ARCAN
ARCAN in a nutshell
Sovereign encryption, free from dependencies
ARCAN permanently encrypts your files and folders locally, without the need for a server, an account, data collection or any traceable information
ARIEL-IA presents ARCAN
CIVIL, SOVEREIGN AND OFFLINE CRYPTOGRAPHIC SUITE
Protect without monitoring
ARCAN is a 100% on-premises encryption suite, designed for government bodies, institutions, businesses and organisations that refuse to entrust their secrets to external servers.
- No cloud, no telemetry, no accounts.
- Your files stay where they belong: on your own device.
- ARCAN is not a toy; losing your password means the file is lost forever.
Without the password, no one can recover the data
AES-256-GCM
The AES 256 GSM engine is the global standard for banks, government agencies and the military, enabling ARCAN to be classified under: 5D002.c.1
The PBKDF2-HMAC (SHA-256) key derivation ensures absolute integrity, fully offline operation, no telemetry and no backdoors.
FUNDAMENTAL PRINCIPLES
What ARCAN guarantees by design
ARCAN has been designed as a civic, sovereign and ethical tool.
Security is not a marketing ploy here, but a mathematical contract between you and your data.
100% local
ARCAN Encrypts and decrypts data solely on the user’s device.
No servers, no mandatory connection, no use of external services
Offline forge
Every ARCAN executable is built, signed and verified in an offline cryptographic forge.
The binary you receive is the same one we have audited.
No cloud
No files are sent anywhere else.
You choose your storage media: internal hard drive, USB stick, or encrypted storage within your organisation.
No telemetry
ARCAN does not collect any usage statistics, identifiers or addresses.
It knows nothing about you, and does not need to know anything about you to protect you.
No subscription required
Perpetual licence per workstation, with no recurring costs.
Once activated, ARCAN continues to work, even without an internet connection.
WARNING
Passwords are neither stored nor transmitted. They are used solely to derive the encryption key, after which they are deleted.
Losing your password means you lose access to the file permanently.
KEY FEATURES
What ARCAN actually does
ARCAN has been designed to be easy to implement, easy to use and easy to explain to an auditor, a board of directors or a regulatory authority
File seals
Individual encryption of sensitive files (reports, contracts, export data, legal documents, etc.) with a cryptographic integrity log.
File seals
Quick seal
Limited attempts
The number of password attempts is strictly limited for each seal.
Beyond that, the file is no longer accessible. Additional protection against brute-force attacks.
Chained integrity
Universal reader
A ARCAN Reader allows you to open sealed files without exposing the full engine.
Ideal for inter-organisational exchanges and strictly controlled environments.
OFFICIAL VIDEO
Official presentation of ARCAN: architecture, cryptographic choices and the philosophy of sovereign, local and ethical security
ARCAN - KEY FEATURES
Seal, encrypt, verify – always locally
ARCAN is a civilian, sovereign and 100% offline cryptographic suite.
It allows you to seal documents, entire files or short texts, whilst guaranteeing the integrity and confidentiality of the data, with no cloud, no telemetry and no metadata collection.
ARCAN — Sovereignty
- Offline
- No cloud
- No telemetry
- Open and auditable architecture
THE FOUR MAIN MODULES
ARCAN is not just another “black box”, but a local cryptographic engine that provides you with simple, tailored and auditable tools to protect your data
PDF Seal
Permanently seals one or more PDF files.
The content is encrypted and encapsulated and can only be opened with the password chosen by the user.
Ideal for contracts, reports, sensitive documents, accounting records or legal documents
Seal Folder
Allows sealing a complete folder (directory tree preserved).
All files are encrypted as a single coherent block. Upon opening, the structure is restored exactly as it was at the time of sealing.
Perfect for client folders, internal projects, technical documentation or sensitive archives.
Quick Seal (text)
A module dedicated to short texts: master passwords, internal instructions, configuration fragments, sensitive notes.
The result is a portable encrypted block, easy to store in a password manager or a vault.
ARCAN Reader
Universal reader, 100% offline, designed for reading ARCAN sealed files.
It allows opening sealed files, verifying the integrity of the cryptographic log, and accessing content only if the correct password is provided.
The Reader is designed to be widely distributed, including to external partners, without exposing the full sealing engine or the offline forge process.
TECHNICAL GUARANTEES
What ARCAN guarantees — and what it will never do
ARCAN was designed as a digital sovereignty tool.
-
It protects, but does not monitor
-
It secures, but collects nothing
-
It encrypts, but keeps no key
Authenticated Encryption
The engine relies on AES-256-GCM to guarantee both the confidentiality and integrity of data.
