Encrypt and sign,
from your phone.
Modern file encryption for iPhone and Android, built on the age protocol — and now
it signs too. Encrypt to a GitHub username, sign with a YubiKey over NFC, verify with
plain ssh-keygen -Y verify. Bit-perfect with the age CLI. The whole app is
open source. No accounts. No tracking. Your keys never leave your device.
The cryptography is public. Read it.
The entire iOS app is open source under Apache-2.0 — not just the crypto core.
AgePonyCore is the pure-Swift heart of the app: the age protocol, SSH key parsing,
SSHSIG, the FIDO/CTAP2 + PIN stack, and the tar archiver — each pinned to reference test vectors so
it stays bit-compatible with the tools you already trust. Audit it, fork it, or just satisfy yourself
that there is no second envelope.
Everything age should be on a phone.
Encrypt to a GitHub username
Type a username. AgePony fetches their public SSH keys from github.com/user.keys and encrypts to all of them in one tap — the CLI trick everyone loves, made native.
Native age protocol
X25519 key agreement, ChaCha20-Poly1305 streaming. Bit-perfect with the reference age CLI — encrypt here, decrypt there, no surprises.
Detached file signing new in 2.0
Produce detached signatures in standard SSHSIG format — the same as ssh-keygen -Y sign. Anyone can verify them with OpenSSH. No AgePony required on the other end.
Hardware security keys new in 2.0
Sign with a FIDO security key over NFC — YubiKey, Token2, others. sk-ssh-ed25519 and sk-ecdsa-sha2-nistp256, touch-only or FIDO2-PIN. Tap to sign.
SSH keys as recipients
Use any ssh-ed25519 or ssh-rsa public key as a recipient. Encrypt to a server admin without minting new age keys.
Multi-file bundles new in 2.0
Pick several files at once. AgePony bundles them into one uncompressed bundle.tar and encrypts that — standard USTAR, unpacked anywhere with tar -xf.
Open .age files directly
Long-press any .age file in Files and tap Open in AgePony. It lands straight in the decrypt flow, ready to unwrap with your identity or passphrase.
Local-first, zero backend
No account. No cloud sync. No telemetry. Biometric unlock on launch. Your keys live in your device's secure hardware and stay there.
Four taps, no manual.
Pick files
One file or many. Many become a single encrypted bundle.tar.age.
Choose a recipient
A GitHub username, an SSH key, an age recipient, or just a passphrase.
Seal it
AgePony writes a real age file. Share it however you like — it's just bytes.
Sign it (optional)
Add a detached SSHSIG signature with a key, the Secure Enclave, or a tap of your YubiKey.
The headline of 2.0: it signs.
Detached signatures in a format the whole SSH world already understands.
- Standard SSHSIG. Namespace
agepony, identical tossh-keygen -Y sign. Verifiable on any machine with OpenSSH. - Sign with anything. An in-app SSH key (ed25519 or RSA), a Secure Enclave key born in hardware and non-exportable, or an external FIDO security key over NFC.
- Both signature types. Security keys support
sk-ssh-ed25519andsk-ecdsa-sha2-nistp256. - PIN-aware. Touch-only keys stay one tap. PIN-protected keys prompt for the FIDO2 PIN only when the key demands it.
- Verify in-app. Check signatures other people send you, right on the phone.
No AgePony needed on the other end. Anyone can confirm a signature with the tool they already have:
Made for people who already live in a terminal.
Developers
Encrypt a secret to a teammate's GitHub keys before you've finished your coffee. Sign a release artifact with the YubiKey already on your keychain.
Sysadmins & SRE
Ship a credential to a server admin using the SSH key that's already in authorized_keys. No new key material to manage.
Journalists & sources
A source with a phone and your public key can send you an encrypted, signed file — no PGP onboarding, no key servers, no metadata trail.
What stays on your device.
Spoiler: everything.
- No account. Nothing to sign up for, nothing to log into.
- No server. AgePony has no backend of its own to phone home to.
- No telemetry. No analytics SDKs, no crash trackers, no ad IDs.
- One network call, ever. Fetching a GitHub user's public keys — and only when you ask.
- Hardware-backed keys. Identities live in the device's secure storage; Secure Enclave keys never leave it.
- Biometric lock. Face ID / fingerprint gate on launch.
AgePony collects nothing, stores nothing on a server, and the only thing that ever leaves your phone is the ciphertext you choose to share.
Read the full privacy policy — it's short on purpose.
For the people who read the spec.
- Encryptionage protocol — X25519 + ChaCha20-Poly1305 (STREAM)
- Passphrase modescrypt work factor, age stanza
- Recipientsage1…, ssh-ed25519, ssh-rsa, GitHub username
- SigningSSHSIG, namespace
agepony - Sign keysed25519, RSA, Secure Enclave (P-256), FIDO sk-*
- Security keysFIDO2 / CTAP2 over NFC, clientPin (PIN/UV v1)
- Bundlesuncompressed USTAR tar → single .age
- Interopbit-perfect with age CLI; SSHSIG verified by OpenSSH
- PlatformsiOS 18+, Android
- LicenseApache-2.0 — source
How AgePony stacks up.
| AgePony | age CLI | PGP apps | |
|---|---|---|---|
| Runs on a phone | ✓ | — | ✓ |
| Encrypt to GitHub username | ✓ | ✓ (manual) | — |
| SSHSIG signing | ✓ | — | — |
| Hardware security keys (NFC) | ✓ | — | some |
| No key servers / web of trust | ✓ | ✓ | — |
| No account / no telemetry | ✓ | ✓ | varies |
| Open source | ✓ | ✓ | varies |
Frequently asked.
Is AgePony free?
Is it compatible with the age CLI?
age, and vice versa.Can people verify the signatures it makes?
ssh-keygen -Y verify — no AgePony needed.Which security keys work?
sk-ssh-ed25519 and sk-ecdsa-sha2-nistp256, touch-only or FIDO2-PIN protected.Does AgePony send my data anywhere?
How is this different from PGPony?
Take encryption with you.
Free on iPhone and Android. Open source. No accounts, ever.