What's wrong with a password-protected zip?

Nothing, if both sides handle the password safely and the tool uses strong AES. The catch is the password: you have to get it to the recipient over a second secure channel, and a weak one is brute-forceable. AgePony encrypts to a key, so there's no shared password to leak.

Can AgePony do passphrase encryption too?

Yes. If you don't have a recipient key, AgePony can encrypt to a passphrase using scrypt — similar idea to a password-protected archive, but with a modern, authenticated age file.

Is age more secure than AES zip?

age uses ChaCha20-Poly1305, which is authenticated: tampering is detected on decryption. Many older zip encryption modes were weak, and even AES zips don't always authenticate the whole archive. age also lets you encrypt to a public key, which a zip can't.

AgePony vs encrypted zips

A password isn't a key.

"Just zip it with a password" is the reflex, and for quick personal storage it's fine. But a shared password has to travel to the recipient somehow, and that hand-off is usually the weak link. AgePony encrypts to a recipient's key instead, so there's no secret to pass around.

the short version

Keys beat shared passwords for sending. An encrypted zip needs the recipient to already know the password. AgePony encrypts to their public key, so only they can open it and you never had to share a secret. For solo storage, AgePony's passphrase mode covers the zip use case too.

At a glance.

	AgePony	Encrypted zip / 7-Zip
Encrypt to a recipient's key	Yes	No — shared password only
Shared secret to deliver	None	The password, over a second channel
Authenticated encryption	Always (ChaCha20-Poly1305)	Depends on tool and mode
Passphrase mode	Yes (scrypt)	Yes
Signing	Yes (SSHSIG)	No
Multiple files	Bundled into one .tar.age	Native
Compression	No (encrypt only)	Yes
Ubiquity	Need age or AgePony to open	Opens almost anywhere

Honest tradeoffs.

Where encrypted zips win

Everyone can open them. Zip is everywhere. The recipient needs no special app, just the password and a stock archive tool.
Compression built in. Archives shrink as they encrypt. age encrypts only; compress first if you care about size.
Familiar. "Password-protected zip" needs no explanation to anyone.

Where AgePony wins

No shared password. Encrypt to the recipient's key and there's no secret to deliver, intercept, or forget. This is the big one.
Authenticated by default. age detects tampering on decryption. Older zip encryption often didn't, and weak zip ciphers have a long history of breaks.
It can prove who sent it. AgePony signs. A zip can't tell the recipient the file actually came from you.
Modern crypto, no footguns. One strong cipher, one strong key exchange, no legacy modes to pick wrong.

The verdict.

Choose an encrypted zip if the recipient must open it with stock tools and you can deliver the password safely on a separate channel.
Choose AgePony if you're sending to someone with a key — then there's no password to share, and the file is authenticated and optionally signed.
For your own storage, AgePony's passphrase mode gives you the zip-style workflow with modern, authenticated crypto.

Try AgePony

Free. No accounts. No tracking. Bit-for-bit compatible with the age command line.

Download on the App Store

Get it on Google Play