11 July 2024

Leveling up Cryptography at Charm

By Bashbunni

filippo held hostage in charm office
Filippo trapped at Charm HQ

Supporting open source

If you’re familiar with Charm tools, you’ll know we love SSH. Filippo casually maintains the cryptography packages that ship as part of the Go standard library. This includes our beloved golang.org/x/crypto/ssh, crypto/ed25519, and age packages. Insanely impressive!

We’re thrilled to support his work on these open source packages that are so critical for us.

Becoming a full-time open source maintainer…at scale

Instant noodles not required

Filippo is revolutionizing what it means to be an open source maintainer by finding creative ways to make this line of work sustainable…and it’s working!

So well, in fact, that he’s expanding his operation into a firm of full-time independent open source maintainers, known collectively as Geomys. First on the roster are Nicola Murino, who is the dedicated maintainer for golang.org/x/crypto/ssh, and Dominik Honnef who maintains staticcheck and gotraceui.

We’re proud and honored to support him and Geomys on their journey while they support our team with their vast knowledge of cryptography and Go expertise. In working with Geomys, we are maximizing our potential by connecting with the maintainers of tools we depend on and love.

You can hear the entire story in his own words over on his blog.

Encrypted files with SSH keys?!

age logo
Pronounced with a hard G, like chicken karaage.
$ age -R ~/.ssh/id_ed25519.pub example.jpg > example.jpg.age
$ age -d -i ~/.ssh/id_ed25519 example.jpg.age > example.jpg

Behind the scenes, we’ve been honing Charm’s encryption tooling. Naturally, this brought us to age, a file encryption tool, format, and Go library built by @FiloSottile and friends.

SSH

We love finding creative ways to use the SSH protocol (see wish, melt, wishlist). This is why age really stands out to us. It supports encrypting files to SSH public keys (both ssh-rsa and ssh-ed25519) which can then be decrypted with their corresponding private keys. Hello?! That is so cool. We’re all totally geeking out over here.

This also means it’s suddenly convenient to encrypt documents for non-GPG users, for example, after yoinking SSH public keys from a GitHub profile like so.

$ curl https://github.com/benjojo.keys | age -R - example.jpg > example.jpg.age

File encryption beyond GPG

When people think file encryption, GnuPG is typically what comes to mind. Given this, let’s compare GnuPG and age. There was a discussion about it on GitHub, but I’ll give you the summary.

Age makes it easy to encrypt using common best practices as these are defined by the age developers as defaults. GnuPG requires the user to be more aware of these best practices to get the right results with the tool. If you don’t know much about which encryption protocols to use depending on the context, no worries, age gives you training wheels so you can’t fall off the cryptographic bike.

We’ll leave it to you to decide for yourself if you’re ready to be an age superfan.

Additional reading (for the nerds)

Whatcha think?

Have some feedback on this post? We’d love to hear. Let us know in Discord or via email at vt100@charm.sh.

EOF

Read this post in your terminal with Glow:

glow -p https://charm.sh/blog/geomys.md Copied!

By Bashbunni

11 July 2024

Bashbunni is a coder and developer advocate at Charm. She supports the community by hacking on cool stuff in public and creating educational content.

Lets chat!

Have a question about a command line thing you’re building? Got an idea for a new feature? Just wanna hang out? You’re always welcome in the Charm Discord.