PGPony vs OpenKeychain.
OpenKeychain has been the de facto OpenPGP app on Android since 2014. It's free, open source (GPLv3), and deeply integrated with K-9 Mail. PGPony is the modern cross-platform alternative — the same OpenPGP standard, a fresher UI, the same identity on iOS — and on Android, fully open source as well.
Android-only and K-9 Mail user? Stay with OpenKeychain — its K-9 integration is deep and PGPony can't match it. Want modern UX, full OpenPGP v6, QR key exchange, or cross-platform to iPhone? PGPony. You can also run both side-by-side; OpenPGP keys are portable.
At a glance.
| PGPony | OpenKeychain | |
|---|---|---|
| Platform | iOS 17.6+, Android 8.0+ | Android only |
| Price | Free | Free |
| License | Android: fully open source (Apache-2.0); iOS: crypto core open, shell closed | GPLv3 (fully open source) |
| Open-source crypto core | Yes — PGPonyCore-Kotlin, Apache-2.0 | Yes — whole app, GPLv3 |
| Fully open-source Android app | Yes — PGPonyAndroid, Apache-2.0 | Yes — GPLv3 |
| On F-Droid | Yes — official repo, reproducible builds | Yes |
| On-card key generation | Yes — keypair born on the card | No — imports keys to the card |
| Key generation | Ed25519 + Curve25519 default, RSA | RSA, ECC including Ed25519/Curve25519 |
| OpenPGP v4 (RFC 4880) | Full | Full |
| OpenPGP v6 (RFC 9580) | Full — generate, encrypt (SEIPDv2), sign, verify | Not yet |
| K-9 Mail integration | Via Share intent only | Deep — inline encrypted mail rendering |
| YubiKey NFC | Yes — YubiKey 5, Token2 | Yes |
| QR code key exchange | Yes | Yes (different format) |
| WKD + HKP keyserver search | Yes | Yes |
| Biometric app lock | Fingerprint, with optional per-decryption prompt | Passphrase only |
| Material 3 UI | Yes | Material 2-era |
| iOS counterpart | Same app, same key | None |
| Active development cadence | Active | Slower in recent years |
Honest tradeoffs.
Where OpenKeychain wins
- K-9 Mail integration is real. OpenKeychain implements the OpenPGP API spec that K-9 understands natively. Inline encrypted-message rendering, recipient suggestions, signing during compose — all without leaving K-9. PGPony works with K-9 via Share, but not inside it.
- Open source under GPLv3, with a decade of public history. OpenKeychain is auditable end to end, including its UI — every line from key generation through ciphertext output, in the open since 2014. On Android, PGPony now matches the end-to-end openness — the entire app is public as PGPonyAndroid (Apache-2.0) — so what remains is license philosophy (copyleft GPLv3 vs permissive Apache-2.0) and OpenKeychain's much longer public track record.
- Years of NFC smartcard mileage. Tap a YubiKey to the back of your Android phone for hardware-token signing and decryption. OpenKeychain has shipped this integration for many device generations. PGPony supports it too (YubiKey 5, Token2, including on-card key generation), but OpenKeychain has the longer field record.
- Mature smartcard ecosystem. Beyond YubiKey — OpenPGP smartcards, Nitrokey, etc. OpenKeychain has shipped support across many of these over the years.
- Detailed key edit operations. Subkey expiration changes, revocation certificate generation, signing chains, user ID management — OpenKeychain exposes all of it.
Where PGPony wins
- You get an iOS counterpart for free. If anyone in your contact list uses an iPhone — or you might in the future — PGPony covers both. Same UI, same key portable in both directions. OpenKeychain is Android-only and has no plans for iOS.
- Modern UI. PGPony uses Material 3 with dynamic color, modern motion, and a refreshed information architecture. OpenKeychain still looks and feels like the Material 2 era it shipped in.
- Full OpenPGP v6 (RFC 9580) today. PGPony generates v6 keys, encrypts to v6 recipients with SEIPDv2, and signs and verifies with v6 keys. OpenKeychain has not yet shipped v6 support.
- Fully open source on Android — with active maintenance. The entire Android app is public under Apache-2.0 (PGPonyAndroid) and the official F-Droid repo builds it reproducibly from that source. The same end-to-end auditability OpenKeychain offers, from a codebase that ships regularly rather than at multi-year intervals.
- Biometric lock with per-decryption prompt option. Fingerprint to open the app, optional second fingerprint per decryption for high-stakes use. OpenKeychain uses the passphrase prompt instead.
- QR code key exchange built around mobile usage. Both apps support QR, but PGPony's flow is tuned for in-person key exchange — single QR code with the public key + UIDs, encoded with high error correction.
- Active development. PGPony ships updates regularly. OpenKeychain's release cadence has slowed substantially since its peak years.
- Auto-clearing clipboard. PGPony purges decrypted plaintext from the clipboard after a configurable timeout — important on Android where any installed app can read the clipboard.
Moving a key between them.
Whether you stay on OpenKeychain, switch to PGPony, or run both, your key is portable:
- In OpenKeychain, tap your key → ⋮ menu → Backup secret keys → ASCII armored. Choose a location (Files, Downloads).
- Open the resulting
.sec.ascfile. Android offers "Open with"; pick PGPony. - PGPony recognizes the OpenPGP key block, prompts for the passphrase that protects the secret key, and imports it. Same fingerprint, same UIDs, same subkeys.
- Both apps now know about the same key. If you delete from one, the other still has it.
Going the other direction is identical: PGPony → Export → ASCII armored → open with OpenKeychain. The OpenPGP standard is the interop contract; the apps are just different windows onto the same key.
The technical bits.
Both apps use Bouncy Castle as the underlying OpenPGP crypto library on Android.
Bouncy Castle (specifically the bcpg-jdk18on module) is an industry-standard
open-source Java crypto library, in security-critical production use across the JVM ecosystem.
Different UI, identical underlying crypto stack on Android.
On signing and encryption output, OpenKeychain and PGPony produce bit-identical PGP messages and keys to each other and to GnuPG. There's no "PGPony format" or "OpenKeychain format" — there's just OpenPGP.
The cross-platform story: PGPony on iOS uses Swift implementations of OpenPGP primitives that have been validated against the GnuPG reference for Ed25519 + Curve25519 interop. A key generated on Android in PGPony, exported and imported into iOS PGPony, has the same fingerprint and operates identically. OpenKeychain has no iOS counterpart at all.
The verdict.
- Choose OpenKeychain if You're Android-only and you use K-9 Mail as your daily email client. The deep K-9 integration is real and PGPony cannot match it. You prefer GPLv3 copyleft and a decade-long public track record.
- Choose PGPony if You use (or might use) iPhone. You want a modern UI. You want full OpenPGP v6 support. You want biometric lock with per-decryption prompts. Your mail client is anything other than K-9 (Gmail app, Outlook, Spark, Aqua, etc.) — at which point OpenKeychain's mail integration advantage doesn't apply.
- Run both if You want K-9 integration via OpenKeychain AND modern QR / cross-platform / v6 support via PGPony. The same key works in both. Use OpenKeychain inside K-9 and PGPony for everything else. Switching costs are nil because the key is yours, not the app's.
Try PGPony
Free. No accounts. No tracking. Works with everything that speaks OpenPGP.