Skip to content

Releases: arcsignio/arcsign

ArcSign v1.5.4

Choose a tag to compare

@github-actions github-actions released this 06 Jul 02:34

ArcSign v1.5.4

What's Changed

Changed

  • WalletDetail refactored from a 2979-line component into focused units.
    The largest frontend file after v1.5.3 is now a ~2142-line coordinator.
    Extracted: pure token-metadata enrichment (enrichTokens.ts, deduping three
    identical copies), pure formatters (walletDetailFormat.ts), the seven
    full-screen sub-view dispatch blocks (walletDetail/WalletDetailViews.tsx),
    and the unlock → passphrase → load-balances state machine (useWalletData.ts).
    Behavior is unchanged; the signing-sensitive validatedPassphrase and
    passwordRef plumbing is byte-identical to before, verified end-to-end.
    The asset-list render body stays in the main component (its extraction is
    planned for a later release).

Downloads

Platform File
macOS (Apple Silicon) ArcSign-macOS-ARM64.dmg
Windows (x64) ArcSign-Windows-x64.msi
Linux (x64) ArcSign-Linux-x64.deb, .AppImage

Verification

SHA256SUMS covers both the installer bundles and the Go
shared library (libarcsign.dylib / .so / .dll). See
docs/reproducible-builds.md
for how to rebuild from source and verify the hash matches.

Install (macOS / Linux)

bash <(curl -fsSL https://arcsign.io/install.sh)

ArcSign v1.5.3

Choose a tag to compare

@github-actions github-actions released this 03 Jul 03:28

ArcSign v1.5.3

What's Changed

Changed

  • SwapTransaction refactored from a 3238-line component into focused units.
    Pure formatters moved to swapFormat.ts, the flow state machine to a
    useSwapFlow hook, and each step rendered by a small presentational component
    under components/swap/. The main component is now a ~355-line coordinator.
    Behavior is unchanged; the mandatory backend sign-gate and its
    acknowledgedRisk plumbing are byte-identical to before.
  • Swap orchestration extracted into a pure swapService.ts. The multi-step
    build → sign → broadcast → record sequence (for both approval and swap) now
    lives in a React-free service that the hook calls; the service reports progress
    via a callback and throws stable error codes the hook maps to i18n. Every
    signTransaction call is byte-identical to the pre-refactor code, verified
    field-by-field. No Go / backend changes.

Fixed

  • Return to the asset list and refresh balances after a successful swap.
    Previously the swap success handler only logged; the view stayed open and
    balances weren't refreshed. It now closes the swap view and re-fetches
    balances. The same pre-existing bug in the Send flow is fixed the same way.

Downloads

Platform File
macOS (Apple Silicon) ArcSign-macOS-ARM64.dmg
Windows (x64) ArcSign-Windows-x64.msi
Linux (x64) ArcSign-Linux-x64.deb, .AppImage

Verification

SHA256SUMS covers both the installer bundles and the Go
shared library (libarcsign.dylib / .so / .dll). See
docs/reproducible-builds.md
for how to rebuild from source and verify the hash matches.

Install (macOS / Linux)

bash <(curl -fsSL https://arcsign.io/install.sh)

ArcSign v1.5.2

Choose a tag to compare

@github-actions github-actions released this 01 Jul 02:11

ArcSign v1.5.2

What's Changed

Security

  • Mint-page connection pairing gate. The localhost WebSocket (127.0.0.1:9527)
    used by the Pro NFT mint page now requires a one-time 8-digit pairing code
    (shown in the desktop app, entered in the mint page) before any account or
    signing method is allowed — 60s TTL, 3-attempt lockout, constant-time
    comparison. Replaces the prior boolean-authenticated model.
  • Origin allowlist hardening. Production builds reject empty Origin
    (non-browser local processes) and localhost dev ports; only the apex mint-page
    origin and Tauri's own webview origins are allowed. Origin comparison is now
    case-insensitive per RFC 6454.
  • Pairing-code comparison length gate. A length mismatch now folds into the
    same wrong-attempt path as a content mismatch, removing a distinguishable
    early return so the constant-time compare is honest end-to-end.

