CipherBoard 0.1.0
Pre-releaseCipherBoard 0.1.0
This is the first public preview of CipherBoard, an offline-first encrypted Android keyboard designed primarily for current GrapheneOS devices.
Included
- HeliBoard-based English/Russian IME with emoji, symbols, themes, and normal keyboard mode
- local identities and contacts with physical two-way QR pairing
- Olm Double Ratchet sessions through pinned
vodozemac 0.10.0 - authenticated Android Keystore Vault with StrongBox-first and verified TEE fallback
- protected Secure Composer that commits only
CB1:ciphertext to the host app - read-only
ACTION_PROCESS_TEXTdecryption in aFLAG_SECUREviewer - bounded canonical-CBOR transport parser, multipart assembly, replay protection, and atomic ratchet persistence
- English and Russian product UI and security documentation
Verification
- Release source tag:
v0.1.0 - Release source commit:
d96e3cf4858a3f2b92b73bf5e1d4ccdd2217b1b7 - APK SHA-256:
8b6e6e0cc09420337a5f178452e2b2be6914a2671cccf49c4bb599b58b567c04 - Signing certificate SHA-256:
c3b770778fb255c0ed9c025b468fe0592352fedf0e5f9e1580d4e8529e9e27b8 - Release ABI:
arm64-v8a - Runtime network permission: none
RELEASE_ARTIFACTS.sha256 is the authoritative inventory for every attached file. The repository's published-release workflow independently verifies that inventory, the signed APK, source archive, SBOM, offline vulnerability report, native hardening, permissions, and certificate pin.
Security status
CipherBoard is pre-1.0 security-sensitive software. The exact release passed automated unit, parser, JNI, lint, static-analysis, APK-policy, vulnerability, and API 36 AOSP instrumentation gates. It has not received an independent applied-cryptography or Android security audit, and physical GrapheneOS/two-device validation remains required before high-risk reliance.
Read README, THREAT_MODEL.md, SECURITY_REVIEW.md, and BUILD.md before installation.