If you know someone's GitHub username, you can encrypt a file that only they can open — no key exchange, no coordination, no PGP keyring.
Here's the trick that makes this possible: GitHub publishes every user's public SSH keys at a predictable URL. Visit https://github.com/<username>.keys in any browser and you'll see the raw public keys that person uses to push commits and authenticate. Public keys are safe to share — that's the whole point of public-key cryptography — so this exposes nothing sensitive. But it does hand you exactly what you need to encrypt a file to that person.
The age encryption protocol accepts ssh-ed25519 and ssh-rsa public keys as recipients directly. So the keys on a GitHub profile are already valid age recipients. Put those two facts together and you get a delightful workflow.
If you have the age CLI installed, the whole thing is one pipe:
The -R - flag tells age to read a list of recipients from standard input — here, piped straight from curl. Every key on that profile becomes a recipient, so the file decrypts with any of the person's devices. Send them secret.txt.age however you like; only their matching private key opens it.
AgePony does the same thing without a terminal. Choose a file, pick GitHub username as the recipient type, and type the username. AgePony fetches github.com/<username>.keys, encrypts to every key it finds, and hands you a .age file ready to share. That's it.
Because AgePony produces standard age files, the recipient doesn't need AgePony at all — they can decrypt with the age CLI on their laptop, or with AgePony on their own phone. It works in both directions.
SSH keys are normally used for authentication, so some people treat them as more disposable than dedicated encryption keys, and SSH keys stored on hardware tokens like YubiKeys can't be used to decrypt. For one-off sharing this is rarely an issue; for anything long-lived, ask the recipient for a dedicated age1… recipient instead.
An empty response means that account exists but hasn't uploaded any public SSH keys. Verify by opening https://github.com/<username>.keys yourself — if you see a blank page, AgePony sees the same. Ask the recipient to add a key to their GitHub account, or fall back to pasting an age1… recipient or an SSH public key directly.
Most developers already have GitHub keys uploaded and never think about them again. That means you can send an encrypted file to a colleague, a maintainer, or a stranger on the internet using nothing but a name you already know — no "what's your public key?" round-trip, no keyserver, no trust ceremony. It's the friendliest on-ramp to public-key encryption that exists.
AgePony is the age encryption tool for your phone. On the App Store now — Android coming soon.