Downloads
| Architecture | Windows | macOS | Linux | Android | Web |
|---|---|---|---|---|---|
| x86-64 (64-bit) | Installer · Portable · CLI | — | AppImage · .deb · Binary · CLI · Snap | APK | Open |
| ARM64 (AArch64) | — | DMG · CLI | Binary · CLI | APK | |
| ARMv7 (32-bit) | — | — | — | APK | |
| x86 (32-bit) | — | — | — | APK |
- 🌐 Web version — runs in any modern browser, nothing to install: https://picocrypt-ng.github.io/
- Android — universal APK (any device, larger): Download
- Windows 7/8 (legacy) CLI (x86-64): Download
- macOS builds are Apple Silicon (ARM64) only.
What's new in 2.18
- Desktop GUI: fixed the Linux desktop layout and output theming so the compact window keeps controls/results readable and visually consistent
- Windows installer: upgrades now replace the installed GUI executable in place, detect a running Picocrypt NG instance instead of silently leaving the old binary, and clean up the orphaned portable executable left by the previous upgrade path
- Android/F-Droid readiness: Android release tasks can now assemble unsigned release APKs for F-Droid source builds while GitHub release CI still requires the maintainer signing secrets for official upstream APKs
- Android reproducibility: gomobile AAR builds now use stable empty Go build IDs and stripped native debug metadata for
libgojni.so, removing the build-id metadata drift that blocked F-Droid reproducible APK comparison - Security maintenance: updated
golang.org/x/imageto v0.43.0 to include the TIFF decoder vulnerability fixes reported bygovulncheck - Package availability: the README now documents the third-party MacPorts port while keeping project-owned release channels distinct
Full changelog: https://github.com/Picocrypt-NG/Picocrypt-NG/blob/main/Changelog.md#v218
Verifying your download
Every artifact is signed with keyless cosign (a <file>.sigstore.json bundle ships next to it) and carries a GitHub build-provenance attestation. No keys to trust — the signature is bound to the exact GitHub Actions run that built the file.
Build provenance (easiest, needs the gh CLI):
gh attestation verify <file> --repo Picocrypt-NG/Picocrypt-NGCosign bundle (download the matching <file>.sigstore.json too):
cosign verify-blob <file> \
--bundle <file>.sigstore.json \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-identity-regexp '^https://github.com/Picocrypt-NG/Picocrypt-NG/\.github/workflows/'