Any alteration of the sealed file makes reading impossible without an explicit alert.
Reinforced Key Derivation
The password is never used "in plaintext" by the encryption engine.
ARCAN uses a PBKDF2-HMAC-SHA256 key derivation function, with a high number of iterations, making brute-force attacks mathematically impractical in real-world contexts.
Limited Attempts
The Reader enforces a limited password attempt policy.
Beyond a certain number of tries, the sealed file is considered compromised, protecting against massive offline attacks.
Chained Integrity Log
ARCAN maintains a chained cryptographic log (successive hashes) that detects any unauthorized modification.
This log can be verified during internal or external audits.
100% Offline
ARCAN does not connect to any server, does not contact any remote service, and sends no telemetry.
It can operate on isolated workstations, closed network segments, or air-gapped environments.
No Plan B
Losing the password means permanently losing access to the content.
There is no backdoor, no master key, and no hidden recovery procedure.
This rule is clearly explained to the user, as it is part of ARCAN’s philosophy.
ARCAN — OFFICIAL DOCUMENTATION
Doctrine, guides & resources
You will find here for direct download the essential ARCAN documentation:
- Cryptographic Doctrine
- Press Kit
- User Guides
- Technical Summaries
The entire ARCAN suite is 100% offline, ethical, and sovereign
ARCAN Mini-Guide — Console
User guide for the ARCAN Console, sealed files, usage logic and best practices.
ARCAN Reader Mini-Guide
Reading, integrity verification, and extraction of ARCAN sealed files.
Official ARIEL-IA Recommendations
Best practices for using and deploying ARCAN in businesses, public administrations, and institutions.
The spirit of ARCAN
- ARCAN protects, but never monitors
- ARCAN secures, but collects nothing
- ARCAN encrypts, but keeps no key
Digital Sovereignty
Full control remains in the hands of the user or institution
Local Cryptographic Forge
Everything is done locally
No intermediary, no third-party service
Total Transparency
No hidden mechanisms
No secret recovery
A sovereignty tool, not a black box
- It guarantees what it can guarantee, and fully assumes what it cannot do.
- Clarity is part of its security.
- A clear contract with your data — ARCAN hides nothing: it protects.
- If the password is lost, the file is permanently lost.
- There is no backup key, no workaround, no privileged access.
This constraint is intentional: it guarantees that no manufacturer, provider, authority, or attacker will ever have a “master key” over your sealed files.
ARCAN is part of a genuine digital sovereignty approach: what you encrypt belongs to you, and no one can take it from you.
Offline Cryptographic Forge
All ARCAN executables are built and verified in an isolated, network-free environment before being signed.
You can therefore document the manufacturing process in the event of an inspection or independent audit.
CRYPTOGRAPHY
Technical overview
ARCAN’s cryptographic foundations are documented transparently, true to ARIEL-IA’s digital sovereignty philosophy
AES-256-GCM
Authenticated encryption guaranteeing confidentiality + integrity
Any modification of the sealed file results in a read failure
PBKDF2-HMAC-SHA256
Reinforced password derivation (robust KDF)
Brute-force attacks are mathematically impractical
5D002.c.1
Dual-use validation (civil and military-strategic) of the software by SECO
Zero Cloud
No server, no telemetry, no data collection, no outbound communication
Chained Integrity Log
Successive hashes to detect any fraudulent tampering
Limited Attempts
Protection against massive offline attacks via the Reader (attempt limitation)
No Plan B
-
No backdoor
-
No master key
-
No recovery
Losing the password = permanently impossible access
ARCAN LICENCES
ARCAN comes in two editions:
Standard and Pro
Both versions use exactly the same cryptographic engine and the same security guarantees.
The Pro version adds advanced capabilities for professional environments requiring enhanced secret management.
| Fonction | ARCAN Standard | ARCAN Pro |
|---|---|---|
| File encryption | ✔ | ✔ |
| AES-256-GCM Algorithm | ✔ | ✔ |
| Derivation PBKDF2-HMAC-SHA256 | ✔ | ✔ |
| Batch mode (single password for the operation) | ✔ | ✔ |
| PER_FILE mode (different password per file) | — | ✔ |
| Automatic password generation | — | ✔ |
| Secure export of passwords | — | ✔ |
| SHA-256 Integrity Log | ✔ | ✔ |
| QuickSeal (fast text encryption) | ✔ | ✔ |
FUNDAMENTAL PRINCIPLE
ARCAN is not a mass-distributed encryption software
This choice is intentional
Modern cryptography possesses considerable power. In the wrong hands, it can protect activities contrary to law, ethics, or the safety of individuals.
