ssh-to-age 0.2.0

Convert OpenSSH Ed25519 keys to age encryption keys.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

# ๐Ÿ” ssh-to-age

Convert SSH Ed25519 keys to age keys. This is useful for usage in [sops-nix](https://github.com/Mic92/sops-nix) and [sops](https://github.com/getsops/sops).

This crate fills a gap in the Rust ecosystem: there is currently no Rust-native library to convert Ed25519 SSH keys into [age](https://github.com/FiloSottile/age) compatible X25519 keys.\
Crate like [rage](https://github.com/str4d/rage), doesn't convert my ssh key as exepected.\
With this, you can reuse your existing SSH keypair for encryption โ€” no need to manage a separate key just for age.

## ๐Ÿง  Why?

Age supports encrypting to X25519 public keys. Since SSH Ed25519 keys are widely supported and already in use, this library converts them into age-compatible X25519 keys:

- โœ… Ed25519 keys are compact, secure, and already in use for SSH.
- โœ… Age uses X25519, a related elliptic curve, for encryption.
- ๐Ÿ”„ This library converts Ed25519 to X25519 using proper cryptographic primitives.

Age can derive an encryption key from that public key, avoiding the need to manage yet another keypair.

## ๐Ÿ” What is Ed25519?

Ed25519 is a signature scheme based on the Edwards form of Curve25519. It is used for signing and is known for its speed and security.

## ๐Ÿ“ฆ What is age?

age is a modern, simple, and secure file encryption tool โ€” a user-friendly alternative to GPG.

## ๐Ÿ“ƒ What does this library do?

- โœ… Parses OpenSSH Ed25519 private and public keys
- ๐Ÿ” Converts them to age-compatible X25519 keys
- ๐Ÿงพ Returns them in the correct Bech32m format (age1..., AGE-SECRET-KEY-...)
- ๐Ÿ› ๏ธ Easily integrable in Rust projects

## ๐Ÿš€ Example Use Case

For use in `sops-nix`, where age recipients are typically stored in your Nix config:

```nix
sops.age.keyFile = "/path/to/your/AGE-SECRET-KEY-...";
```

Instead of generating a new age key, just convert your existing SSH key.

## ๐Ÿค Acknowledgements

This rust lib is inspired by the excellent work done by [Mic92](https://github.com/Mic92/dotfiles) and his repositorie [ssh-to-age](https://github.com/Mic92/ssh-to-age).

---

Let me know if you have any suggestion.