Skip to main content

ARCAN

ARCAN in a nutshell

Sovereign encryption, free from dependencies

ARCAN permanently encrypts your files and folders locally, without the need for a server, an account, data collection or any traceable information

ARIEL-IA presents ARCAN

CIVIL, SOVEREIGN AND OFFLINE CRYPTOGRAPHIC SUITE

Protect without monitoring

ARCAN is a 100% on-premises encryption suite, designed for government bodies, institutions, businesses and organisations that refuse to entrust their secrets to external servers.

  • No cloud, no telemetry, no accounts.
  • Your files stay where they belong: on your own device.
  • ARCAN is not a toy; losing your password means the file is lost forever.

Without the password, no one can recover the data

Cryptographic engine

AES-256-GCM

The AES 256 GSM engine is the global standard for banks, government agencies and the military, enabling ARCAN to be classified under: 5D002.c.1

The PBKDF2-HMAC (SHA-256) key derivation ensures absolute integrity, fully offline operation, no telemetry and no backdoors.

FUNDAMENTAL PRINCIPLES

What ARCAN guarantees by design

ARCAN has been designed as a civic, sovereign and ethical tool.

Security is not a marketing ploy here, but a mathematical contract between you and your data.

100% local

ARCAN Encrypts and decrypts data solely on the user’s device.

No servers, no mandatory connection, no use of external services

Offline forge

Every ARCAN executable is built, signed and verified in an offline cryptographic forge.

The binary you receive is the same one we have audited.

No cloud

No files are sent anywhere else.

You choose your storage media: internal hard drive, USB stick, or encrypted storage within your organisation.

No telemetry

ARCAN does not collect any usage statistics, identifiers or addresses.

It knows nothing about you, and does not need to know anything about you to protect you.

No subscription required

Perpetual licence per workstation, with no recurring costs.

Once activated, ARCAN continues to work, even without an internet connection.

WARNING

No passwords are stored

Passwords are neither stored nor transmitted. They are used solely to derive the encryption key, after which they are deleted.

Losing your password means you lose access to the file permanently.

KEY FEATURES

What ARCAN actually does

ARCAN has been designed to be easy to implement, easy to use and easy to explain to an auditor, a board of directors or a regulatory authority

File seals

Individual encryption of sensitive files (reports, contracts, export data, legal documents, etc.) with a cryptographic integrity log.

File seals

Recursive encryption of entire folders (projects, client folders, internal archives) in a single step, whilst preserving the folder structure.

Quick seal

‘Quick Seal’ mode for encrypting individual items (notes, snippets, temporary files) on the fly without any complex configuration.

Limited attempts

The number of password attempts is strictly limited for each seal.

Beyond that, the file is no longer accessible. Additional protection against brute-force attacks.

Chained integrity

Each seal may include an associated event log (date, context, operator) protected by a chained SHA-256 hash, in order to demonstrate integrity over time.

Universal reader

A ARCAN Reader allows you to open sealed files without exposing the full engine.

Ideal for inter-organisational exchanges and strictly controlled environments.

OFFICIAL VIDEO

Official presentation of ARCAN: architecture, cryptographic choices and the philosophy of sovereign, local and ethical security

ARCAN - KEY FEATURES

Seal, encrypt, verify – always locally

ARCAN is a civilian, sovereign and 100% offline cryptographic suite.

It allows you to seal documents, entire files or short texts, whilst guaranteeing the integrity and confidentiality of the data, with no cloud, no telemetry and no metadata collection.

ARCAN — Sovereignty

100% local
  • Offline
  • No cloud
  • No telemetry
  • Open and auditable architecture

THE FOUR MAIN MODULES

ARCAN is not just another “black box”, but a local cryptographic engine that provides you with simple, tailored and auditable tools to protect your data

PDF Seal

Permanently seals one or more PDF files.

The content is encrypted and encapsulated and can only be opened with the password chosen by the user.

Ideal for contracts, reports, sensitive documents, accounting records or legal documents

Seal Folder

Allows sealing a complete folder (directory tree preserved).

All files are encrypted as a single coherent block. Upon opening, the structure is restored exactly as it was at the time of sealing.

Perfect for client folders, internal projects, technical documentation or sensitive archives.

Quick Seal (text)

A module dedicated to short texts: master passwords, internal instructions, configuration fragments, sensitive notes.

The result is a portable encrypted block, easy to store in a password manager or a vault.

ARCAN Reader

Universal reader, 100% offline, designed for reading ARCAN sealed files.

It allows opening sealed files, verifying the integrity of the cryptographic log, and accessing content only if the correct password is provided.

The Reader is designed to be widely distributed, including to external partners, without exposing the full sealing engine or the offline forge process.