ARIEL-IA therefore made a simple choice: not to distribute ARCAN as an anonymous, downloadable product.
Each license is subject to prior human validation.
This approach maintains a balance: protecting legitimate organizations while preventing the technology from being misused in ways contrary to the fundamental principles upheld by ARIEL-IA.
ARCAN is a protection technology
It was never designed to become a tool for opacity or impunity
ARCAN ELIGIBILITY FORM
(Businesses & organizations)
ARCAN ELIGIBILITY
Access to ARCAN is neither automatic nor guaranteed. ARIEL-IA reserves the exclusive right to grant or refuse ARCAN to any company, institution, or organization, without obligation to justify its decision.
Each application is subject to a human, offline evaluation, based on technical, operational and ethical criteria. A refusal is final, with no appeal and no possibility of review.
ARCAN is not intended for blind distribution. It is a high-impact civil cryptographic tool, whose use directly engages the responsibility of its holder.
This framework is non-negotiable.
Payment & settlement
An ARCAN pre-order does not trigger any payment request. No amount is required at this stage, including within the framework of an authorized technical partnership request.
Payment occurs only after validation, at the time of delivery of the ARCAN executable and the associated license.
Settlement is made exclusively by bank transfer, according to the terms communicated at the time of final validation.
ALAIN FARRUGIA
ARIEL-IA TRUSTED PARTNER
Making information technologies more human and more secure
It is with great pleasure that I can announce that we have the chance to collaborate as Trusted Partners with the very welcoming team at ARIEL-IA.
It is obviously a great honor to have been accepted by experts of such a level of competence.
Thanks to this mutual trust, you can order your ARCAN STANDARD or ARCAN PRO licenses with a 10% discount.
I follow your orders and remain reachable via our contact form for any request or issue you may encounter.
STANDARD LICENCE
- Perpetual license
- No subscription
- 100% offline operation
- One workstation = one license
CHF 845.- / -10% = CHF 760.50
Your savings = CHF 84.50
PRO LICENCE
- Perpetual license
- No subscription
- 100% offline operation
- One workstation = one license
CHF 1'690.- / -10% = CHF 1'521.-
Your savings = CHF 169.-
ABSOLUTE DATA PROTECTION
Manual processing & offline storage
The way we handle your license requests reflects ARCAN’s philosophy:
- No opaque automation
- No mass processing
- No black box
A human process, not algorithmic
The information you provide us for an ARCAN license request never passes through an automated processing or analysis system.
Each application is manually reviewed by a human.
No third-party service, no AI, no scoring engine is involved in this process.
Offline storage
After processing, useful data (license history, contact details, supporting documents) is transferred to fully offline storage media (air-gapped systems, hotswap drives, or dedicated external drives).
Copies present on connected systems are then deleted.
No online database, no cloud, no external indexing.
In practice: your application information cannot be analyzed, resold, scanned, or retrieved by a third party.
We apply to your administrative data the same rigor as that applied to ARCAN’s cryptographic engine.
THE ARCAN FORGE
Manufacturing ARCAN consoles
ARCAN consoles are custom-manufactured for each client, in absolute security, 100% offline
ARCAN was built around a simple idea: to make any compromise of the system technically impossible
Each ARCAN console is completely autonomous and isolated.
No shared infrastructure, no universal key, no security link between two different clients.
Even if a client’s entire environment were to be compromised, this would give strictly no access to another client’s files or consoles.
Each license is custom-made for a specific company, with an exact number of consoles defined from the outset.
Therefore, there is no exploitable duplication mechanism, no generic generation, and no way to reproduce a valid console outside the secure ARCAN environment.
The ARCAN FORGE operates entirely offline.
No network connection, no remote access, no external entry point.
It is physically cut off from the digital world.
Without direct access to the FORGE, no attack is conceivable.
Even updates follow an extreme isolation protocol: the FORGE is physically removed before any intervention, then reinstalled only after complete system validation, in an environment that is once again totally disconnected.
ARCAN’s industrial production relies on an absolute security logic: if the slightest security parameter is not perfectly compliant, no ARCAN console is generated.
ARCAN therefore does not rely solely on extremely advanced encryption, but on a complete architecture of physical, cryptographic, and industrial isolation, designed to eliminate any possibility of compromise
In practice: it is impossible to crack an ARCAN console.
And it is equally impossible to compromise the ARCAN FORGE.
English
Français
