// glossary / public-key-vs-private-key

Public vs private key.

The foundation of everything AgePony does. The public key is the one you hand out; the private key is the one you protect. What one does, only the other can undo.

// definition

A public key can be shared with anyone and is used to encrypt files to you and to verify your signatures. The matching private key stays secret and is used to decrypt and to sign.

What it is

Public-key cryptography uses a mathematically linked pair. In age, others encrypt to your public key (recipient) and you decrypt with your private key (identity). In SSHSIG, you sign with your private key and others verify with your public key.

Why it matters

This split is what lets strangers send you secrets safely: they only ever need the public half. The entire security model rests on keeping the private half private — which is why AgePony offers biometric locks and hardware-backed storage.

// in AgePony AgePony makes the split concrete: publish your public key (or GitHub username) for others to encrypt to and verify, and keep your private identity behind a biometric or hardware gate.

Related terms

Common questions.

Which one do I share?

Always the public key. Never share the private key or identity.

What if my private key leaks?

Rotate immediately — generate a new keypair and re-publish the new public key.

Get AgePony

Free file encryption for iOS and Android. No accounts, no tracking, no servers.

Download on the App Store Get it on Google Play