#!/bin/bash
set -euo pipefail

# ==============================================================================
# Age Installation Script
# ==============================================================================
# Installs age - Modern, simple file encryption
# 
# Threat Model:
#   - Files at rest without encryption (laptop theft, cloud breaches)
#   - GPG complexity leading to misconfiguration
#   - Key management nightmares
#
# Why Age over GPG:
#   - Simple: One algorithm, no configuration options
#   - Modern: ChaCha20-Poly1305 encryption
#   - Small: Tiny keys and ciphertext overhead
#   - Fast: Optimized for modern processors
#
# Source: https://github.com/FiloSottile/age
# ==============================================================================

# Colors
readonly GREEN='\033[0;32m'
readonly NC='\033[0m'

log() { echo -e "${GREEN}[INFO]${NC} $*"; }

echo "=== Age Installation ==="
echo ""

log "Installing age from Debian repository..."
sudo apt update
sudo apt install -y age

echo ""
log "Verifying installation..."
age --version

echo ""
echo "=== Installation Complete ==="
echo ""
echo "Quick Start:"
echo ""
echo "  Generate a key pair:"
echo "    age-keygen -o key.txt"
echo "    # Save this file securely! It's your private key"
echo ""
echo "  Encrypt a file:"
echo "    age -e -r \$(cat key.txt | grep 'public key' | cut -d: -f2) file.txt > file.txt.age"
echo ""
echo "  Or use recipient's public key:"
echo "    age -e -r age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p file.txt > file.txt.age"
echo ""
echo "  Decrypt a file:"
echo "    age -d -i key.txt file.txt.age > file.txt"
echo ""
echo "  Password-based encryption (no keys needed):"
echo "    age -p file.txt > file.txt.age"
echo "    age -d file.txt.age > file.txt"
echo ""
echo "📖 Documentation: https://github.com/FiloSottile/age"