https://bugzilla.suse.com/show_bug.cgi?id=1193065 https://bugzilla.suse.com/show_bug.cgi?id=1193065#c10 --- Comment #10 from William Brown <william.brown@suse.com> ---
There might be some confusion about what is meant with "signing" here. What I mean and probably also the AGE spec means, is making sure that a message (encrypted or not) is actually coming from the expected person. As I see it, if I would send a rage encrypted file via email to somebody then there is nothing that would prevent a MITM that has knowledge of the recipient's public key (or identity in AGE terms) from replacing the encrypted file with some other validly encrypted file containing malicious or misleading data.
GPG also doesn't provide this either though ... ;)
If the sole aim is to replace GPG symmetric encryption as outlined in the documentation link above then rage-encryption certainly is a fit. So the purpose of this is then to protect one's own data from leaking into the wrong hands, like file system encryption. I was more thinking about exchanging encrypted data between persons, which is the more typical use of GPG.
Yep, :) -- You are receiving this mail because: You are on the CC list for the bug.