[tzs]

What's the materially better option for encrypting files for myself? I currently do this with "gpg -v -ear tzs@...". I want a public key system for this so that I do not need to enter a passphrase when encrypting.

I've read the "Modern Alternatives to PGP" page by George Tankersley that has been frequently cited on HN [1], but all it gives for this is using nacl/box, and suggests Keybase's saltpack as a format.

I'm reluctant to install Keybase just to get their saltpack implementation, since I don't need anything else Keybase does.

It looks like I could easily write something using libsodium to meet my needs, and I've been told that libsodium is sufficiently high level that doing so would not be a violation of the "don't implement your own crypto" advice. Surely, though, there must be some simply tool for this already?

[1] https://blog.gtank.cc/modern-alternatives-to-pgp/

[tptacek]

This really is a problem. If you're not making a backup, and you're not archiving something offline for long-term storage, and you're not encrypting in order to securely send the file to someone else, and you're not encrypting virtual drives that you mount/unmount as needed to get work done, then there's no one good tool that does this now. Filippo Valsorda is working on "age" for these use cases.

What I will say is that while this use case sounds super important (and it is important), it is not as universal as it sounds; the majority of "encrypt this file" uses cases fall into one of the exceptions I provided above, all of which have better tools than PGP today.