Usage of -e -i

[puenka]

I'm a bit confused by what's actually happening when using -i to encrypt a file.

The man-page states the following:

If -e/--encrypt is explicitly specified (to avoid confusion),
-i/--identity may also be used to encrypt to the RECIPIENTS
corresponding to the IDENTITIES listed at PATH. This allows
using an identity file as a symmetric key, if desired.

What kind of encryption does this run? Is this equivalent to creating a public key from the identities and encrypting the file with those keys as recipients? Or is this actually a different kind of encryption algorithm, which the documentation implies (as using the identity "as a symmetric key" is something different than using it "like a list of symmetric keys", where I would understand the latter as the procedure outlined above.)

What it definitely doesn't do is using the file itself as a key, in the sense that a copy of the file itself is needed to decrypt. This is clear by the first half of the documentation, but the second half kind of contradicts this, doesn't it?
This can be easily checked by encrypting using -i with a file containing two identities - either single identity can be used to decrypt the file afterwards.

A related question is the recommended storage of keyfiles. The generated keyfile is an identity file with a public key as a comment. Let's call this file keyfile and another file containing just the public key itself (which is a recipient file) keyfile.pub.
I could thus use

age -R keyfile.pub [INPUT]

or

age -e -i keyfile [INPUT]

to encrypt a file. Do these two produce the same output? As there is some randomness involved, I cannot simply check the output files with checksums. Should I keep a separate keyfile.pub on my local machine containing just the public key if I want to encrypt something or is the keyfile itself sufficient because the method is the same?

Maybe these questions even deserve addressing/clarification in the documentation? If I understand what's happening, I'll have my try to incorporate it there!

[FiloSottile]

Is this equivalent to creating a public key from the identities and encrypting the file with those keys as recipients?

Yep!

Do these two produce the same output?

They do!

The idea of -e -i is precisely to make the case you describe—encrypting something to decrypt it with an identity you have available—easier, avoiding the need for a .pub file.

Happy to look at documentation suggestions to make this clearer!

[Suhail9718]

Please hack instagram id.. Its_alvi_shab_boy

[puenka]

Ok that's good!

I suggest removing the above paragraph entirely from the Decryption options section of the manpage, because in my opinion it's actually unexpected to find explanations about encryption there. Instead, add -i to the encryption options as well, like the following:

-i, --identity=PATH
  Encrypt to the recipients given by their IDENTITIES listed at PATH.
  The secret key is used to determine the public key of each identity.
  This allows using only the secret key to encrypt and decrypt like using
  symmetric encryption. For usage of PATH see the section of `-i`
  as a `Decryption option`.

  Encryption mode must be explicitly specified by -e/--encrypt to avoid confusion.

Also, it might be useful to link the RECIPIENTS/IDENTITIES (only the latter in my suggestion) to the corresponding section as is done where it is mentioned elsewhere.

In EXAMPLES, I would add after the first block of commands (generate, encrypt, decrypt):

Equivalently, the data may be encrypted using the secret key of the recipient:
  $ tar cvz ~/data | age -e -i key.txt > data.gar.gz.age

Do you prefer discussing these changes in here or should I create a PR immediately to continue there?

[FiloSottile]

Those are good suggestions, I will take some time to incorporate them later this week, thank you!