Feature Request (library): Encrypt for io.Reader

[FiloSottile]

Discussed in https://github.com/FiloSottile/age/discussions/638

^{Originally posted by dsemi June 20, 2025} The age library API is currently implemented to allow for decrypting a Reader, or encrypting a Writer. I have a use case where it would be more convenient to be able to encrypt a Reader to allow for logic to happen in between an encrypted stream and its destination. I guess another way to phrase this would be that decrypting is pull-based, and encrypting is push-based, but I'd like to be able to use pull-based encrypting.

Note that you can sort of work around the issue by using Go's io.Pipe, but that requires an extra goroutine and the error-handling along with it that I'd like to avoid if possible.

I'd be happy to contribute a PR for this if there's no technical limitation as to why this wouldn't work. I took a quick look at internal/stream/stream.go and didn't see any obvious issue, but I might be missing something. I don't personally have a need for it, but for symmetry I think a decrypting writer could be added as well.

[gabyx]

Jeah we need this actually: currently for us the following works: https://gitlab.com/data-custodian/custodian/-/blob/88e7389ec5b837672f2b76fd82aaed68a4145e72/components/lib-common/pkg/crypto/reader.go