Cryptographic Warrant Canary

Integrity and independence declaration of the ITYLOS infrastructure.

STATUS: VALID Last update: March 28, 2026 | Recommended expiration: April 27, 2026
Signature generated offline via PGP key stored on a secure hardware device.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ITYLOS WARRANT CANARY - --------------------- Date: 2026-03-28 Signature: Itylos CANARY (Automated via USB Protocol) Key Fingerprint: B0F9E2E0014FFCF931A792B10500711F096D70E8 STATEMENT: 1. We have NOT received any National Security Letter. 2. We have NOT been served with any secret court order. 3. We have NOT placed any backdoors in our hardware or software. 4. We have NOT received any gag order. If this file is not updated within 30 days, please assume the service is compromised or seized. Previous Block Hash (SHA-256): 560308e2947794778a71656ba3fc19bb256ef3d92d70b1d9f95142725d476c39 -----BEGIN PGP SIGNATURE----- iQJiBAEBCABMFiEEsPni4AFP/Pkxp5KxBQBxHwltcOgFAmnHOZAbFIAAAAAABAAO bWFudTIsMi41KzEuMTEsMiwxEhxjYW5hcnlAaXR5bG9zLmNvbQAKCRAFAHEfCW1w 6CzeEACr/HsCy4ZAab7btVlWu2cASm4ZwlSdSuD2pj2vQy5/+o8LdE0lP67iThoz BBdiI2/kiXIm+702zejtnvkKRRIoMnV20yq3XQz0UPCA3zG/rH46JyLituAAx/VE 35jb2ZamaBVMq5G8qomqyDSvGv7k0RT+Tus88TAEezkq+iQBbl8vlgG+ne5uAV5L oNEt/bZDJzKVpo4/z31EMdt3/hcGSORw90O9I8nU/9xOLhT64ZsY0wAm/loBN/LK qxYLWu11fP1HTNZICo2qBym0qUaa+JB75GJFi2iqNyXGuQIopWHWqFyMZtQr7L+2 Uk7oxpfBa0RwmhYt48mbW27xOzuVWO4Em3rcX81OO+GsHJE7IpM8+YXpD0XmwiF6 XN9dRbVx7dZdQDB6ieClXGhFR58eocq/R82Tzq0V7g5evvt7SQJZjWLmM+Cuftop AIs8T2bX9R3rzhUgxswJl40z+jEBuv2BQcyR18EXk640cm3pDn0lEUUln2C8okjf lCP/ElayCFoPiRnYcABvGcTJIvP8nK57OLc+FIOX5fjknHZh+SeiiwT55xHfGN24 ZgQ/3hykEQDGxeceJQ5T5+fnixNvAfmNZ1euddxAgDECfDyf33pysNYOMMCZQr/A 8GnlIx0Lw/mH7PHGZzWRYcvKJQK8c4NwbIKzaBxFMLQqEj9/3A== =3KZT -----END PGP SIGNATURE-----
Download Canary (.txt) Download PGP Key
SHA-256 document fingerprint
0123f706b390ec3b0a0532be100e4217c3c70d55bcc69a3c0f18607e0897969b
PGP key fingerprint
B0F9 E2E0 014F FC93 17A9 2B10 5007 11F0 96D7 0E08

Monitored threats

The Canary publicly signals the absence of:

  • Secret injunction (Gag order)
  • De National Security Letter
  • Confidential court order
  • Known compromise of hardware or software infrastructure

Verification with GPG (CLI)

To verify the cryptographic signature of the document from your terminal:

# 1. Import the ITYLOS public key gpg --import itylos-pubkey.asc # 2. Verify the document gpg --verify warrant_canary.txt

Canary Limitations

A Warrant Canary is a powerful transparency mechanism.

It does not guarantee the absolute absence of surveillance, but allows publicly signaling the integrity of the service at a given point in time. True security relies on our client-side encryption model.

Public Archival & History

Previous versions of the Warrant Canary can be publicly archived to allow historical verification of service integrity.

  • 1er 2026 (Current)
  • 1er 2026
  • 1er 2026

Independence and sovereignty

ITYLOS adopts a strict approach to cryptographic sovereignty.

Data is encrypted locally and decryption keys never pass through our servers. The Canary complements this model by providing a continuous integrity declaration.

Cryptographic transparency

ITYLOS publishes a set of transparency mechanisms for independent audit:

  • Public cryptographic registry (Append-only)
  • Verifiable destruction proofs (Ed25519)
  • This signed Warrant Canary

Frequently Asked Questions

Understanding the security monitoring mechanism

What is a Warrant Canary?
A Warrant Canary is a public declaration confirming that no secret request for access to data or infrastructure has been received by our technical team.
How to verify this Canary?
The embedded PGP signature allows mathematically verifying that the document originates from the ITYLOS infrastructure and has not been altered in any way.
What happens if the Canary disappears?
The absence, removal, or failure to renew the Canary beyond the recommended expiration date may indicate that an external legal constraint (gag order) is preventing our team from publishing it. You should then consider the infrastructure as potentially compromised.
Why use PGP?
PGP (Pretty Good Privacy) is a robust cryptographic standard that allows publicly signing a document and verifying its authenticity offline, without ever relying on a third-party server or centralized certificate authority.