Changed

  • Dev / production build split. Developer-only WebSocket auto-sign helpers
    are compiled behind a dev-mode feature; production builds return a friendly
    error instead. CI publishes both a production release (3 platforms) and a
    -dev build (macOS/Linux).
  • Signing paths (transaction / message / typed-data) consolidated through a
    single deriveSecureSigner (decrypt + derive), byte-identical to the prior
    per-path code.

Fixed

  • Swap quote resilience. OpenOcean and KyberSwap clients send a browser-like
    User-Agent to avoid Cloudflare 403s. Free users whose OpenOcean quote/build
    fails now fall back to KyberSwap automatically (no referrer fee on the
    fallback), for both quote and transaction build.
  • Swap confirm shows the route you'll actually sign. When a free-user swap
    falls back to a different provider between quote and build, the confirmation
    step shows a "route updated" notice with the actual provider and fee.

Downloads

Platform File
macOS (Apple Silicon) ArcSign-macOS-ARM64.dmg
Windows (x64) ArcSign-Windows-x64.msi
Linux (x64) ArcSign-Linux-x64.deb, .AppImage

Verification

SHA256SUMS covers both the installer bundles and the Go
shared library (libarcsign.dylib / .so / .dll). See
docs/reproducible-builds.md
for how to rebuild from source and verify the hash matches.

Install (macOS / Linux)

bash <(curl -fsSL https://arcsign.io/install.sh)

ArcSign v1.5.1

Choose a tag to compare

@github-actions github-actions released this 25 Jun 02:31

ArcSign v1.5.1

What's Changed

Security

  • Every signing path now passes through one mandatory backend gate before a
    private key is touched.
    Previously, eth_signTypedData (EIP-712) and
    personal_sign reached signing without any security check — the main attack
    surface for phishing signatures (malicious Permit / Permit2 /
    setApprovalForAll). Transactions, EIP-712 typed data, and messages now all
    route through the same architecturally-unbypassable gate.
  • EIP-712 verifyingContract normalization defense. A non-canonical
    verifyingContract (e.g. a decimal number instead of a 0x address — the
    ScamSniffer/SlowMist bypass that affected 40+ wallets) is flagged as danger
    instead of rendering blank.
  • Blocklist screening of signature contents. The spender / operator /
    verifyingContract embedded in an EIP-712 request, and any 0x address in a
    personal_sign message, are screened against the embedded blocklist
    (OFAC-sanctioned + known scam spenders). Free, offline, no API key.
  • Danger detected and not acknowledged → the backend refuses to sign; the
    private key is never decrypted or touched.

Changed

  • Private-key derivation is consolidated into a single entry point
    (deriveAndSign) whose first step is the security gate — no signing path can
    reach key material without passing it.
  • mapSignError delegates to MapWalletError, restoring specific error codes
    (e.g. wrong-password) for message/typed-data signing, consistent with
    SignTransaction.

Fixed

  • Rust SignMessageInput / SignTypedDataInput were missing the
    acknowledged_risk field, so the user's risk acknowledgement was silently
    dropped before reaching the backend gate. Plumbed end-to-end.

Downloads

Platform File
macOS (Apple Silicon) ArcSign-macOS-ARM64.dmg
Windows (x64) ArcSign-Windows-x64.msi
Linux (x64) ArcSign-Linux-x64.deb, .AppImage

Verification

SHA256SUMS covers both the installer bundles and the Go
shared library (libarcsign.dylib / .so / .dll). See
docs/reproducible-builds.md
for how to rebuild from source and verify the hash matches.

Install (macOS / Linux)

bash <(curl -fsSL https://arcsign.io/install.sh)

ArcSign v1.5.0

Choose a tag to compare

@github-actions github-actions released this 23 Jun 07:20

ArcSign v1.5.0

Downloads

Platform File
macOS (Apple Silicon) ArcSign-macOS-ARM64.dmg
Windows (x64) ArcSign-Windows-x64.msi
Linux (x64) ArcSign-Linux-x64.deb, .AppImage

Verification

SHA256SUMS covers both the installer bundles and the Go
shared library (libarcsign.dylib / .so / .dll). See
docs/reproducible-builds.md
for how to rebuild from source and verify the hash matches.

