diff --git a/Cargo.lock b/Cargo.lock
index 92fad86..75a92f2 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -148,12 +148,6 @@ dependencies = [
  "memchr",
 ]
 
-[[package]]
-name = "arrayvec"
-version = "0.5.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "23b62fc65de8e4e7f52534fb52b0f3ed04746ae267519eef2a83941e8085068b"
-
 [[package]]
 name = "atty"
 version = "0.2.14"
@@ -208,6 +202,18 @@ version = "1.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693"
 
+[[package]]
+name = "bitvec"
+version = "0.19.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a7ba35e9565969edb811639dbebfe34edc0368e472c5018474c8eb2543397f81"
+dependencies = [
+ "funty",
+ "radium",
+ "tap",
+ "wyz",
+]
+
 [[package]]
 name = "block"
 version = "0.1.6"
@@ -739,6 +745,12 @@ version = "0.10.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "edb1016e8c600060e0099218442fff329a204f6316d6ec974d590d3281517a52"
 
+[[package]]
+name = "funty"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fed34cd105917e91daa4da6b3728c47b068749d6a62c59811f06ed2ac71d9da7"
+
 [[package]]
 name = "fuse"
 version = "0.3.1"
@@ -1123,19 +1135,6 @@ dependencies = [
  "spin",
 ]
 
-[[package]]
-name = "lexical-core"
-version = "0.7.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "db65c6da02e61f55dae90a0ae427b2a5f6b3e8db09f58d10efab23af92592616"
-dependencies = [
- "arrayvec",
- "bitflags",
- "cfg-if 0.1.10",
- "ryu",
- "static_assertions",
-]
-
 [[package]]
 name = "libc"
 version = "0.2.82"
@@ -1232,11 +1231,11 @@ dependencies = [
 
 [[package]]
 name = "nom"
-version = "5.1.2"
+version = "6.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ffb4262d26ed83a1c0a33a38fe2bb15797329c85770da05e6b828ddb782627af"
+checksum = "88034cfd6b4a0d54dd14f4a507eceee36c0b70e5a02236c4e4df571102be17f0"
 dependencies = [
- "lexical-core",
+ "bitvec",
  "memchr",
  "version_check",
 ]
@@ -1471,9 +1470,9 @@ checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
 
 [[package]]
 name = "pinentry"
-version = "0.2.0"
+version = "0.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "df68b5d0eab7fbcbd231ba70565bac680a06faf66e8405a387eb48ad145c1327"
+checksum = "a8266a6e77c40ef16f3d00bfe72ddb6e2fd29384d5b87e6bae1975099aa12921"
 dependencies = [
  "log 0.4.13",
  "nom",
@@ -1594,6 +1593,12 @@ dependencies = [
  "proc-macro2",
 ]
 
+[[package]]
+name = "radium"
+version = "0.5.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "941ba9d78d8e2f7ce474c015eea4d9c6d25b6a3327f9832ee29a4de27f91bbb8"
+
 [[package]]
 name = "rage"
 version = "0.5.0"
@@ -1955,12 +1960,6 @@ version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3"
 
-[[package]]
-name = "static_assertions"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"
-
 [[package]]
 name = "strsim"
 version = "0.10.0"
@@ -1996,6 +1995,12 @@ dependencies = [
  "unicode-xid",
 ]
 
+[[package]]
+name = "tap"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "36474e732d1affd3a6ed582781b3683df3d0563714c59c39591e8ff707cf078e"
+
 [[package]]
 name = "tar"
 version = "0.4.30"
@@ -2333,6 +2338,12 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f8dab7ac864710bdea6594becbea5b5050333cf34fefb0dc319567eb347950d4"
 
+[[package]]
+name = "wyz"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85e60b0d1b5f99db2556934e21937020776a5d31520bf169e851ac44e6420214"
+
 [[package]]
 name = "x25519-dalek"
 version = "1.1.0"
diff --git a/age-core/Cargo.toml b/age-core/Cargo.toml
index d11d7ac..38c9f8d 100644
--- a/age-core/Cargo.toml
+++ b/age-core/Cargo.toml
@@ -29,7 +29,7 @@ rand = "0.7"
 
