Skip to content

2.18

Latest

Choose a tag to compare

@github-actions github-actions released this 28 Jun 13:08
3261587

Downloads

Architecture Windows macOS Linux Android Web
x86-64 (64-bit) Installer · Portable · CLI AppImage · .deb · Binary · CLI · Snap APK Open
ARM64 (AArch64) DMG · CLI Binary · CLI APK
ARMv7 (32-bit) APK
x86 (32-bit) APK
  • 🌐 Web version — runs in any modern browser, nothing to install: https://picocrypt-ng.github.io/
  • Android — universal APK (any device, larger): Download
  • Windows 7/8 (legacy) CLI (x86-64): Download
  • macOS builds are Apple Silicon (ARM64) only.

What's new in 2.18

  • Desktop GUI: fixed the Linux desktop layout and output theming so the compact window keeps controls/results readable and visually consistent
  • Windows installer: upgrades now replace the installed GUI executable in place, detect a running Picocrypt NG instance instead of silently leaving the old binary, and clean up the orphaned portable executable left by the previous upgrade path
  • Android/F-Droid readiness: Android release tasks can now assemble unsigned release APKs for F-Droid source builds while GitHub release CI still requires the maintainer signing secrets for official upstream APKs
  • Android reproducibility: gomobile AAR builds now use stable empty Go build IDs and stripped native debug metadata for libgojni.so, removing the build-id metadata drift that blocked F-Droid reproducible APK comparison
  • Security maintenance: updated golang.org/x/image to v0.43.0 to include the TIFF decoder vulnerability fixes reported by govulncheck
  • Package availability: the README now documents the third-party MacPorts port while keeping project-owned release channels distinct

Full changelog: https://github.com/Picocrypt-NG/Picocrypt-NG/blob/main/Changelog.md#v218


Verifying your download

Every artifact is signed with keyless cosign (a <file>.sigstore.json bundle ships next to it) and carries a GitHub build-provenance attestation. No keys to trust — the signature is bound to the exact GitHub Actions run that built the file.

Build provenance (easiest, needs the gh CLI):

gh attestation verify <file> --repo Picocrypt-NG/Picocrypt-NG

Cosign bundle (download the matching <file>.sigstore.json too):

cosign verify-blob <file> \
  --bundle <file>.sigstore.json \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp '^https://github.com/Picocrypt-NG/Picocrypt-NG/\.github/workflows/'