Trust and Security

How we ensure that the Nucube app is authentic and secure.
2026-02-21 • EN

Security First

Nucube is built on the principle of local trust. To ensure you are running the genuine app and that your updates haven’t been tampered with, we sign all our releases across all platforms that we support.

Releases that are on public stores such as Google Play or Snap Store are signed using the platform mechanism.

Release Signing

Linux (Deb & Rpm)

Our Linux releases are signed with a detached GPG signature (.asc file). You can verify the authenticity of a downloaded .deb or .rpm file by importing our public key and running the verify command:

  1. Download our Public Key: nucube.pgp
  2. Import the key: gpg --import nucube.pgp
  3. Verify the release: gpg —verify Nucube_0.7.4-0_amd64.deb.asc Nucube_0.7.4-0_amd64.deb

Key ID for reference: 7BE3B24553706B70

Windows & Updates

Windows builds are not Authenticode signed so you may see a “Windows protected your PC” warning on the very first install. All subsequent updates are cryptographically verified by Tauri’s Minisign updater.

The app automatically validates every update using the public key bundled within the binary. If you want to verify it manually:

  1. Download our Public Key: nucube.pub
  2. Verify the installer: minisign -Vm Nucube_0.7.4_x64_en-US.msi -p nucube.pub

For more information, see our security.txt.