Encrypt and sign,
from your phone.

Modern file encryption for iPhone and Android, built on the age protocol — and now it signs too. Encrypt to a GitHub username, sign with a YubiKey over NFC, verify with plain ssh-keygen -Y verify. Bit-perfect with the age CLI. The whole app is open source. No accounts. No tracking. Your keys never leave your device.

age protocol SSHSIG signing security keys open source no accounts no analytics free

The cryptography is public. Read it.

The entire iOS app is open source under Apache-2.0 — not just the crypto core.

AgePonyCore is the pure-Swift heart of the app: the age protocol, SSH key parsing, SSHSIG, the FIDO/CTAP2 + PIN stack, and the tar archiver — each pinned to reference test vectors so it stays bit-compatible with the tools you already trust. Audit it, fork it, or just satisfy yourself that there is no second envelope.

Everything age should be on a phone.

01

Encrypt to a GitHub username

Type a username. AgePony fetches their public SSH keys from github.com/user.keys and encrypts to all of them in one tap — the CLI trick everyone loves, made native.

02

Native age protocol

X25519 key agreement, ChaCha20-Poly1305 streaming. Bit-perfect with the reference age CLI — encrypt here, decrypt there, no surprises.

03

Detached file signing new in 2.0

Produce detached signatures in standard SSHSIG format — the same as ssh-keygen -Y sign. Anyone can verify them with OpenSSH. No AgePony required on the other end.

04

Hardware security keys new in 2.0

Sign with a FIDO security key over NFC — YubiKey, Token2, others. sk-ssh-ed25519 and sk-ecdsa-sha2-nistp256, touch-only or FIDO2-PIN. Tap to sign.

05

SSH keys as recipients

Use any ssh-ed25519 or ssh-rsa public key as a recipient. Encrypt to a server admin without minting new age keys.

06

Multi-file bundles new in 2.0

Pick several files at once. AgePony bundles them into one uncompressed bundle.tar and encrypts that — standard USTAR, unpacked anywhere with tar -xf.

07

Open .age files directly

Long-press any .age file in Files and tap Open in AgePony. It lands straight in the decrypt flow, ready to unwrap with your identity or passphrase.

08

Local-first, zero backend

No account. No cloud sync. No telemetry. Biometric unlock on launch. Your keys live in your device's secure hardware and stay there.

Four taps, no manual.

01

Pick files

One file or many. Many become a single encrypted bundle.tar.age.

02

Choose a recipient

A GitHub username, an SSH key, an age recipient, or just a passphrase.

03

Seal it

AgePony writes a real age file. Share it however you like — it's just bytes.

04

Sign it (optional)

Add a detached SSHSIG signature with a key, the Secure Enclave, or a tap of your YubiKey.

The headline of 2.0: it signs.

Detached signatures in a format the whole SSH world already understands.

  • Standard SSHSIG. Namespace agepony, identical to ssh-keygen -Y sign. Verifiable on any machine with OpenSSH.
  • Sign with anything. An in-app SSH key (ed25519 or RSA), a Secure Enclave key born in hardware and non-exportable, or an external FIDO security key over NFC.
  • Both signature types. Security keys support sk-ssh-ed25519 and sk-ecdsa-sha2-nistp256.
  • PIN-aware. Touch-only keys stay one tap. PIN-protected keys prompt for the FIDO2 PIN only when the key demands it.
  • Verify in-app. Check signatures other people send you, right on the phone.
verify anywhere

No AgePony needed on the other end. Anyone can confirm a signature with the tool they already have:

# they sign on their phone, you verify on a laptop ssh-keygen -Y verify \ -f allowed_signers \ -I friend@example.com \ -n agepony \ -s report.pdf.sig \ < report.pdf # => Good "agepony" signature for friend@example.com

What stays on your device.
Spoiler: everything.

  • No account. Nothing to sign up for, nothing to log into.
  • No server. AgePony has no backend of its own to phone home to.
  • No telemetry. No analytics SDKs, no crash trackers, no ad IDs.
  • One network call, ever. Fetching a GitHub user's public keys — and only when you ask.
  • Hardware-backed keys. Identities live in the device's secure storage; Secure Enclave keys never leave it.
  • Biometric lock. Face ID / fingerprint gate on launch.
the whole privacy policy, in one line

AgePony collects nothing, stores nothing on a server, and the only thing that ever leaves your phone is the ciphertext you choose to share.

Read the full privacy policy — it's short on purpose.

For the people who read the spec.

  • Encryptionage protocol — X25519 + ChaCha20-Poly1305 (STREAM)
  • Passphrase modescrypt work factor, age stanza
  • Recipientsage1…, ssh-ed25519, ssh-rsa, GitHub username
  • SigningSSHSIG, namespace agepony
  • Sign keysed25519, RSA, Secure Enclave (P-256), FIDO sk-*
  • Security keysFIDO2 / CTAP2 over NFC, clientPin (PIN/UV v1)
  • Bundlesuncompressed USTAR tar → single .age
  • Interopbit-perfect with age CLI; SSHSIG verified by OpenSSH
  • PlatformsiOS 18+, Android
  • LicenseApache-2.0 — source

How AgePony stacks up.

AgePonyage CLIPGP apps
Runs on a phone
Encrypt to GitHub username✓ (manual)
SSHSIG signing
Hardware security keys (NFC)some
No key servers / web of trust
No account / no telemetryvaries
Open sourcevaries

See the full comparisons →

Frequently asked.

Is AgePony free?
Yes — free on the App Store and Google Play. No accounts, no subscriptions, no ads, no in-app purchases.
Is it compatible with the age CLI?
Yes. AgePony implements age directly and is bit-perfect with the reference CLI. Encrypt in AgePony, decrypt with age, and vice versa.
Can people verify the signatures it makes?
Yes. Signatures are standard SSHSIG. Anyone with OpenSSH verifies them with ssh-keygen -Y verify — no AgePony needed.
Which security keys work?
FIDO keys over NFC such as YubiKey and Token2. Both sk-ssh-ed25519 and sk-ecdsa-sha2-nistp256, touch-only or FIDO2-PIN protected.
Does AgePony send my data anywhere?
No server, no telemetry. The only network call is fetching a GitHub user's public keys, and only when you ask it to encrypt to a GitHub username.
How is this different from PGPony?
AgePony is the modern age world — small, no key servers. PGPony is the full OpenPGP world with smartcards and GnuPG interop. Same developer, same privacy rules.

Take encryption with you.

Free on iPhone and Android. Open source. No accounts, ever.