Skip encryption when input is already in age encrypted and armored form

[batsatt]

First of all, thank you for creating this tool! I considered using zint, but am no expert on QR codes and don't want to become one for this use case. I'm quite happy with the output of paper-age.

I want to backup age identity files using paper-age, but I also want them encrypted locally, in armored form. I'll generate keys using a bash function like so:

createAgeKeyPair() {
    local privateKeyFile="${1}"
    local publicKeyFile="${2}"
    local key=$(rage-keygen 2>1)
    local publicKey=$(echo "${key}" | grep "public key: age1" | awk '{print $NF}')
    echo "${key}" | rage -p -a -o "${privateKeyFile}" -
    echo "${publicKey}" > "${publicKeyFile}"
    unset key
}

When the private key file is passed into paper-age it becomes double encrypted. This would not be a serious problem except for the fact that it is easy to use a different passphrase at this point (e.g. by mistake), rendering it potentially impossible to decrypt.

If you are open to this, it seems to me that the safest way to support what I am asking for is to add a flag to skip encryption IFF the input is in the correct form, resulting in an error if it is not.

[matiaskorhonen]

Hi, that's an interesting idea.

I'll have to think about it a bit…