Add EncryptReader by AlexanderYastrebov · Pull Request #646 · FiloSottile/age

AlexanderYastrebov · 2025-07-28T12:21:44Z

Add EncryptReader function to encrypt io.Reader (pull-based encryption) and use it in cmd/age to get rid of io.Copy.

Updates #644

Add EncryptReader function to encrypt io.Reader (pull-based encryption) and use it in command to get rid of io.Copy. Updates FiloSottile#644 Signed-off-by: Alexander Yastrebov <yastrebov.alex@gmail.com>

gabyx · 2025-09-07T10:30:16Z

This PR is nice and we need it, would it make sense to add this?

func EncryptStream(src io.Reader, recipients ... Recipient) (dst io.Reader, error) {
	pr, pw := io.Pipe()
	return pr, EncryptReader(pw, src, recipients...)
}

We wrap it currently as: https://gitlab.com/data-custodian/custodian/-/blob/88e7389ec5b837672f2b76fd82aaed68a4145e72/components/lib-common/pkg/crypto/reader.go

AlexanderYastrebov · 2025-09-07T22:52:02Z

This PR is nice and we need it, would it make sense to add this?

I think this won't work as writes to pipe will block without corresponding reads.

AlexanderYastrebov · 2025-09-07T22:59:49Z

This PR adds a handy function but what you are looking for is the implementation of #644

FiloSottile · 2025-12-24T23:50:46Z

I'm not sure I follow why this API is needed, or why it requires an internals refactor.

Full pull-based encryption like in #644 I understand, and without an Encrypt(io.Reader) io.Reader API it requires a goroutine, as you point out.

On the other hand, this Encrypt(dst io.Writer, in io.Reader) API only saves a synchronous io.Copy and could be implemented efficiently as

func EncryptReader(dst io.Writer, src io.Reader, recipients ...Recipient) error {
	w, err := age.Encrypt(out, recipients...)
	if err != nil {
		return err
	}
	if _, err := io.Copy(w, in); err != nil {
		return err
	}
	return w.Close()
}

without any other changes, right? Or am I missing something?

AlexanderYastrebov · 2025-12-25T01:07:01Z

only saves a synchronous io.Copy

yes, it avoids unnecessary buffering and copying. I'll close this to avoid confusion.

FiloSottile · 2025-12-25T01:27:20Z

Oh I see, it avoids one of the copies inside io.Copy. We could do that also by implementing ReaderFrom / WriterTo, right? If you’re hitting a throughput bottleneck, I can add that to the I/O improvements I’m working on.

AlexanderYastrebov · 2025-12-25T10:47:03Z

If you’re hitting a throughput bottleneck

TBH, I did not, I just saw a possible optimisation. Making stream.Writer implement ReaderFrom is the better way.