Open the Keys area.
In AgePony, open the keys/identities section and choose to generate a new identity.
// guide / generate-an-age-key
How to generate an age key.
Get your own key so people can encrypt to you. AgePony generates a native age identity on-device, keeps the secret behind a biometric or hardware gate, and gives you a public recipient to share.
// at a glance
- Open AgePony, go to Keys
- Generate a new identity
- Choose where to store it
- Copy your public recipient
- Share it so people can encrypt to you
Prerequisites
- AgePony installed
Generate the identity.
AgePony creates a native age keypair on-device. The secret half is your identity; the public half is your recipient string starting with age1….
Choose storage.
Keep the identity in app storage behind a biometric lock, or, on supported devices, in hardware (Secure Enclave / Android Keystore) so it cannot be exported.
Copy your public recipient.
Copy the age1… recipient. This is the public half — safe to share anywhere.
Publish it.
Give your recipient to anyone who needs to send you encrypted files. They add it as a recipient; you decrypt with the matching identity.
Verify it worked.
- AgePony shows the new identity and its public recipient.
- The recipient string begins with age1.
- A test file encrypted to that recipient decrypts with your identity.
Common questions.
age key or SSH key?
Either works in AgePony. A native age key is simplest; an SSH key is handy if you already publish one. You can use both.
Where is the secret stored?
Behind your device biometric, or in hardware if you choose. It never leaves the device.
Can I back it up?
Export and store the identity somewhere safe if it is not hardware-bound. Without a backup, losing the device loses the key.
Is the public recipient safe to share?
Yes — the recipient is public by design. Only the identity must stay secret.
Next steps.
Get AgePony
Free file encryption for iOS and Android. No accounts, no tracking, no servers.