Feature Request: Symmetric key streaming AEAD

[nnathan]

I love age from both a tool perspective but as a cryptographic library. But for the latter, it is missing an essential primitive to be a full fledged library which is symmetric key AEAD. It does support symmetric AEAD using passwords, but the cost of a password hash is both computational and energy prohibitive in embedded contexts, and why would you want to spend on these when all you need for your application is a symmetric key.

If symmetric key AEAD were added it would be on parity with Google Tink (that is HPKE, key/password streaming AEAD, and signatures) without the headaches and suffering of a bloated base64/json key/protobuf key export format and without playing silly games to export to a filesystem.

I acknowledge the discussion straddles the spec and implementations. Not sure if the repo for the spec would have been the appropriate place to raise the discussion.

[FiloSottile]

I am not sure I am ready to add high-entropy symmetric encryption, because it feels ripe for abuse by people thinking it's appropriate for passwords.

FWIW, it's very easy to write a plugin that does symmetric wrapping of the file key. Might be less than 50 lines with filippo.io/age/plugin.

Somewhat relatedly, I've wanted to write a spec for just streaming AEAD encryption (without the age header part) forever, and C2SP/C2SP#187 started such a discussion.

[nnathan]

FWIW, it's very easy to write a plugin that does symmetric wrapping of the file key. Might be less than 50 lines with filippo.io/age/plugin.

Thanks for the suggestion; my intent was with a symmetric key AEAD I could use it in Java/Kotlin & C using the respective age implementations. Using a plugin for Go to my understanding would make interplay with a Go API straightforward but I would also have to amend other implementations as well; not against this, but it would be duplicative work and I’d have to maintain all the libraries where I would want to use my supplied functionality.