Age is designed for a single purpose: Encryption and decryption of files. To create digital signatures use another specialized tool like minisign instead.

Specialized tools are simpler than one do-it-all tool.

Simpler, but not necessarily as capable! From < https://words.filippo.io/dispatches/age-authentication/>:

> If you encrypt and then sign, an attacker can strip your signature, replace it with their own, and make it look like they encrypted the file even if they don't actually know the contents.

> If you sign and then encrypt, the recipient can decrypt the file, keep your signature, and encrypt it to a different recipient, making it look like you intended to send the file to them.

Both cases assume that the user doesn't understand what a signature means. In either case it means that the signer certified the thing signed. Are paper signatures getting so rare that we are collectively starting to forget this?

> make it look like they encrypted the file even if they don't actually know the contents.

I might as well encrypt a message "add $10000 to my account" with the bank's public key, sign it with my own key and send it...

Afaik the x25519 recipient uses chacha20poly1305 which is authenticated

Only in the case of symmetrical encryption. Then the authentication is based on the shared secret key.