Skip to content

pinpox/age-plugin-bip39

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
cache_linux.go
cache_linux.go
 
 
cache_other.go
cache_other.go
 
 
demo.gif
demo.gif
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
wordgrid.go
wordgrid.go
 
 

Repository files navigation

age-plugin-bip39

An age plugin that derives encryption keys from BIP39 seed phrases. This lets you use a memorable 24-word mnemonic as your age identity.

demo

Usage

The environment variable AGE_PLUGIN_BIP39_CACHE configures cache TTL for derived keys (default: 10m, 0 to disable). Uses the Linux kernel keyring to store them in memory.

Generate an identity

age-plugin-bip39 -k > identity.txt

An interactive TUI lets you accept a generated phrase or enter your own. The public key is printed to stderr, the identity to stdout.

For non-interactive use, pipe a mnemonic on stdin:

echo "abandon abandon ... art" | age-plugin-bip39 -k > identity.txt

Encrypt

Use the public key shown during keygen:

age -r age1... -o secret.age secret.txt

Decrypt

age -d -i identity.txt secret.age > secret.txt

age will invoke the plugin automatically and prompt for your seed phrase.

How it works

The 24-word mnemonic encodes 256 bits of entropy. The plugin extracts this entropy via BIP39, derives an X25519 keypair using the same method as melt (SHA-512 of the entropy, clamped to a Curve25519 scalar), and uses the standard age X25519 recipient mechanism for encryption and decryption.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages