Press kit.
Everything a journalist, reviewer, or podcaster needs to cover PGPony — assets, copy, and a direct line.
Fast facts.
- Name
- PGPony
- Tagline
- Real PGP encryption, in your pocket.
- Category
- Privacy / Security utility
- Current version
- iOS 7.0.0 · Android 3.0.0 (feature parity)
- Platforms
- iOS 16+ and Android 12+
- Price
- Free, no in-app purchases, no ads
- Standards
- OpenPGP v4 (RFC 4880, full support) and v6 (RFC 9580, full: generate, encrypt with SEIPDv2, sign, verify); hardware NFC smartcards (YubiKey 5, Token2) including on-card key generation; GnuPG v4 interop tested vs.
gpg 2.4.x - Open source
- Cryptographic core public under Apache-2.0 on both platforms — PGPonyCore (Swift) and PGPonyCore-Kotlin (Kotlin)
- Languages
- English, Deutsch, Español, Français, 日本語, Português (Brasil)
- Developer
- NorseHorse, independent solo developer based in Alabama, US
- Website
- pgpony.app
- App Store
- apps.apple.com/us/app/pgpony
- Google Play
- play.google.com/.../com.pgpony.android
- Headline
- Generate your PGP key on the card itself — born on a YubiKey or Token2 over NFC, the private key never touches the phone.
- Card management
- Change admin / user PINs, unblock a locked PIN, and factory-reset an OpenPGP smartcard over NFC.
- Open source
- The crypto core is now public on both platforms under Apache-2.0 — two language cores, PGPonyCore (Swift) and PGPonyCore-Kotlin (Kotlin).
- Hardened first
- Open-sourcing followed a pre-launch security sweep: iOS removed secret-leaking debug logging; Android enforces integrity protection on decrypt and fails closed on tampered or unprotected ciphertext.
- Android parity
- Android 3.0.0 reaches feature parity with iOS 7.0.0 on the headline set — on-card keygen, card management, passphrase-only encryption, detached signing, and the read-only
passviewer. - Audit-ready
- Open source now; reproducible builds and a third-party audit are the next steps it sets up.
Copy snippets.
Drop-in descriptions of varying lengths. Use, edit, or rewrite freely.
PGPony is a free, native OpenPGP encryption app for iOS and Android with full GnuPG interoperability.
PGPony brings proper OpenPGP encryption to iOS and Android. Generate keys on-device or directly on a hardware key over NFC, encrypt and decrypt messages and files, and round-trip cleanly with GnuPG. The crypto core is open source (Apache-2.0). No accounts, no servers, no tracking. Free, built by a solo independent developer.
PGPony is a privacy-first OpenPGP encryption app for iOS and Android, built by an independent solo developer. It fully implements OpenPGP v4 (RFC 4880) — including Ed25519 / Curve25519 key generation, encryption, signing, decryption, and verification — and OpenPGP v6 (RFC 9580): v6 key generation, encryption to v6 recipients with SEIPDv2 (AEAD-OCB), and v6 signing and verification, validated against Sequoia and the RFC 9580 Appendix A test vectors. It also supports hardware security keys — OpenPGP NFC smartcards such as YubiKey and Token2 — for signing, decryption, and encrypt-and-sign. Byte-exact v4 interoperability is tested against GnuPG 2.4.x on every release. Users can generate keys on-device, encrypt and decrypt messages, sign and verify, exchange public keys via QR codes or Web Key Directory lookup, and integrate with system-level Share Sheets on both platforms.
The app is fully free, contains no advertising, no analytics, no tracking SDKs, and no account system. Private keys never leave the device's secure enclave. Source-of-truth standards compliance is verified on every release.
PGPony is a native OpenPGP encryption application for iOS and Android, designed to bring the rigour of desktop PGP tooling (GnuPG, Thunderbird, Kleopatra) to a mobile experience that has historically been poorly served. The app fully implements OpenPGP v4 (RFC 4880) — including Ed25519 / Curve25519 key generation, encryption, signing, decryption, and verification — with modern primitives throughout: Ed25519 for signing, Curve25519 / X25519 for key agreement, AEAD-OCB for authenticated symmetric encryption, and Argon2id for password-based key derivation. PGPony also fully supports the v6 OpenPGP standard (RFC 9580): generating v6 keys, encrypting to v6 recipients with SEIPDv2, and signing and verifying with v6 keys — verified against Sequoia (sq) and the RFC 9580 Appendix A test vectors. Hardware security keys are supported via the OpenPGP card standard over NFC (validated on YubiKey 5 NFC and Token2) for signing, decryption, and encrypt-and-sign, with the private key never leaving the card. Compatibility with GnuPG 2.4.x is byte-exact for v4 and verified on every release through an automated round-trip test suite.
Beyond the cryptographic core, PGPony emphasizes practical usability: QR-code key exchange, Web Key Directory (WKD) lookup, system Share Sheet / Intent integration, configurable auto-clearing clipboard, biometric app lock, and local key-expiration reminders. The app ships in six languages and runs identically on both platforms.
Privacy posture is structural rather than promised: PGPony operates no servers, has no account system, contains no analytics SDKs, no telemetry, and no advertising identifiers. The only network traffic is opt-in keyserver and WKD lookups, triggered only by direct user action. PGPony is developed independently by NorseHorse, a solo indie developer based in Alabama, and is offered free of charge with no in-app purchases.
About the developer.
PGPony is built and maintained by NorseHorse, an independent solo developer based in Alabama, United States. NorseHorse has shipped more than a dozen iOS, Android, and web applications spanning social platforms, restaurant operations software, entity-formation tools, and small games. PGPony is one of the privacy-focused entries in that catalog.
For background, philosophy, and the full portfolio, see the about page.
Press inquiries.
Interviews, review copies (the app is already free, but happy to walk you through it), questions, or fact-checking — all go to the same address.
Typical response time: within 24 hours.