SSH-key encryption.
age does not require you to generate a brand-new key type. Any ssh-ed25519 or ssh-rsa public key works as an age recipient, and the matching private key in your SSH agent or on disk works as the identity.
SSH-key encryption in age means using an existing SSH public key (the kind in ~/.ssh/id_ed25519.pub or on your GitHub profile) as the recipient of an encrypted file, instead of a native age1… recipient.
What it is
When you encrypt to an SSH key, age performs the same X25519 key agreement it always does — it just derives the recipient from the SSH public key format rather than a native age recipient. ssh-ed25519 keys map cleanly onto X25519; ssh-rsa keys are supported through RSA key wrapping.
Why it matters
This is age's killer convenience feature. Developers already publish SSH keys on GitHub at github.com/username.keys. That means you can encrypt a file to a collaborator using nothing but their username, with no key exchange ceremony. AgePony can fetch and encrypt to a GitHub user's keys directly.
Every public SSH key a user has uploaded is served at this URL. age can use any of them as a recipient.
Related terms
Common questions.
Can I decrypt with my normal SSH key?
Yes. The SSH private key that pairs with the public key used to encrypt is the identity. AgePony can use a key stored in the app, in the Secure Enclave, or on a hardware security key.
Is ssh-rsa safe to use?
It works, but ssh-ed25519 is smaller, faster, and recommended for new keys.
Get AgePony
Free file encryption for iOS and Android. No accounts, no tracking, no servers.