Install (macOS / Linux)

bash <(curl -fsSL https://arcsign.io/install.sh)

ArcSign v1.4.0

Choose a tag to compare

@github-actions github-actions released this 15 May 05:36

ArcSign v1.4.0 — Open Source Launch

This is ArcSign's first public release. Apache 2.0 licensed, open source, with reproducible builds.

ArcSign is a USB-only cold wallet for Bitcoin and 6 EVM chains. Private keys
never leave the USB drive. The .arcsign backup file is AES-256 encrypted at
export, so a stolen backup file is not a stolen wallet.

Why this exists

Hardware wallets cost $79–$149, lock you into a specific device, and aren't
something you can carry through a border crossing without questions. Software
wallets are convenient but store keys on a hard drive that any malware can
read. ArcSign is the middle path: install on any USB stick you already own,
unplug it when you're done, and your keys are out of reach of anything
running on the computer.

The original audience I had in mind was people who need to actually carry
their money with them — refugees, journalists in hostile jurisdictions,
people whose bank accounts have been frozen. They don't have time to wait
for a Ledger to arrive in the mail. But the same tradeoffs make sense for
everyone who wants strong cold-storage security at zero hardware cost.

What's in this release

  • Multi-chain HD wallet — Bitcoin + 6 major EVM chains
    (Ethereum, BSC, Polygon, Arbitrum, Optimism, Base)
  • USB-only cold storage — private keys generated and stored only on the
    USB device, never on the host filesystem
  • .arcsign encrypted backup — AES-256 at export, replaces paper seed
    phrases
  • DEX swap aggregator — OpenOcean + KyberSwap parallel quotes, picks the
    best route automatically
  • Token approval manager — view and revoke ERC-20 approvals across 6
    chains. Pro members get batch revoke.
  • NFT gallery — cross-chain ERC-721 / ERC-1155 display
  • DeFi positions — liquid staking (stETH, ankrETH, ankrBNB) with real-time APY
  • WalletConnect — sign transactions from cold storage when connecting to
    dApps
  • Pro membership — optional 30 USDT/year NFT on BSC for advanced features

Downloads

Platform File
macOS (Apple Silicon) ArcSign-macOS-ARM64.dmg
Windows (x64) ArcSign-Windows-x64.msi
Linux (x64) — Debian/Ubuntu ArcSign-Linux-x64.deb
Linux (x64) — universal ArcSign-Linux-x64.AppImage

Also included: libarcsign.dylib, libarcsign.so, arcsign.dll (the Go
shared library that the desktop app loads — published so you can verify the
bundled copy matches).

Verification

Every release ships with SHA256SUMS covering both the installer bundles
and the Go shared library. To verify your download:

shasum -a 256 -c SHA256SUMS --ignore-missing

For full reproducible builds — clone the source at this tag, run
make build-reproducible, and the resulting SHA-256 should match what's
published here. If it doesn't, something was tampered with. See
docs/reproducible-builds.md
for the full procedure.

Install (macOS / Linux)

bash <(curl -fsSL https://arcsign.io/install.sh)

The install script verifies the SHA-256 against the published SHA256SUMS
before installing. Source: install.sh.

Open source

Every official on-chain address (Pro NFT contract, referral contract, swap
referrer) is a compile-time Go constant. They are printed at app startup
and documented at
OFFICIAL_ADDRESSES.md
so you can verify against BscScan.

Known limitations

  • macOS Intel and Linux ARM are not yet built. Open an issue if you need them.
  • The macOS DMG is unsigned (no Apple Developer Program enrollment yet) —
    you'll need to right-click → Open the first time, or run
    xattr -d com.apple.quarantine /Applications/ArcSign.app after install.
  • Windows installer is unsigned (no EV cert yet) — SmartScreen will warn on
    first launch.

These are funding constraints, not technical ones. They'll get fixed as
the project matures.

What's next

See ROADMAP.md.
Mobile companion app, additional chains, hardware wallet bridging are the
next priorities — in roughly that order.


Bug reports, security disclosures, and pull requests welcome.
Thanks for taking a look.