On 2023-05-08, Stuart Longland <stua...@longlandclan.id.au> wrote: > Silly question… is there a tool for encrypting files with asymmetric > keys on OpenBSD? I'm aware of GnuPG in ports, and I'm fine with using > that, however I'm curious to know what other options there are out > there, especially options that are part of the base system. > > I know OpenSSL (and likely LibreSSL) can do RSA for this purpose, > although its CLI is more of a debugging tool than an actual encryption > tool.
to be fair, gpg's CLI seems more like a debugging tool too ;) > I'd also like to use ECC keys (ideally ED25519) for future > proofing, since RSA is getting quite long in the tooth now. Ed25519 is used for signing not encrypting. But Ed25519 keys can be converted and used for encryption; "age" has convenience support for doing this with Ed25519 ssh keys, and might generally be something that works for your use case. It's not in base though. https://words.filippo.io/using-ed25519-keys-for-encryption/ Another possibility is libsodium's crypto_box API but will need more self-assembly as afaik there's no standard CLI tool using this.