 # Parsing
 cookie-factory = "0.3.1"
-nom = "5"
+nom = { version = "6", default-features = false, features = ["alloc"] }
 
 # Secret management
 secrecy = "0.7"
diff --git a/age-core/src/format.rs b/age-core/src/format.rs
index ed65672..bb724a8 100644
--- a/age-core/src/format.rs
+++ b/age-core/src/format.rs
@@ -108,7 +108,7 @@ pub mod read {
         bytes::streaming::{tag, take_while, take_while1},
         character::streaming::newline,
         combinator::{map, map_opt, opt, verify},
-        multi::{many0, separated_nonempty_list},
+        multi::{many0, separated_list1},
         sequence::{pair, preceded, terminated},
         IResult,
     };
@@ -189,7 +189,7 @@ pub mod read {
     }
 
     fn legacy_wrapped_encoded_data(input: &[u8]) -> IResult<&[u8], Vec<u8>> {
-        map_opt(separated_nonempty_list(newline, take_b64_line1), |chunks| {
+        map_opt(separated_list1(newline, take_b64_line1), |chunks| {
             // Enforce that the only chunk allowed to be shorter than 64 characters
             // is the last chunk.
             if chunks.iter().rev().skip(1).any(|s| s.len() != 64)
@@ -218,7 +218,7 @@ pub mod read {
             pair(
                 preceded(
                     tag(STANZA_TAG),
-                    terminated(separated_nonempty_list(tag(" "), arbitrary_string), newline),
+                    terminated(separated_list1(tag(" "), arbitrary_string), newline),
                 ),
                 wrapped_encoded_data,
             ),
@@ -232,10 +232,7 @@ pub mod read {
     fn legacy_age_stanza_inner<'a>(input: &'a [u8]) -> IResult<&'a [u8], AgeStanza<'a>> {
         map(
             pair(
-                preceded(
-                    tag(STANZA_TAG),
-                    separated_nonempty_list(tag(" "), arbitrary_string),
-                ),
+                preceded(tag(STANZA_TAG), separated_list1(tag(" "), arbitrary_string)),
                 terminated(opt(preceded(newline, legacy_wrapped_encoded_data)), newline),
             ),
             |(mut args, body)| {
diff --git a/age/Cargo.toml b/age/Cargo.toml
index 3cb0e58..b453cd3 100644
--- a/age/Cargo.toml
+++ b/age/Cargo.toml
@@ -58,7 +58,7 @@ block-modes = { version = "0.7", optional = true }
 
 # Parsing
 cookie-factory = "0.3.1"
-nom = "5"
+nom = { version = "6", default-features = false, features = ["alloc"] }
 
 # Secret management
 secrecy = "0.7"
@@ -77,7 +77,7 @@ rust-embed = "5"
 
 # Common CLI dependencies
 console = { version = "0.13", optional = true }
-pinentry = { version = "0.2", optional = true }
+pinentry = { version = "0.3", optional = true }
 rpassword = { version = "5", optional = true }
 
