AgePony PGPony ↗ download
Security

The security model.

What protects your files, what the threat model is, and where the boundaries are — stated plainly, because security you can't understand isn't security.

Cryptography

  • Encryption: the age protocol — X25519 key agreement, ChaCha20-Poly1305 in the STREAM construction. Implemented to the age v1 spec and verified bit-perfect against the reference CLI.
  • Passphrase mode: scrypt-stretched keys, with parameters stored in the file stanza so any age implementation can decrypt.
  • Signing: SSHSIG (the ssh-keygen -Y sign format), namespace agepony, verifiable by stock OpenSSH.
  • Signing keys: in-app ed25519 / RSA, Secure Enclave (hardware P-256, non-exportable), and external FIDO keys producing sk-ssh-ed25519 or sk-ecdsa-sha2-nistp256.

Key storage

Identities live in an encrypted vault inside the app sandbox, sealed with a master key held in the platform keystore (iOS Keychain / Android Keystore) and released only after biometric authentication. Secure Enclave signing keys are generated in hardware and never leave the device — AgePony can ask them to sign, but cannot extract them.

Threat model

AgePony defends the confidentiality and integrity of files you encrypt or sign, against an attacker who does not control your unlocked device. It assumes the operating system's keystore, biometric subsystem, and secure hardware behave as documented. It does not defend against malware running on a compromised, unlocked phone, nor against someone who knows a note's passphrase.

No network surface

There is no AgePony server, so there is no server to breach, no database to leak, and no credentials to steal. The single outbound request — fetching a GitHub user's public keys — is read-only, user-initiated, and carries none of your data. See the privacy policy for the exact detail.

Open to inspection

The whole iOS app and its crypto core are open source under Apache-2.0. You don't have to take any of the above on faith — read the code, run the reference test vectors, and check the SSHSIG output against OpenSSH yourself.

Reporting a vulnerability

If you find a security issue, email NorseHorse@norsehor.se with details and, ideally, a way to reproduce it. Please give a reasonable window to ship a fix before public disclosure. AgePony is a one-person project, so a clear report gets a faster fix.