I am trying to encrypt a sensitive file and AGE won’t cut it.
How are we supposed to answer that without the details on why do you think age won’t cut it?
Why not just GnuPG / PGP, and also storing your good passworded private key in a secure place? I’ve not heard of any successful attacks without a private key yet.
Why don’t you just encrypt it over something that does the heavy work for you, like 7zip, Veracrypt, Signal etc?
Heck, what is your threat model?
This is such an open question.
Large files? AES CTR where the key is encrypted by RSA for example.
If on Linux and need automatization, GnuPG works, and you can use RSA keys. It’s slower than symmetric for large files, but I had success encrypting several tens of GB database backups with a 2048 bit key with no issue. The higher key length you go, the slower. But it has the advantage that you only need to keep the public key on the machine you are encrypting on, and keep the private key safely stored away for when you need to decrypt. Unlike for symmetric, when if you need repeatable / automatized encryption, and you’d store the key in a config somewhere on the same machine in plain sight, and because it’s also used for decryption, when leaked you’re done for.
Normally you would go with symmetric and generate a good, random AES key each time you encrypt, use AES for actual encryption which is very FAST, and encrypt just the AES key with RSA / asymmetric. This complicates scripts a lot and you end up with 2 dependent files to take care of (the target encrypted file and the file with the encrypted AES key). But this is the sane way of doing it because asymmetric isn’t ment for large data lengths (not just because of slow speed). HTTPS and SSH work the same way: asymmetric for key exchange handshake (through public certificates), symmetric for the actual communication while oftenly changing the key.
If no automation is necessary, use VeraCrypt containers. You can keep multiple files in a container. You have several symmetric algorithms to pick from and you can control the number of iterations for key derivation. Debatable as to the added security, but you can also choose to chain up to 3 algorithms in your preferred order.
The above covers the tools and somewhat the algos. For key lengths, see here. I wouldn’t go with RSA lower than 4096 these days, elliptic curves is preffered (256 bit +), or AES 256+ in CTR mode. And I’d stay away from lesser known / scrutinized algos.
As others have stated, any recommendation depends on your threat model, how powerful and resourceful are the bad actors you are trying to protect from, how often you need to encrypt, how often to decrypt, the time span for which you need to protect the file, etc.
I usually (but not often enough tbh) refer to owasp documentation, like this one https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html They basically say elliptic curves for asymmetric encryption, or RSA with a key of at least 2048 bits
This is such an open question.
Large files? AES CTR where the key is encrypted by RSA for example.
Openssl has programs that can do this.