A few days ago Filippo Valsorda twitted about a simple, secure and modern encryption tool that will hopefully substitute gpg. Filippo, along with Ben Cox, published a document detailing the output file and key formats as well as some examples. They are calling it age (which might be an acronym for Actually Good Encryption). You can find the document here.
I've been doing mobile security research for a while now but I need to keep up with mobile development as well. In order to do this I usually start random iOS projects to keep learning about the, forever evolving, frameworks and tools. Based on Filippo and Ben's document I decided to create a mobile client for age. I was (am?) super excited about this project because it involves some of my favourite passions: iOS development, mobile security and cryptography.
And while I'm not a cryptographer, I love learning what I can about the field. In this case I got to learn a lot about STREAM schemes, why and how easy it is to convert Ed25519 keys to X25519 keys, nonce-based authenticated encryption (nAE), misuse-resistant authenticated encryption (MRAE) and online authenticated encryption (OAE).
As usual, I open sourced this project. But, once again, I'm not a cryptographer so use it just to learn and if you find any issues please tell me or create a PR and we all get to learn from it. Keep this in mind because my implementation might be completely wrong 😂.
At the moment it only supports X25519 keys, but I'll be adding support for Argon2id, ssh-rsa, ssh-ed25519 in the future. It also has zero UI, I'm not a designer so didn't even try to create something haha but for now you can see the unit tests to learn how it works. I'm also learning Android, I might create the Android version as well, though I'd like to finish the iOS version first.
Photo by chris panas on Unsplash