TECHNICAL GUARANTEES

What ARCAN guarantees — and what it will never do

ARCAN was designed as a digital sovereignty tool.

  • It protects, but does not monitor

  • It secures, but collects nothing

  • It encrypts, but keeps no key

Authenticated Encryption

The engine relies on AES-256-GCM to guarantee both the confidentiality and integrity of data.

Any alteration of the sealed file makes reading impossible without an explicit alert.

Reinforced Key Derivation

The password is never used "in plaintext" by the encryption engine.

ARCAN uses a PBKDF2-HMAC-SHA256 key derivation function, with a high number of iterations, making brute-force attacks mathematically impractical in real-world contexts.

Limited Attempts

The Reader enforces a limited password attempt policy.

Beyond a certain number of tries, the sealed file is considered compromised, protecting against massive offline attacks.

Chained Integrity Log

ARCAN maintains a chained cryptographic log (successive hashes) that detects any unauthorized modification.

This log can be verified during internal or external audits.

100% Offline

ARCAN does not connect to any server, does not contact any remote service, and sends no telemetry.

It can operate on isolated workstations, closed network segments, or air-gapped environments.

No Plan B

Losing the password means permanently losing access to the content.

There is no backdoor, no master key, and no hidden recovery procedure.

This rule is clearly explained to the user, as it is part of ARCAN’s philosophy.

ARCAN — OFFICIAL DOCUMENTATION

Doctrine, guides & resources

You will find here for direct download the essential ARCAN documentation:

  • Cryptographic Doctrine
  • Press Kit
  • User Guides
  • Technical Summaries

The entire ARCAN suite is 100% offline, ethical, and sovereign

ARCAN Doctrine v1.0

Architecture, philosophy, use cases, and technical guarantees.

ARCAN Mini-Guide — Console

User guide for the ARCAN Console, sealed files, usage logic and best practices.

ARCAN Reader Mini-Guide

Reading, integrity verification, and extraction of ARCAN sealed files.

Official ARIEL-IA Recommendations

Best practices for using and deploying ARCAN in businesses, public administrations, and institutions.

PHILOSOPHY

The spirit of ARCAN

  • ARCAN protects, but never monitors
  • ARCAN secures, but collects nothing
  • ARCAN encrypts, but keeps no key

Digital Sovereignty

Full control remains in the hands of the user or institution

Local Cryptographic Forge

Everything is done locally

No intermediary, no third-party service

Total Transparency

No hidden mechanisms

No secret recovery

A sovereignty tool, not a black box

ARCAN does not promise the impossible
  • It guarantees what it can guarantee, and fully assumes what it cannot do.
  • Clarity is part of its security.
  • A clear contract with your data — ARCAN hides nothing: it protects.
  • If the password is lost, the file is permanently lost.
  • There is no backup key, no workaround, no privileged access.

This constraint is intentional: it guarantees that no manufacturer, provider, authority, or attacker will ever have a “master key” over your sealed files.

ARCAN is part of a genuine digital sovereignty approach: what you encrypt belongs to you, and no one can take it from you.

Offline Cryptographic Forge

A clear contract with your data

All ARCAN executables are built and verified in an isolated, network-free environment before being signed.

You can therefore document the manufacturing process in the event of an inspection or independent audit.

CRYPTOGRAPHY

Technical overview

ARCAN’s cryptographic foundations are documented transparently, true to ARIEL-IA’s digital sovereignty philosophy

AES-256-GCM

Global standard used by banks, national administrations, and armed forces

Authenticated encryption guaranteeing confidentiality + integrity

Any modification of the sealed file results in a read failure

PBKDF2-HMAC-SHA256

Reinforced password derivation (robust KDF)

Brute-force attacks are mathematically impractical

5D002.c.1

Dual-use validation (civil and military-strategic) of the software by SECO

Zero Cloud

No server, no telemetry, no data collection, no outbound communication

Chained Integrity Log

Successive hashes to detect any fraudulent tampering

Limited Attempts

Protection against massive offline attacks via the Reader (attempt limitation)

No Plan B

  • No backdoor

  • No master key

  • No recovery


Losing the password = permanently impossible access

ARCAN LICENCES

Edition comparison

ARCAN comes in two editions:

Standard and Pro

Both versions use exactly the same cryptographic engine and the same security guarantees.

The Pro version adds advanced capabilities for professional environments requiring enhanced secret management.

Fonction ARCAN Standard ARCAN Pro
File encryption
AES-256-GCM Algorithm
Derivation PBKDF2-HMAC-SHA256
Batch mode (single password for the operation)
PER_FILE mode (different password per file)
Automatic password generation
Secure export of passwords
SHA-256 Integrity Log
QuickSeal (fast text encryption)

FUNDAMENTAL PRINCIPLE

Why ARCAN is not freely sold

ARCAN is not a mass-distributed encryption software

This choice is intentional

Modern cryptography possesses considerable power. In the wrong hands, it can protect activities contrary to law, ethics, or the safety of individuals.