 [target.'cfg(any(unix, windows))'.dependencies]
diff --git a/age/src/format.rs b/age/src/format.rs
index 3afb38a..44528cd 100644
--- a/age/src/format.rs
+++ b/age/src/format.rs
@@ -77,8 +77,9 @@ impl Header {
                     // parser is constructed, because if we read more than we need, the
                     // remainder of the input will be truncated.
                     let m = data.len();
-                    data.resize(m + n, 0);
-                    input.read_exact(&mut data[m..m + n])?;
+                    let new_len = m + n.get();
+                    data.resize(new_len, 0);
+                    input.read_exact(&mut data[m..new_len])?;
                 }
                 Err(_) => {
                     break Err(DecryptError::InvalidHeader);
@@ -105,8 +106,9 @@ impl Header {
                     // parser is constructed, because if we read more than we need, the
                     // remainder of the input will be truncated.
                     let m = data.len();
-                    data.resize(m + n, 0);
-                    input.read_exact(&mut data[m..m + n]).await?;
+                    let new_len = m + n.get();
+                    data.resize(new_len, 0);
+                    input.read_exact(&mut data[m..new_len]).await?;
                 }
                 Err(_) => {
                     break Err(DecryptError::InvalidHeader);
diff --git a/age/src/ssh.rs b/age/src/ssh.rs
index 851aadc..43cbfe2 100644
--- a/age/src/ssh.rs
+++ b/age/src/ssh.rs
@@ -103,7 +103,7 @@ impl EncryptedKey {
             .cipher
             .decrypt(&self.kdf, passphrase, &self.encrypted)?;
 
-        let parser = read_ssh::openssh_unencrypted_privkey(&self.ssh_key);
+        let mut parser = read_ssh::openssh_unencrypted_privkey(&self.ssh_key);
         parser(&decrypted)
             .map(|(_, sk)| sk)
             .map_err(|_| DecryptError::KeyDecryptionFailed)
@@ -450,7 +450,7 @@ mod read_ssh {
     #[allow(clippy::needless_lifetimes)]
     pub(super) fn openssh_unencrypted_privkey<'a>(
         ssh_key: &[u8],
-    ) -> impl Fn(&'a [u8]) -> IResult<&'a [u8], UnencryptedKey> {
+    ) -> impl FnMut(&'a [u8]) -> IResult<&'a [u8], UnencryptedKey> {
         // We need to own, move, and clone these in order to keep them alive.
         let ssh_key_rsa = ssh_key.to_vec();
         let ssh_key_ed25519 = ssh_key.to_vec();
diff --git a/age/src/util.rs b/age/src/util.rs
index 84fb986..13452d3 100644
--- a/age/src/util.rs
+++ b/age/src/util.rs
@@ -16,7 +16,7 @@ pub(crate) mod read {
     use nom::{
         combinator::map_res,
         error::{make_error, ErrorKind},
-        multi::separated_nonempty_list,
+        multi::separated_list1,
         IResult,
     };
 
@@ -31,15 +31,7 @@ pub(crate) mod read {
         let encoded_count = ((4 * count) + 2) / 3;
 
         move |input: &str| {
-            // take() returns the total number of bytes it needs, not the
-            // additional number of bytes like other APIs.
-            let (i, data) = take(encoded_count)(input).map_err(|e| match e {
-                nom::Err::Incomplete(nom::Needed::Size(n)) if n == encoded_count => {
-                    nom::Err::Incomplete(nom::Needed::Size(encoded_count - input.len()))
-                }
-                e => e,
-            })?;
-
+            let (i, data) = take(encoded_count)(input)?;
             match base64::decode_config(data, config) {
                 Ok(decoded) => Ok((i, decoded)),
                 Err(_) => Err(nom::Err::Failure(make_error(input, ErrorKind::Eof))),
@@ -74,7 +66,7 @@ pub(crate) mod read {
 
         move |input: &str| {
             map_res(
-                separated_nonempty_list(
+                separated_list1(
                     line_ending,
                     take_while1(|c| {
                         let c = c as u8;
diff --git a/fuzz-afl/Cargo.lock b/fuzz-afl/Cargo.lock
index fa3aea5..c970450 100644
--- a/fuzz-afl/Cargo.lock
+++ b/fuzz-afl/Cargo.lock
@@ -100,12 +100,6 @@ dependencies = [
  "winapi",
 ]
 
-[[package]]
-name = "arrayvec"
-version = "0.5.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "23b62fc65de8e4e7f52534fb52b0f3ed04746ae267519eef2a83941e8085068b"
-
 [[package]]
 name = "atty"
 version = "0.2.14"
@@ -135,6 +129,18 @@ version = "1.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693"
 
