Open the Sign flow.
In AgePony, choose the Sign action. Signing produces a detached SSHSIG signature, leaving the original file untouched.
// guide / sign-a-file-with-ssh-key
How to sign a file with your SSH key.
AgePony 2.0 signs files with SSHSIG, OpenSSH's signature format. Sign with the SSH key you already have, and anyone can verify with stock ssh-keygen and your published public key.
// at a glance
- Open AgePony, choose Sign
- Select your signing key
- Pick the file
- Produce the .sig
- Share file plus signature
Prerequisites
- AgePony 2.0 installed
- A signing key in AgePony (in-app, Secure Enclave, or security key)
- The file to sign
Select your signing key.
Choose which key signs: an in-app SSH key, a Secure-Enclave key, or a hardware security key. AgePony signs under the agepony namespace.
Pick the file.
Select the file to sign. AgePony computes the signature over its exact contents.
Authenticate and sign.
Confirm with biometrics, or tap your security key over NFC if you are using one. AgePony writes a detached .sig file.
Share the file and signature.
Send both the original file and its .sig. Recipients verify with your public key to confirm authorship and integrity.
Verify it worked.
- AgePony shows the signing key fingerprint.
- A detached .sig file is produced; the original is unchanged.
- ssh-keygen -Y verify accepts the signature with your public key.
Common questions.
How do others verify?
With OpenSSH 8.0+: ssh-keygen -Y verify, using an allowed_signers entry containing your public key and the agepony namespace.
Inline or detached?
AgePony produces detached signatures, so the original file stays byte-identical — important for releases and checksums.
Can I sign with a hardware key?
Yes. See the security-key signing guide for sk-ssh-ed25519 and sk-ecdsa keys over NFC.
What namespace does AgePony use?
agepony. Verifiers must pass -n agepony to ssh-keygen.
Next steps.
Get AgePony
Free file encryption for iOS and Android. No accounts, no tracking, no servers.