← TrustAI

For your firmInformation, not adviceNo-custody by designRuns in your browser

The double-sided black box that holds your data.

The usual way to secure sensitive data is to build a harder vault around a shared collection bin — the vendor data-lake every breach headline is about. The TrustAI Locker refuses the bin. Data is sealed so whoever carries it holds ciphertext they cannot read; the cover lifts only with your key; and a content-free ledger proves who lifted the cover, when — never what was inside. The most secure container is no container.

Try it — and watch where your data goes. The reveal below runs entirely in your browser using the Web Crypto API (AES-256-GCM). Nothing you type is sent anywhere; there is no server in this demo. That is not an implementation detail — it is the thesis: your data never moves into a bin someone else holds.

Open the box

Seal a note · then reveal it with the code

Demo — runs in your browser

Step 1: write a note and a passcode, then Seal. You’ll see the opaque box — that is all a custodian or any hop ever sees. Step 2: type the passcode and Reveal. A wrong code is refused, never approximated.

This is a demonstration. Use throwaway text — though nothing here leaves your browser anyway.

What crosses — and what stays

Crosses / is held (opaque)

  • The sealed box — ciphertext only
  • A tiny proof of identity (a hash), small enough for a satellite or QR link
  • A content-free ledger entry per cover-lift
  • A custody trail — provable, hashed, never named

Never moves / never exposed

  • The plaintext — it only exists once the cover is lifted
  • Your key — it never travels with the box
  • Any contents on the ledger — only hashes are recorded
  • A breachable middle — there is no collection bin

A holder can carry the box, prove they had it, and still be unable to open it. No-custody is preserved even when the data is handed off — the cover lifts only at the destination, only with the key.

Post-quantum posture — stated honestly

On June 22, 2026 the White House signed executive orders accelerating the federal post-quantum-cryptography migration — high-value assets are to transition by 2030–2031, framed around “harvest now, decrypt later.” Here is exactly where the Locker stands, layer by layer — the gap is shown plainly rather than buried under a blanket “post-quantum” claim.

LayerAlgorithmQuantum status
Data at rest (the box)AES-256-GCMQuantum-resistant — Grover only halves the strength (~128-bit)
Tamper-evident ledger (Knox)SHA-256 hash-chain today; ML-DSA-87 (FIPS 204) on the production Knox railHash-chain is quantum-resistant; ML-DSA-87 is a NIST post-quantum signature standard
The key-grant (handoff)X25519 (classical)Not yet post-quantum — hybrid ML-KEM-768 / X25519 upgrade is in progress

Honest scope: this is designed so that the Locker cannot decrypt your data — Bonis Systems never holds the key — pending independent audit. Ciphertext size and event timing remain observable metadata. Bonis Systems will not describe the key-grant as post-quantum until the hybrid wrap ships.

How it is built

What the Locker relies onStandard
Sealing data at rest (confidentiality + integrity)AES-256-GCM — NIST SP 800-38D authenticated encryption
Wrapping a key to a recipient (the grant)An HPKE-equivalent construction: DHKEM(X25519, HKDF-SHA256) + AES-256-GCM AEAD (RFC 9180)
Tamper-evident custody & cover-lift ledgerKnox chain — SHA-256 hash-linked today; ML-DSA-87 signing (FIPS 204) and periodic Bitcoin/OpenTimestamps anchoring on the production Knox rail (integration in progress)
The named post-quantum upgradeML-KEM-768 (FIPS 203) in a hybrid with X25519

Put your firm’s data in a box only you can open

The Locker is designed to be the substrate beneath TrustAI’s evidence work: case files can be sealed so they live in a box, not a bin — carried, handed off, and proven, without a readable copy sitting in a middle anyone can subpoena or breach. Available to firms as a design-partner pilot.

Request a pilot →

TrustAI is not a law firm and does not provide legal advice. The Locker is a data-security tool — it seals, hands off, and proves custody of files for your review and your counsel’s. It does not tell you whether a document is correct, what it means, or what to do next. Those judgments belong to a licensed attorney. What TrustAI does, and never does →