XCiL is an integrity platform for data and files that must remain provably authentic across disconnected environments, untrusted transports, and decades of time. Every artifact carries its own cryptographic proof. No servers. No cloud. No network. No ongoing trust relationship required.
Files, documents, sensor streams, log entries, intelligence products, software artifacts, evidence chains — if it's bytes, XCiL can seal it and make it self-verifying, offline, forever.
Code signing needs OCSP callbacks. Blockchain needs consensus. Host integrity tools need agents. Cloud storage needs continuous connectivity. Traditional encryption protects confidentiality but proves nothing about authenticity after decryption.
XCiL seals data and files so they verify themselves offline with no server, no callback, no CA to contact, no trust relationship to maintain. Each sealed artifact is a self-contained cryptographic record: integrity, identity, chain of custody, and provable non-modification — all verifiable with a single binary and the file in hand.
Contracts, reports, evidence, operations orders, intelligence products, imagery. Any file becomes self-verifying with embedded identity attestation and chain of custody. Verifiable decades later with no infrastructure.
Seal each frame at the source. Any byte stream — video, audio, LiDAR, SDR captures, platform telemetry, CoT messages — gets cryptographic integrity at line rate. Downstream consumers reject tampered frames, accept verified ones.
Investigation exhibits, body-cam footage, forensic disk images, audit trails. Each handler stacks their own attestation ceremony onto the artifact. The chain of custody lives inside the file — not in a database that can be edited.
After a software-supply-chain compromise, code signing with live-key CAs is no longer enough. XCiL seals build outputs so tampering anywhere between pipeline and deployment — including inside a compromised repository — is immediately detectable offline.
When data must stay confidential in transit, XCiL produces an encrypted secure-transit artifact. Recipients verify the envelope offline, enter a short transit code communicated out-of-band, and receive the authenticated payload — no PKI exchange required.
Records with 10-, 30-, or 100-year retention must remain verifiable long after the issuing CA has been revoked, rotated, or shut down. XCiL artifacts do not depend on live revocation status — they verify against an immutable trust anchor embedded in the verifier.
Every XCiL-sealed artifact is a self-contained envelope that carries the data, the identity that produced it, and a complete set of cryptographic proofs. Verification is deterministic and offline. A single binary plus the sealed file is enough to independently validate every layer.
No network calls. No certificate authority lookups. No trust relationship to maintain. The verifier ships with an immutable trust anchor; the sealed artifact ships with everything else.
SHA-256 digest across every protected region — single-byte modification instantly detected
Merkle proof confirms the artifact belongs to the declared set — nothing inserted, removed, or reordered
ECDSA P-256 signature proves the sealing ceremony happened — authorized, authentic, atomic
CAC / PIV / self-signed / BYO — the human (or machine) who authorized the sealing, bound to the artifact
Each subsequent handler stacks their own identity attestation — the file carries its full handling history
Machine authority validated against the verifier's pinned trust anchor — baked into the binary, not fetched at runtime
Ceremony time is cross-checked against certificate validity windows — sealed-before-expiry is mathematically enforced
Files, documents, live sensor streams, software artifacts. Sealed with cryptographic ceremony at the moment of creation. Identity and authority attached.
Disk, optical, sneaker-net, LTE, satellite, TCP, USB. XCiL doesn't care what moves the bytes. Tamper-evidence is inside the artifact itself.
Streaming verifier validates each artifact before forwarding to downstream systems. Tampered bytes are rejected and logged. Verified bytes flow through.
Every stage runs offline. Every stage produces an audit record that stays with the artifact. Every stage can be deployed on a different machine, in a different environment, under a different security domain — and the integrity story still holds end-to-end.
Integrity, identity, chain of custody, authorization — all inside the file. Hand the artifact to anyone, anywhere, on any OS. With a single verifier binary in hand they can independently confirm every guarantee. No portal. No login. No API call. The artifact is the proof.
SCIFs. Submarines. Forward-deployed units. Tactical edge sensors. DDIL networks. Legal archives held for decades. Any environment where "reach the server" isn't an option. XCiL works because no step of sealing or verification ever touches a network.
A 2-page PDF, a million-frame sensor stream, a 100GB software build artifact, a radio burst, a body-cam recording. All sealed the same way. All verified the same way. Integrating a new data source is a matter of piping bytes to a producer CLI — no custom crypto per format.
Traditional chains of custody live in a spreadsheet, a ticket system, or a database. Any of those can be edited. XCiL's chain of custody is the cryptographic record inside the artifact. Edit it and you break the seal — which every future verifier will detect.
CAC and PIV smart cards bind human identity to the sealing ceremony — the same identity infrastructure DoD and commercial enterprises already use. No specialized tokens to issue. No hardware security module required. Works with the cards already in your operators' wallets.
The trust anchor lives inside the verifier binary — not in an external CA that might be gone in five years. A sealed artifact opened on a fresh install thirty years from now verifies exactly the same way it did at creation. Archives, legal records, evidence, mission data — all survive.
Bring us a file, a sensor feed, a build pipeline, or an archive requirement. We'll demonstrate end-to-end cryptographic integrity — sealed at your source, verified offline wherever it lands.