// glossary / passphrase-encryption

Passphrase encryption.

Encryption with nothing but a password. age's passphrase mode derives the file key from your passphrase with scrypt — ideal for encrypting something to yourself when you do not want to manage keys.

// definition

Passphrase encryption is age's symmetric mode: instead of a public-key recipient, the file is locked with a password and a scrypt-derived key. Anyone with the passphrase can decrypt.

What it is

You pick a passphrase; age runs it through scrypt to derive the key that protects the file. Decryption asks for the same passphrase. There are no keys to generate, store, or back up.

Why it matters

It is the simplest possible flow and perfect for personal archives or moving a file across your own devices. The security ceiling is your passphrase strength, so use a long one. For sharing with others, key-based recipients are usually a better fit.

// in AgePony AgePony offers a passphrase mode for encrypting and decrypting without keys, compatible with age -p on the command line.

Related terms

Common questions.

Is this less secure than key mode?

The cryptography is equally strong; the weak point is a guessable passphrase. Long passphrases close that gap.

Is it compatible with the CLI?

Yes — these are standard age -p files.

Get AgePony

Free file encryption for iOS and Android. No accounts, no tracking, no servers.

Download on the App Store Get it on Google Play