age

The atago project wrote these specs on its own initiative and runs them in its own CI, to exercise atago against a real program. They are not age’s official test suite, and the age project is not affiliated with atago.

Summary #

2 suites · 6 scenarios

Contents #

age (modern file encryption) #

Source: test/e2e/thirdparty/age/age.atago.yaml

Scenario: keygen writes a key and reports the public half #

only when age --version succeeds

When #

age-keygen -o key.txt
age-keygen -y key.txt

Then #

  • after age-keygen -o key.txt:
    • exit code is 0
    • stderr contains Public key:
    • file key.txt contains AGE-SECRET-KEY-1
  • after age-keygen -y key.txt:
    • exit code is 0
    • stdout matches /(?m)^age1[a-z0-9]+$/

Scenario: encrypt then decrypt round-trips binary bytes exactly #

only when age --version succeeds

Given #

  • Fixture file data.bin is created.

When #

age-keygen -o key.txt
age-keygen -y key.txt
# capture ${pubkey} from stdout
age -r ${pubkey} -o secret.age data.bin
age -d -i key.txt -o out.bin secret.age
cmp data.bin out.bin

Then #

  • after age-keygen -o key.txt:
    • exit code is 0
  • after age -r ${pubkey} -o secret.age data.bin:
    • exit code is 0
  • after age -d -i key.txt -o out.bin secret.age:
    • exit code is 0
  • after cmp data.bin out.bin:
    • exit code is 0

Scenario: armored output is PEM-wrapped #

only when age --version succeeds

Given #

  • Fixture file msg.txt is created.

Inputs #

Fixture msg.txt:

armor me

When #

age-keygen -o key.txt
age-keygen -y key.txt
# capture ${pubkey} from stdout
age -a -r ${pubkey} -o armored.age msg.txt

Then #

  • after age-keygen -o key.txt:
    • exit code is 0
  • after age -a -r ${pubkey} -o armored.age msg.txt:
    • exit code is 0
    • file armored.age contains -----BEGIN AGE ENCRYPTED FILE-----

Scenario: decrypting with the wrong identity fails #

only when age --version succeeds

Given #

  • Fixture file msg.txt is created.

Inputs #

Fixture msg.txt:

for the right key only

When #

age-keygen -o key.txt
age-keygen -y key.txt
# capture ${pubkey} from stdout
age -r ${pubkey} -o secret.age msg.txt
age-keygen -o other.txt
age -d -i other.txt secret.age

Then #

  • after age-keygen -o key.txt:
    • exit code is 0
  • after age -r ${pubkey} -o secret.age msg.txt:
    • exit code is 0
  • after age-keygen -o other.txt:
    • exit code is 0
  • after age -d -i other.txt secret.age:
    • exit code is 1
    • stderr contains no identity matched

Scenario: passphrase mode encrypts and decrypts interactively #

only when age --version succeeds · skipped on Windows

Given #

  • Fixture file msg.txt is created.

Inputs #

Fixture msg.txt:

passphrase protected

When #

# interactive (pty): age -p -o secret.age msg.txt
# interactive (pty): age -d -o out.txt secret.age

Then #

  • exit code is 0
  • file secret.age exists
  • exit code is 0
  • file out.txt contains passphrase protected

Generated artifacts #

  • secret.age

age + changes (single-artifact generator) #

Source: test/e2e/thirdparty/age/changes.atago.yaml

Scenario: age-keygen writes exactly the key file (HOME untouched) #

only when age --version succeeds

Given #

  • The command runs with an isolated home under ${workdir}/.atago-home (HOME/XDG or APPDATA redirected).

When #

age-keygen -o key.txt

Then #

  • exit code is 0
  • the step changed exactly created key.txt, modified nothing, deleted nothing
  • file key.txt contains AGE-SECRET-KEY-1