Age is designed for a single purpose: Encryption and decryption of files. To create digital signatures use another specialized tool like minisign instead.
Specialized tools are simpler than one do-it-all tool.
> If you encrypt and then sign, an attacker can strip your signature, replace it with their own, and make it look like they encrypted the file even if they don't actually know the contents.
> If you sign and then encrypt, the recipient can decrypt the file, keep your signature, and encrypt it to a different recipient, making it look like you intended to send the file to them.
Both cases assume that the user doesn't understand what a signature means. In either case it means that the signer certified the thing signed. Are paper signatures getting so rare that we are collectively starting to forget this?
Specialized tools are simpler than one do-it-all tool.