Support.

Quickstart

01 · First launch

AgePony generates a master key, asks for biometric authentication, and offers to generate your first identity. Skip identity generation if you'd rather import an existing age or SSH key.

02 · Encrypt a file

Files tab → tap Encrypt → pick one or more files → choose recipients (or a passphrase) → tap Encrypt → share or save the .age output. Pick several files and they're bundled into a single bundle.tar.age.

03 · Decrypt a file

Open a .age file from Files and tap "Open in AgePony", or paste an armored block into the Text tab and tap Decrypt.

04 · Encrypt to a GitHub user

Recipients tab → Add Recipient → GitHub → type their username. AgePony fetches their public SSH keys from github.com/<user>.keys and adds them as a reusable recipient.

05 · Sign a file

Files tab → tap Sign → pick a file → choose a signing key: an in-app SSH key, a Secure Enclave key, or an external FIDO security key over NFC. AgePony writes a detached .sig in SSHSIG format. To verify someone else's signature, use the Verify action with their file, signature, and allowed-signer identity.

06 · Encrypted notes

Notes tab → tap "+" → title + body + passphrase. The body is encrypted with that passphrase via scrypt, independent from your vault unlock — pick something memorable, because nobody can recover it for you.

Frequently asked

What is the age encryption protocol?

age is a modern file encryption format and tool created by Filippo Valsorda. It uses X25519 for key agreement and ChaCha20-Poly1305 for encryption — fast, simple, audited. AgePony is a separate implementation of the same protocol, so files work with the age CLI on macOS, Linux, or Windows, and vice versa. The spec lives at age-encryption.org.

Why can I encrypt to a GitHub username?

Most developers already have public SSH keys on GitHub. age supports ssh-ed25519 and ssh-rsa public keys as recipients, exactly like native age recipients. Typing a username and letting AgePony fetch their keys means you can encrypt to someone with no prior coordination or key exchange.

Can people verify the signatures AgePony makes?

Yes. AgePony writes detached signatures in standard SSHSIG format with the namespace agepony. Anyone with OpenSSH verifies them with:

No AgePony required on the verifying machine.

Which security keys work for signing?

FIDO keys over NFC, such as YubiKey 5 and Token2. Both sk-ssh-ed25519 and sk-ecdsa-sha2-nistp256 are supported, whether the key is touch-only or protected by a FIDO2 PIN. PIN-protected keys prompt for the PIN only when the key requires it; touch-only keys stay a single tap.

I forgot my note passphrase. How do I recover the body?

You can't, and neither can the developer. Per-note passphrases are independent of the vault master key and are stretched through scrypt before being used as the wrapping key. AgePony has no backdoor. If you can't remember the passphrase, the encrypted note body is permanently inaccessible — which is exactly what keeps it secure against everyone else.

Are AgePony files compatible with the age CLI?

Yes — the age v1 specification, bit-perfect. Encrypt with AgePony, decrypt with age -d file.age; or the reverse. Both directions work for X25519 recipients, ssh-ed25519, ssh-rsa, and passphrase-based encryption. One note: AgePony defaults to a mobile-friendly scrypt work factor for passphrase files; the parameters are stored in the file's stanza header, so either implementation handles either value.

Does AgePony work offline?

Yes, with one exception. All encryption, decryption, signing, and key generation happen on-device with zero network involvement. The only feature that needs the internet is fetching a GitHub user's public keys — a single, optional, user-initiated request.

Where is my data stored?

Your encrypted vault file lives in the app's sandbox, encrypted at rest with ChaCha20-Poly1305 under a master key held in the platform keystore (iOS Keychain or Android Keystore), accessible only after biometric authentication. If device backup is enabled, the encrypted vault may be included; it stays encrypted and the platform vendor cannot read it.

Troubleshooting

"Vault missing" after reinstalling the app

Deleting an app wipes its sandbox but keystore items can persist. AgePony detects this and offers a "Reset and start over" button on the Locked screen — tap it to clear the orphaned key and onboard fresh.

Biometric unlock isn't prompting on launch

Check that biometrics are enabled for AgePony in your OS settings. If disabled at the system level, AgePony cannot authenticate. Biometrics may also temporarily lock after repeated failures and require the device passcode to re-enable.

A security key tap fails or reports "Tag response error"

Hold the key flat against the NFC antenna until the operation completes — on most phones that's the top third of the back. AgePony retries once automatically on a dropped tag. For PIN-protected keys, enter the FIDO2 PIN when prompted, then tap again.

Fetching a GitHub user's keys returns empty

That account exists but has no public SSH keys. Verify by visiting https://github.com/<username>.keys in a browser — an empty response means AgePony sees the same. Ask them to add an SSH key, or use a different recipient type (paste an age recipient, paste an SSH key, or scan a QR code).

I can't decrypt a file I encrypted last week

A file's stanzas are matched against the identities currently in your vault. If you deleted the identity you used, or reset your vault, the file is no longer decryptable by you. Use the Inspect feature to see which recipient types a file is encrypted to.

Useful links

• The age encryption protocol specification
• Reference age implementation (Go)
• AgePony source on GitHub
• AgePony guides · privacy policy