When TLS is not enough, what options are available for client-side encryption? The age-encryption.org specification presents a modern answer to the problem of file encryption for several common scenarios. With a reference implementation in Go, and a library for Java, the age standard presents a compelling solution for end-to-end file encryption. Apache NiFi has released Processors for encryption and decryption with age, highlighting an example integration approach.

This presentation provides a detailed look at the age standard from the author of the Java implementation. Supporting either password-based or public key exchange strategies, age provides a focused point of extensibility that avoids the pitfalls of algorithm negotiation. Built on authenticated encryption and elliptic curve cryptography, age is not encumbered with historical compatibility concerns. Interoperability is readily achievable with implementations in Go, Java, Python, Rust, and TypeScript, among others.