Hierophant is designed to operate with full efficacy in air-gapped environments, providing a secure method for data exchange where systems are physically isolated from any external or untrusted networks. This capability is essential for protecting the most sensitive information and critical systems in government, defense, intelligence, and industrial control sectors, where even the theoretical risk of network-based compromise is unacceptable. Air-gap transfer ensures that data can be moved securely between isolated systems without sacrificing Hierophant's core security principles.
Hierophant facilitates air-gap data transfer by treating its encrypted messages as self-contained, secure objects. A user on an isolated system can generate a Hierophant message, which is fully end-to-end encrypted. This encrypted message object can then be exported to a physical storage medium, such as a USB drive or secure memory card, for manual transport to another air-gapped system.
On the receiving system, the Hierophant application imports the encrypted message object, with all cryptographic operations performed exclusively on the recipient's isolated device.
Furthermore, Hierophant's design accommodates scenarios where even physical media transfer is not ideal or possible for bridging air gaps. Radio communication (including technologies like LoRa, VHF/UHF) can serve as a wireless bridge. By connecting a suitable radio transceiver to an air-gapped device running Hierophant, or native Hierophant hardware from GetTrusted, encrypted messages can be transmitted "over the air" to another similarly equipped device. This receiving device can be on a different isolated network, in another room, building, or even kilometers away, maintaining its air-gapped integrity except for this controlled radio communication channel.
Throughout any air-gap transfer process, whether via physical media or radio, all of Hierophant's fundamental security features remain intact. The message content is end-to-end encrypted on the originating device and decrypted only on the destination device.
The transferred message object contains no metadata about the sender, recipient, or communication context, as well as no metadata being observable during transmission.
All cryptographic functions are performed locally on the respective air-gapped devices, and keys remain secured within the TEE of each device. The message itself is the secure container, ensuring that the data remains protected during transit and that no sensitive information is exposed.