AgePony PGPony ↗ download
Documentation

How AgePony works.

A reference for the formats and flows. For step-by-step walkthroughs, see the guides.

Recipient formats

Anywhere AgePony asks for a recipient, it accepts:

  • age recipientage1… (a native X25519 public key).
  • SSH public keyssh-ed25519 … or ssh-rsa ….
  • GitHub username — AgePony fetches github.com/<user>.keys and encrypts to every SSH key found.
  • passphrase — no keypair; the file is sealed with a scrypt-stretched passphrase.

Encrypting

Encrypting to one or more recipients writes a standard .age file. Picking multiple input files first wraps them in an uncompressed USTAR bundle.tar, then encrypts that to a single bundle.tar.age. Recover the originals anywhere with tar -xf bundle.tar after decrypting.

Decrypting

Open a .age file from Files and choose "Open in AgePony", or paste an armored block into the Text tab. AgePony matches the file's stanzas against the identities in your vault, or prompts for a passphrase if it's a scrypt file.

Signing

Signing produces a detached .sig in SSHSIG format with the namespace agepony. Choose the signing key:

  • in-app SSH key — ed25519 or RSA from your vault.
  • Secure Enclave — a P-256 key generated in hardware, non-exportable.
  • FIDO security key — tap over NFC; produces sk-ssh-ed25519 or sk-ecdsa-sha2-nistp256.

Verifying

In-app, the Verify action takes a file, its signature, and an allowed signer. Anywhere else, OpenSSH verifies it:

ssh-keygen -Y verify -f allowed_signers \ -I signer@example.com -n agepony \ -s file.sig < file

Interoperability

Files are bit-perfect with the reference age CLI in both directions. Signatures are verifiable by stock OpenSSH. There is no AgePony-specific container, header, or wrapper anywhere.

Where things live

Identities and recipients live in an encrypted vault in the app sandbox; the master key sits in the platform keystore behind biometrics. Nothing is stored on a server, because there is no server. See Security for the full model.