Skip to content

CipherBoard 0.1.0

Pre-release
Pre-release

Choose a tag to compare

@bglglzd bglglzd released this 13 Jul 16:23
Immutable release. Only release title and notes can be modified.

CipherBoard 0.1.0

This is the first public preview of CipherBoard, an offline-first encrypted Android keyboard designed primarily for current GrapheneOS devices.

Included

  • HeliBoard-based English/Russian IME with emoji, symbols, themes, and normal keyboard mode
  • local identities and contacts with physical two-way QR pairing
  • Olm Double Ratchet sessions through pinned vodozemac 0.10.0
  • authenticated Android Keystore Vault with StrongBox-first and verified TEE fallback
  • protected Secure Composer that commits only CB1: ciphertext to the host app
  • read-only ACTION_PROCESS_TEXT decryption in a FLAG_SECURE viewer
  • bounded canonical-CBOR transport parser, multipart assembly, replay protection, and atomic ratchet persistence
  • English and Russian product UI and security documentation

Verification

  • Release source tag: v0.1.0
  • Release source commit: d96e3cf4858a3f2b92b73bf5e1d4ccdd2217b1b7
  • APK SHA-256: 8b6e6e0cc09420337a5f178452e2b2be6914a2671cccf49c4bb599b58b567c04
  • Signing certificate SHA-256: c3b770778fb255c0ed9c025b468fe0592352fedf0e5f9e1580d4e8529e9e27b8
  • Release ABI: arm64-v8a
  • Runtime network permission: none

RELEASE_ARTIFACTS.sha256 is the authoritative inventory for every attached file. The repository's published-release workflow independently verifies that inventory, the signed APK, source archive, SBOM, offline vulnerability report, native hardening, permissions, and certificate pin.

Security status

CipherBoard is pre-1.0 security-sensitive software. The exact release passed automated unit, parser, JNI, lint, static-analysis, APK-policy, vulnerability, and API 36 AOSP instrumentation gates. It has not received an independent applied-cryptography or Android security audit, and physical GrapheneOS/two-device validation remains required before high-risk reliance.

Read README, THREAT_MODEL.md, SECURITY_REVIEW.md, and BUILD.md before installation.