+[[package]]
+name = "bitvec"
+version = "0.19.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a7ba35e9565969edb811639dbebfe34edc0368e472c5018474c8eb2543397f81"
+dependencies = [
+ "funty",
+ "radium",
+ "tap",
+ "wyz",
+]
+
 [[package]]
 name = "block-buffer"
 version = "0.9.0"
@@ -323,6 +329,12 @@ version = "0.10.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "edb1016e8c600060e0099218442fff329a204f6316d6ec974d590d3281517a52"
 
+[[package]]
+name = "funty"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fed34cd105917e91daa4da6b3728c47b068749d6a62c59811f06ed2ac71d9da7"
+
 [[package]]
 name = "fxhash"
 version = "0.2.1"
@@ -484,19 +496,6 @@ version = "1.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
 
-[[package]]
-name = "lexical-core"
-version = "0.7.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "db65c6da02e61f55dae90a0ae427b2a5f6b3e8db09f58d10efab23af92592616"
-dependencies = [
- "arrayvec",
- "bitflags",
- "cfg-if 0.1.10",
- "ryu",
- "static_assertions",
-]
-
 [[package]]
 name = "libc"
 version = "0.2.82"
@@ -529,11 +528,11 @@ checksum = "0ee1c47aaa256ecabcaea351eae4a9b01ef39ed810004e298d2511ed284b1525"
 
 [[package]]
 name = "nom"
-version = "5.1.2"
+version = "6.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ffb4262d26ed83a1c0a33a38fe2bb15797329c85770da05e6b828ddb782627af"
+checksum = "88034cfd6b4a0d54dd14f4a507eceee36c0b70e5a02236c4e4df571102be17f0"
 dependencies = [
- "lexical-core",
+ "bitvec",
  "memchr",
  "version_check",
 ]
@@ -688,6 +687,12 @@ dependencies = [
  "proc-macro2",
 ]
 
+[[package]]
+name = "radium"
+version = "0.5.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "941ba9d78d8e2f7ce474c015eea4d9c6d25b6a3327f9832ee29a4de27f91bbb8"
+
 [[package]]
 name = "rand"
 version = "0.7.3"
@@ -795,12 +800,6 @@ dependencies = [
  "semver",
 ]
 
-[[package]]
-name = "ryu"
-version = "1.0.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "71d301d4193d031abdd79ff7e3dd721168a9572ef3fe51a1517aba235bd8f86e"
-
 [[package]]
 name = "salsa20"
 version = "0.7.2"
@@ -906,12 +905,6 @@ version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3"
 
-[[package]]
-name = "static_assertions"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"
-
 [[package]]
 name = "strsim"
 version = "0.8.0"
@@ -953,6 +946,12 @@ dependencies = [
  "unicode-xid",
 ]
 
+[[package]]
+name = "tap"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "36474e732d1affd3a6ed582781b3683df3d0563714c59c39591e8ff707cf078e"
+
 [[package]]
 name = "textwrap"
 version = "0.11.0"
@@ -1122,6 +1121,12 @@ version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
 
+[[package]]
+name = "wyz"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85e60b0d1b5f99db2556934e21937020776a5d31520bf169e851ac44e6420214"
+
 [[package]]
 name = "x25519-dalek"
 version = "1.1.0"
diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock
index 42c45ca..0eb4891 100644
--- a/fuzz/Cargo.lock
+++ b/fuzz/Cargo.lock
@@ -86,12 +86,6 @@ version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "64cf76cb6e2222ed0ea86b2b0ee2f71c96ec6edd5af42e84d59160e91b836ec4"
 
-[[package]]
-name = "arrayvec"
-version = "0.5.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "23b62fc65de8e4e7f52534fb52b0f3ed04746ae267519eef2a83941e8085068b"
-
 [[package]]
 name = "base64"
 version = "0.13.0"
@@ -105,10 +99,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cdcf67bb7ba7797a081cd19009948ab533af7c355d5caf1d08c777582d351e9c"
 