ARIEL-IA therefore made a simple choice: not to distribute ARCAN as an anonymous, downloadable product.

Each license is subject to prior human validation.

This approach maintains a balance: protecting legitimate organizations while preventing the technology from being misused in ways contrary to the fundamental principles upheld by ARIEL-IA.

ARCAN is a protection technology

It was never designed to become a tool for opacity or impunity

ARCAN ELIGIBILITY FORM

(Businesses & organizations)

ARCAN ELIGIBILITY

Access to ARCAN is neither automatic nor guaranteed. ARIEL-IA reserves the exclusive right to grant or refuse ARCAN to any company, institution, or organization, without obligation to justify its decision.

Each application is subject to a human, offline evaluation, based on technical, operational and ethical criteria. A refusal is final, with no appeal and no possibility of review.

ARCAN is not intended for blind distribution. It is a high-impact civil cryptographic tool, whose use directly engages the responsibility of its holder.

This framework is non-negotiable.

Payment & settlement

An ARCAN pre-order does not trigger any payment request. No amount is required at this stage, including within the framework of an authorized technical partnership request.

Payment occurs only after validation, at the time of delivery of the ARCAN executable and the associated license.

Settlement is made exclusively by bank transfer, according to the terms communicated at the time of final validation.

ALAIN FARRUGIA

Chairman NOVUSVIA

ARIEL-IA TRUSTED PARTNER

Making information technologies more human and more secure

It is with great pleasure that I can announce that we have the chance to collaborate as Trusted Partners with the very welcoming team at ARIEL-IA.

It is obviously a great honor to have been accepted by experts of such a level of competence.

Thanks to this mutual trust, you can order your ARCAN STANDARD or ARCAN PRO licenses with a 10% discount.

I follow your orders and remain reachable via our contact form for any request or issue you may encounter.

STANDARD LICENCE

CHF 845.-
  • Perpetual license
  • No subscription
  • 100% offline operation
  • One workstation = one license

CHF 845.- / -10% = CHF 760.50

Your savings = CHF 84.50

PRO LICENCE

CHF 1'690.-
  • Perpetual license
  • No subscription
  • 100% offline operation
  • One workstation = one license

CHF 1'690.- / -10% = CHF 1'521.-

Your savings = CHF 169.-

ABSOLUTE DATA PROTECTION

Manual processing & offline storage

The way we handle your license requests reflects ARCAN’s philosophy:

  • No opaque automation
  • No mass processing
  • No black box

A human process, not algorithmic

The information you provide us for an ARCAN license request never passes through an automated processing or analysis system.

Each application is manually reviewed by a human.

No third-party service, no AI, no scoring engine is involved in this process.

Offline storage

After processing, useful data (license history, contact details, supporting documents) is transferred to fully offline storage media (air-gapped systems, hotswap drives, or dedicated external drives).

Copies present on connected systems are then deleted.

No online database, no cloud, no external indexing.

In practice: your application information cannot be analyzed, resold, scanned, or retrieved by a third party.

We apply to your administrative data the same rigor as that applied to ARCAN’s cryptographic engine.

THE ARCAN FORGE

Manufacturing ARCAN consoles

ARCAN consoles are custom-manufactured for each client, in absolute security, 100% offline

ARCAN was built around a simple idea: to make any compromise of the system technically impossible

Each ARCAN console is completely autonomous and isolated.

No shared infrastructure, no universal key, no security link between two different clients.

Even if a client’s entire environment were to be compromised, this would give strictly no access to another client’s files or consoles.

Each license is custom-made for a specific company, with an exact number of consoles defined from the outset.

Therefore, there is no exploitable duplication mechanism, no generic generation, and no way to reproduce a valid console outside the secure ARCAN environment.

The ARCAN FORGE operates entirely offline.

No network connection, no remote access, no external entry point.

It is physically cut off from the digital world.

Without direct access to the FORGE, no attack is conceivable.

Even updates follow an extreme isolation protocol: the FORGE is physically removed before any intervention, then reinstalled only after complete system validation, in an environment that is once again totally disconnected.

ARCAN’s industrial production relies on an absolute security logic: if the slightest security parameter is not perfectly compliant, no ARCAN console is generated.

ARCAN therefore does not rely solely on extremely advanced encryption, but on a complete architecture of physical, cryptographic, and industrial isolation, designed to eliminate any possibility of compromise

In practice: it is impossible to crack an ARCAN console.

And it is equally impossible to compromise the ARCAN FORGE.