Skip to content

2.17

Choose a tag to compare

View all tags
@github-actions github-actions released this 20 Jun 19:30
· 380 commits to main since this release
2.17
424db61
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Downloads

Architecture Windows macOS Linux Android Web
x86-64 (64-bit) Installer · Portable · CLI AppImage · .deb · Binary · CLI · Snap APK Open
ARM64 (AArch64) DMG · CLI Binary · CLI APK
ARMv7 (32-bit) APK
x86 (32-bit) APK
  • 🌐 Web version — runs in any modern browser, nothing to install: https://picocrypt-ng.github.io/
  • Android — universal APK (any device, larger): Download
  • Windows 7/8 (legacy) CLI (x86-64): Download
  • macOS builds are Apple Silicon (ARM64) only.

What's new in 2.17

  • Web app: encryption options: the in-browser tool at picocrypt-ng.github.io now supports paranoid mode, header comments, keyfiles (with an optional enforced order), Reed-Solomon error correction, force-decrypt (best-effort recovery of a damaged or modified volume, clearly flagged as unverified), and plausible deniability — all byte-compatible with the desktop app, so a volume created in the browser opens on the desktop and vice versa
  • Web app: scope & privacy: the browser tool is fully client-side (files never leave your device) and handles files up to 1 GiB; volume splitting, recursive volumes, and multi-file or compressed archives remain desktop-only
  • Web app: usability: the file selector is re-enabled after a completed operation, so a second encrypt or decrypt no longer requires reloading the page
  • Internal: unified, stricter static analysis (gofumpt/goimports formatting and a curated golangci-lint set) across the codebase

Full changelog: https://github.com/Picocrypt-NG/Picocrypt-NG/blob/main/Changelog.md#v217

Verifying your download

Every artifact is signed with keyless cosign (a <file>.sigstore.json bundle ships next to it) and carries a GitHub build-provenance attestation. No keys to trust — the signature is bound to the exact GitHub Actions run that built the file.

Build provenance (easiest, needs the gh CLI):

gh attestation verify <file> --repo Picocrypt-NG/Picocrypt-NG

Cosign bundle (download the matching <file>.sigstore.json too):

cosign verify-blob <file> \
  --bundle <file>.sigstore.json \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp '^https://github.com/Picocrypt-NG/Picocrypt-NG/\.github/workflows/'
Assets 40
Loading