[pgpony] $ download
// guide / generate-pgp-key-iphone

How to generate a PGP key on iPhone.

Generate an OpenPGP keypair on iPhone with PGPony. Modern Ed25519 + Curve25519 defaults, keys stored in the iOS Keychain, no account required. About five minutes including the passphrase decision.

~5 minutes iPhone No account required
// at a glance
  1. Install PGPony
  2. Start key generation
  3. Enter name + email
  4. Choose Ed25519 + Curve25519
  5. Set a strong passphrase
  6. Back up the secret key
Prerequisites
  • An iPhone with PGPony installed
  • A passphrase you can remember (or a password manager)
  • The email address you want associated with this PGP identity
// step 01

Install PGPony.

Get PGPony from the App Store. It\'s free, no account is required, and it doesn\'t ask for your phone number, email, or any other identifier on install.

// step 02

Start key generation.

Open PGPony to the Keyring tab (it's the first tab — key icon, bottom left). Tap the + in the toolbar and choose Generate Key Pair. The Generate Key screen opens.

// step 03

Provide your identity.

Enter your Full Name and Email Address in the Identity section. These become the key's primary User ID — the human-readable identity other people see when they look up your key. The email is also what tools use to find your key via Web Key Directory (WKD), so make it the address you actually use for encrypted communication.

// step 04

Choose the algorithm.

In the Algorithm section, pick from:

  • Ed25519+Cv25519 (recommended). Modern OpenPGP defaults — Ed25519 for signatures, Curve25519 for encryption. Small keys (256 bits each), near-instant generation, universal support across current OpenPGP tools.
  • RSA 4096 or RSA 2048. Useful only if you need to interop with a legacy system that doesn't handle ECC. RSA takes longer to generate and produces larger signatures, but every OpenPGP implementation anywhere supports it.

Default to Ed25519+Cv25519 unless you have a specific reason to use RSA. In the Expiration section below, the default is two years — PGPony recommends setting an expiration date and reminds you that you can extend it later.

// step 05

Set a strong passphrase.

The passphrase protects the secret key on disk. It\'s the last line of defense if someone gets physical access to the device. Good options: a 5–6 word diceware passphrase from a large vocabulary, or a 20+ character random string stored in your password manager.

No recovery If you forget the passphrase, the secret key on this device is permanently inaccessible. PGPony cannot reset it; no one can. This is cryptographic design, not a missing feature.
// step 06

Generate.

Tap Generate Key Pair. PGPony generates the key locally on your device — nothing is transmitted to any server. Ed25519 finishes in well under a second. RSA-4096 takes a few seconds because the prime search is computationally heavier.

The result is a keypair with a stable fingerprint (40 hex characters) that uniquely identifies the key for the rest of its existence. The fingerprint is the canonical identifier — much more important than the short key ID, which is collision-prone.

Optional To have the new key automatically appear on your iPad too, open the Settings tab and turn on iCloud Keychain Sync under Security. PGPony uses Apple's end-to-end encrypted Keychain — keys move between your Apple devices without going through any third-party server. The secret material is still gated by your passphrase and biometric.
// step 07

Back up the secret key immediately.

Before using the key for anything else, export an encrypted backup of the secret material to durable, off-device storage. Without a backup, losing or wiping the iPhone means losing the key forever — along with the ability to decrypt anything that was ever encrypted to it.

See Back up your private key for the procedure and storage recommendations.

Verify it worked.

  • Your new key appears in the Keyring tab with your name and email.
  • Tapping the key shows its fingerprint, algorithm (Ed25519+Cv25519 or RSA), and creation date.
  • Switch to the Encrypt tab, encrypt a short test message to yourself, switch to the Decrypt tab, paste, and decrypt. Successful round-trip confirms the key is fully functional.

Common questions.

Should I choose Ed25519 or RSA?

Ed25519 (with Curve25519 for encryption) for new keys. Faster, smaller, universally supported by current OpenPGP tools. RSA only for specific legacy interop requirements.

How long should my passphrase be?

Long enough that brute-forcing takes longer than your threat model cares about. A 5–6 word diceware passphrase or a 20+ character random string from a password manager both work.

Where is the secret key stored on iOS?

In the iOS Keychain — Apple\'s encrypted, hardware-backed credential store. Not transmitted, not shared with other apps, not copied to iCloud unless you specifically export it there.

Can I use the same key on iOS and Android?

Yes. OpenPGP keys are portable. Generate on one platform, export the secret key (encrypted), transfer, import on the other. Same fingerprint, identical key.

What if I forget my passphrase?

The secret key becomes permanently inaccessible. No recovery — not in PGPony, not in any other OpenPGP tool. This is cryptographic design. Use a passphrase you can produce reliably or store it in a password manager.

Next steps.

Critical next step

Back up your private key
Hygiene

Set up biometric lock
Use

Send an encrypted email
Distribute

Publish your public key

Get PGPony

Free OpenPGP encryption for iOS and Android. No accounts, no tracking.

Download on the App Store
Get it on Google Play