One person, two ponies.
AgePony is built and maintained by NorseHorse, a solo indie developer in Alabama. No company, no investors, no growth team — just software made the way it ought to be.
Why AgePony exists
The age protocol is the best thing to happen to file encryption in years: small, opinionated, and free of the key servers and web-of-trust ceremony that made PGP a chore. But it lived on the command line. AgePony brings it to the phone — including the one trick everyone loves, encrypting straight to a GitHub username — without giving up bit-for-bit compatibility with the CLI you already trust.
Version 2.0 added the other half of the story: signing. Detached SSHSIG signatures, made with an in-app key, the Secure Enclave, or a FIDO security key you tap over NFC. Now the phone in your pocket can both seal a file and vouch for it.
How it's built
AgePony is native on both platforms — Swift on iOS, Kotlin on Android — over a carefully verified crypto core pinned to reference test vectors. There is no shared backend, because there is no backend at all. The whole iOS app, including AgePonyCore, is open source under Apache-2.0.
The sibling: PGPony
AgePony has an older cousin. PGPony does the full OpenPGP world — GnuPG-compatible keys, hardware smartcards, on-card key generation, and a pass store viewer. Same developer, same principles. If age is too minimal for what you need, PGPony is probably the tool.
The rules
- No accounts. Nothing to sign up for.
- No tracking. No analytics, no telemetry, no ad IDs.
- No lock-in. Every file is standard age; every signature is standard SSHSIG.
- Free. On both stores, with no in-app purchases.
Contact
Bug reports, questions, and the occasional thank-you all go to the same inbox: NorseHorse@norsehor.se.