 [[package]]
-name = "bitflags"
-version = "1.2.1"
+name = "bitvec"
+version = "0.19.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693"
+checksum = "a7ba35e9565969edb811639dbebfe34edc0368e472c5018474c8eb2543397f81"
+dependencies = [
+ "funty",
+ "radium",
+ "tap",
+ "wyz",
+]
 
 [[package]]
 name = "block-buffer"
@@ -283,6 +283,12 @@ version = "0.10.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "edb1016e8c600060e0099218442fff329a204f6316d6ec974d590d3281517a52"
 
+[[package]]
+name = "funty"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fed34cd105917e91daa4da6b3728c47b068749d6a62c59811f06ed2ac71d9da7"
+
 [[package]]
 name = "fxhash"
 version = "0.2.1"
@@ -444,19 +450,6 @@ version = "1.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
 
-[[package]]
-name = "lexical-core"
-version = "0.7.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "db65c6da02e61f55dae90a0ae427b2a5f6b3e8db09f58d10efab23af92592616"
-dependencies = [
- "arrayvec",
- "bitflags",
- "cfg-if 0.1.10",
- "ryu",
- "static_assertions",
-]
-
 [[package]]
 name = "libc"
 version = "0.2.82"
@@ -498,11 +491,11 @@ checksum = "0ee1c47aaa256ecabcaea351eae4a9b01ef39ed810004e298d2511ed284b1525"
 
 [[package]]
 name = "nom"
-version = "5.1.2"
+version = "6.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ffb4262d26ed83a1c0a33a38fe2bb15797329c85770da05e6b828ddb782627af"
+checksum = "88034cfd6b4a0d54dd14f4a507eceee36c0b70e5a02236c4e4df571102be17f0"
 dependencies = [
- "lexical-core",
+ "bitvec",
  "memchr",
  "version_check",
 ]
@@ -657,6 +650,12 @@ dependencies = [
  "proc-macro2",
 ]
 
+[[package]]
+name = "radium"
+version = "0.5.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "941ba9d78d8e2f7ce474c015eea4d9c6d25b6a3327f9832ee29a4de27f91bbb8"
+
 [[package]]
 name = "rand"
 version = "0.7.3"
@@ -755,12 +754,6 @@ dependencies = [
  "walkdir",
 ]
 
-[[package]]
-name = "ryu"
-version = "1.0.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "71d301d4193d031abdd79ff7e3dd721168a9572ef3fe51a1517aba235bd8f86e"
-
 [[package]]
 name = "salsa20"
 version = "0.7.2"
@@ -851,12 +844,6 @@ version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3"
 
-[[package]]
-name = "static_assertions"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"
-
 [[package]]
 name = "strsim"
 version = "0.10.0"
@@ -892,6 +879,12 @@ dependencies = [
  "unicode-xid",
 ]
 
+[[package]]
+name = "tap"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "36474e732d1affd3a6ed582781b3683df3d0563714c59c39591e8ff707cf078e"
+
 [[package]]
 name = "thiserror"
 version = "1.0.23"
@@ -1040,6 +1033,12 @@ version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
 
+[[package]]
+name = "wyz"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85e60b0d1b5f99db2556934e21937020776a5d31520bf169e851ac44e6420214"
+
 [[package]]
 name = "x25519-dalek"
 version = "1.1.0"
diff --git a/rage/Cargo.toml b/rage/Cargo.toml
index 3920a1f..0ee6b0b 100644
--- a/rage/Cargo.toml
+++ b/rage/Cargo.toml
@@ -52,7 +52,7 @@ i18n-embed = { version = "0.10.2", features = ["desktop-requester", "fluent-syst
 i18n-embed-fl = "0.3"
 lazy_static = "1"
 log = "0.4"
-pinentry = "0.2"
+pinentry = "0.3"
 rust-embed = "5"
 secrecy = "0.7"