raspbian on there). Resilio Syncs a PITA on RPi Zero (which the developers don’t seem interested in fixing) - the only binaries that run properly on a Pi Zero are built for armel, when the Pi Zero is actually armhf, so to get RSL to work on the Pi Zero, have to --add-architecture armel, then install the armel DEB package (which then results in subsequent ugly messages when running “apt update” - but they’re only warnings, doesn’t seem to have broken anything, and default when installing new packages is to pull them from armhf repos).
And now I’m just figuring out how to get the age binaries installed on my NAS (FreeNAS i.e. FreeBSD 11.3 - but - not easy to install FreeBSD packages on there - the TrueNAS / FreeNAS have hobbled the pkg subsystem). I’m firing up a FreeBSD 11.4 VM so I can try and install age on there, then copy the binary over to my $HOME on my FreeBSD shell on my FreeNAS… Man FreeBSD can seem like a piece of crap at times : WTF is this :
root@osboxes:/usr/local # pkg install ports-mgmt/pkg
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:11:amd64/quarterly, please wait...
pkg: Error fetching http://pkg.FreeBSD.org/FreeBSD:11:amd64/quarterly/Latest/pkg.txz: Not Found
A pre-built version of pkg could not be found for your system.
Consider changing PACKAGESITE or installing it from ports: 'ports-mgmt/pkg'.
This is exactly the sort of shit that scares away the casual, and is why NONE of the BSD’s will EVER succeed against Linux distributions, and I’m guessing the developers / maintainers aren’t even remotely interested addressing shonky stuff like this… FFS - even Solaris is better than this!
Imagine if you’re a developer, and reading some doco and doing some stuff in Debian or CentOS and they suggest :
sudo apt update
And you find there’s NO APT binary installed on your f–king system! How the F do you install “apt” if apt’s not installed? Thankfully that’s not an issue on most Linux distros… But that doesn’t help me install PKG if PKG is not F–KING INSTALLED!
Here’s how I intend to use the completely encrypted RSL folder stored on my Pi Zero gadget - e.g. I take it to work (intending to return to the office soonish - WFH is fine and dandy, but not ALL the time!) - then setup Resilio Sync on my work computer, using RSL keys, to sync unencrypted from the Pi Zero’s encrypted copy…
– edit – update –
Note also - someone’s done a rust port of age called “rage” … I know so little about Go (Google’s version of C / C++ ?) and Rust so not in any position to have an opinion…
– edit – update 2 –
I think part of my problem is that my FreeNAS is running 11.3, and that’s been superceded by FreeBSD 12 and 13 trains… still f–king ridiculous error that the package manager cannot install the package manager!
I’m now looking at upgrading my FreeNAS 11 to TrueNAS 12…
– edit – update 3 –
Well that was surprisingly painless… I’m now a TrueNAS user, no longer a FreeNAS user… Took maybe 15 minutes??? Booted up just fine - and there’s my config and my NFS share (and my SMB shares of the same data), and my Resilio Sync jail (which, despite no longer being installable as a plugin on later versions of FreeNAS and TrueNAS - the jail was migrated successfully!).
Edited /etc/pkg/local.conf and disabled it, edited /etc/pkg/FreeBSD.conf and enabled it.
root@baphomet[/usr/local/etc/pkg/repos]# uname -a
FreeBSD baphomet.local 12.2-RELEASE-p14 FreeBSD 12.2-RELEASE-p14 325282c09a5(HEAD) TRUENAS amd64
root@baphomet[/usr/local/etc/pkg/repos]# uname -a
FreeBSD baphomet.local 12.2-RELEASE-p14 FreeBSD 12.2-RELEASE-p14 325282c09a5(HEAD) TRUENAS amd64
root@baphomet[/usr/local/etc/pkg/repos]# cat FreeBSD.conf
FreeBSD: {
enabled: yes
}
Update and install :
root@baphomet[/usr/local/etc/pkg/repos]# pkg update
Updating FreeBSD repository catalogue...
Fetching meta.conf: 100% 163 B 0.2kB/s 00:01
Fetching packagesite.txz: 100% 6 MiB 388.8kB/s 00:17
Processing entries: 0%
Newer FreeBSD version for package zxfer:
To ignore this error set IGNORE_OSVERSION=yes
- package: 1203000
- running kernel: 1202000
Ignore the mismatch and continue? [Y/n]: y
Processing entries: 100%
FreeBSD repository update completed. 31692 packages processed.
All repositories are up to date.
root@baphomet[/usr/local/etc/pkg/repos]# pkg install age
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
New version of pkg detected; it needs to be installed first.
The following 1 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
pkg: 1.14.6 -> 1.18.3 [FreeBSD]
Number of packages to be upgraded: 1
The operation will free 28 MiB.
7 MiB to be downloaded.
Proceed with this action? [y/N]: y
[1/1] Fetching pkg-1.18.3.pkg: 100% 7 MiB 702.6kB/s 00:11
Checking integrity... done (0 conflicting)
[1/1] Upgrading pkg from 1.14.6 to 1.18.3...
[1/1] Extracting pkg-1.18.3: 100%
pkg: Failed to execute lua script: [string "-- args: etc/pkg.conf.sample..."]:12: attempt to call a nil value (field 'stat')
pkg: lua script failed
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
age: 1.0.0_4 [FreeBSD]
Number of packages to be installed: 1
The process will require 5 MiB more space.
1 MiB to be downloaded.
Proceed with this action? [y/N]: y
[1/1] Fetching age-1.0.0_4.pkg: 100% 1 MiB 593.4kB/s 00:02
Checking integrity... done (0 conflicting)
[1/1] Installing age-1.0.0_4...
[1/1] Extracting age-1.0.0_4: 100%
and I’ve got it! I’ve got age running on FreeBSD 12… Woo Hoo! And the “portable” binary for rslsync on FreeBSD (compiled on 10.2) still works in 12.2 !