Change default recipient type to p256tag

Identities generated with older versions of `age-plugin-yubikey` show
their legacy recipient in comments; newer identities only show the new
recipient.
This commit is contained in:
Jack Grigg
2025-12-21 13:44:19 +00:00
parent 971d63957c
commit 0068b1f343
9 changed files with 107 additions and 48 deletions
+7 -5
View File
@@ -108,15 +108,17 @@ standard output:
$ age-plugin-yubikey --list
```
To encrypt files to these YubiKey recipients, ensure that `age-plugin-yubikey`
is accessible in your `PATH`, and then use the recipients with an age client as
normal (e.g. `rage -r age1yubikey1...`).
To encrypt files to these YubiKey recipients, ensure you have a recent version
of an age client, and then use the recipients with it as normal (e.g.
`rage -r age1tag1...`). If this does not work, make `age-plugin-yubikey`
accessible in your `PATH` with the name `age-plugin-tag` and try again.
The output of the `--list` command can also be used directly to encrypt files to
all recipients (e.g. `age -R filename.txt`).
To decrypt files encrypted to a YubiKey identity, pass the identity file to the
age client as normal (e.g. `rage -d -i yubikey-identity.txt`).
To decrypt files encrypted to a YubiKey identity, ensure that
`age-plugin-yubikey` is accessible in your `PATH`, and then pass the identity
file to the age client as normal (e.g. `rage -d -i yubikey-identity.txt`).
## Advanced topics