Sounds like what you’re looking for is PGP/GPG. Been around for a while, but does the job well.
Also, I doubt most projects built outside of the UK (or Europe as the EU seems to be moving in a similar direction) will actually comply and backdoor their own software. As long as you have internet they’ll always be actually secure software to download.