// glossary / identity

Identity.

The 'with' of decryption. An identity is the secret key that unwraps a file encrypted to its matching recipient. Guard it; anyone holding it can read everything sent to that recipient.

// definition

In age, an identity is the private key used to decrypt: a native age secret key (AGE-SECRET-KEY-1…), an SSH private key, or a hardware-held key in the Secure Enclave or on a security key.

What it is

To decrypt, age tries each identity you supply against the wrapped keys in the file header until one unwraps. The identity never appears in the file; only the recipient (public) side does.

Why it matters

Your identity is the crown jewel. AgePony can keep it in app storage behind a biometric gate, or push it into hardware (Secure Enclave, Android Keystore, or a FIDO2 key) so it cannot be extracted at all.

// in AgePony AgePony stores identities behind a biometric lock and can use non-exportable hardware-backed identities so the secret never leaves the device.

Related terms

Common questions.

What if I lose my identity?

Files encrypted only to that identity become unrecoverable. Keep a secure backup, or also encrypt to a recovery recipient.

Can one identity match several recipients?

Each identity matches exactly one recipient public key, but you can hold many identities.

Get AgePony

Free file encryption for iOS and Android. No accounts, no tracking, no servers.

Download on the App Store Get it on Google Play