agepony.com support
Help · Documentation

Support.

Questions, troubleshooting, and how AgePony works under the hood. For anything not covered here, send an email.

Quickstart
01
First launch. AgePony generates a master key, asks for biometric authentication, and offers to generate your first identity. Skip the identity generation if you'd rather import an existing age or SSH key.
02
Encrypt a file. Files tab → tap Encrypt → pick a file from your device → choose recipients (or a passphrase) → tap Encrypt → share or save the resulting .age output.
03
Decrypt a file. Open a .age file from Files.app and tap "Open in AgePony", or paste an armored block into the Text tab and tap Decrypt.
04
Encrypt to a GitHub user. Recipients tab → Add Recipient → GitHub → type their username. AgePony fetches their public SSH keys from github.com/<user>.keys and adds them as a recipient you can pick from any encrypt flow.
05
Encrypted notes. Notes tab → tap "+" → title + body + passphrase. The body is encrypted with that passphrase via scrypt. The passphrase is independent from your vault unlock — pick something memorable, because nobody can recover it for you.
Frequently asked

What is the age encryption protocol?

age is a modern file encryption format and tool created by Filippo Valsorda. It uses X25519 for key agreement and ChaCha20-Poly1305 for encryption — fast, simple, and audited. AgePony is a separate implementation of the same protocol, so files encrypted by AgePony work with the age CLI on macOS, Linux, or Windows, and vice versa.

The protocol spec lives at age-encryption.org.

Why can I encrypt to a GitHub username?

Most developers already have a GitHub account with public SSH keys uploaded for signing commits and authenticating to repos. age supports ssh-ed25519 and ssh-rsa public keys as recipients, exactly the same as native age recipients. Typing a GitHub username and letting AgePony fetch their public keys means you can encrypt to someone without any prior coordination, key exchange, or out-of-band setup.

I forgot my note passphrase. How do I recover the body?

You can't, and neither can we. Per-note passphrases are independent from the vault master key, and they're stretched through scrypt (work factor 16, ~64 MB working memory, ~65,000 iterations) before being used as the wrapping key. AgePony has no backdoor. If you can't remember the passphrase, the encrypted note body is permanently inaccessible.

This is the same trade-off as any well-designed local encryption: the developer's inability to help you recover a forgotten passphrase is precisely what makes it secure against everyone else, too.

Are AgePony files compatible with the age CLI?

Yes. AgePony's file format is the age v1 specification, bit-perfect. Encrypt with AgePony, decrypt with age -d file.age on the command line; or encrypt with the CLI, decrypt with AgePony. Both directions work for X25519 recipients, ssh-ed25519, ssh-rsa, and passphrase-based encryption.

One small note: AgePony defaults to scrypt work factor 16 for passphrase-protected files (the age CLI defaults to 18). Both are valid per the spec; the scrypt parameters are stored in the file's stanza header, so either implementation correctly handles either parameter.

Does AgePony work offline?

Yes, with one exception. All encryption, decryption, and key generation happens entirely on your device with zero network involvement. The only feature that requires the internet is fetching a GitHub user's public keys — and even that is a single, optional, user-initiated request. You can use AgePony in airplane mode for everything else.

Where is my data stored?

Your encrypted vault file lives in iOS Application Support inside AgePony's sandbox. It's encrypted at rest using ChaCha20-Poly1305 with a master key that lives in iOS Keychain — accessible only after you authenticate with Face ID or Touch ID.

If you have iCloud Backup enabled on your iPhone, the encrypted vault file may be included in your backup. It stays encrypted in iCloud; Apple cannot read the contents.

Why is passphrase encryption slow?

scrypt is intentionally slow — it's what makes passphrase-protected files hard to brute-force. AgePony uses scrypt N=216 for mobile, which takes about a second on iPhone. Encrypting to an X25519 or SSH identity is near-instant because it uses elliptic-curve key agreement instead.

AgePony shows "Vault missing" after I reinstalled the app.

When you delete an iOS app, the app's sandbox is wiped but Keychain items persist by default. AgePony detects this state and offers a Reset and start over button on the Locked screen — tap it to clear the orphaned Keychain key and onboard with a fresh vault.

Face ID isn't prompting on launch.

Check iOS Settings → AgePony → Face ID is enabled. If it's disabled at the iOS level, AgePony has no way to authenticate. On some devices, Face ID also temporarily disables itself after multiple failed attempts and requires the device passcode to re-enable.

Fetching a GitHub user's keys returns empty.

That GitHub account exists but has no public SSH keys uploaded. You can verify by visiting https://github.com/<username>.keys in any browser — if you see an empty response, AgePony will see the same. Ask the recipient to add an SSH key to their GitHub account, or use a different recipient type (paste an age recipient, paste an SSH public key, or scan a QR code).

I can't decrypt a file I encrypted last week.

The encryption stanzas in a .age file are matched against the identities currently in your vault. If you've deleted the identity you used to encrypt, or you reset your vault, the file is no longer decryptable by you. Use the Files tab's "Inspect" feature to see which recipient types a file is encrypted to.

Useful links
Didn't find what you needed?

Email NorseHorse directly. AgePony is built by one person; questions and bug reports go to the same inbox. Responses are usually within a day or two.