Wednesday, 1 April, 2026
Securing the Software
IsoFind is designed for contexts where data has strategic, forensic or legal value. This page details all security measures implemented in the software, as well as options configurable by the user according to their level of requirement.
Measures are distinguished by nature: Dev indicates a measure implemented at code level and active by default, User indicates a measure configured by the user, and Both indicates a measure where part is structural and part is configurable.
Offline Licence System
Dev IsoFind's licence system is entirely offline. No connection to a validation server is made either at startup or during use. Verification is cryptographic and local.
Each .license file is a JSON signed with an ECDSA P-256 private key held exclusively on IsoFind SAS infrastructure. It contains a timestamped payload with the licence type, authorised features, expiration date and the hardware fingerprint of the target machine. The verification public key is compiled directly into the IsoFind binary.
Machine fingerprint
The licence is bound to a specific machine via a hardware fingerprint combining several hardware identifiers. This combination is deliberately tolerant of partial component replacements: replacing a single component does not invalidate the licence. The fingerprint is generated by IsoFind at licence request time and transmitted to IsoFind SAS, which signs the licence for that specific machine.
Licence file format
| Field | Content |
|---|---|
| v | Format version (currently 2). |
| payload | Base64url-encoded JSON containing: issuer, machine fingerprint, issuance and expiration timestamps, licence type, features, serial number. |
| sig | ECDSA P-256 signature in base64url of the payload. Any modification to the payload invalidates the signature. |
Database Protection
Both IsoFind offers three levels of analytical database protection, activatable from the Protection menu.
Protection menu
→
Database protection
→
Enable protection
Basic
Master password protection. Starting an IsoFind session requires entering the password before accessing the data. Without the password, the database is inaccessible through the interface.
Standard
AES-256-GCM encryption of backups and exports, plus master password protection. The encryption key is derived from the master password via PBKDF2-HMAC-SHA256 (600,000 iterations, 32-byte random salt). Each export or backup produces an encrypted file that can only be decrypted with the master password.
Advanced
Full encryption, master password protection, and automatic generation of encrypted backups on every significant modification. This level also activates complete logging in the audit trail (see next section).
The master password cannot be recovered by IsoFind SAS. If lost, encrypted data is permanently inaccessible. Keep the password in a secure password manager separate from the IsoFind workstation.
Changing the password
Changing the master password requires entering the current password. It triggers key re-derivation and re-encryption of all existing backups. The operation is recorded in the audit trail with a timestamp.
Audit Trail and Modification Logging
Both IsoFind maintains a persistent audit log of all critical actions. This log is stored in a dedicated SQLite table, separate from analytical data, and protected by an HMAC-SHA256 hash chain.
Hash chain principle
Each log entry includes an HMAC-SHA256 hash calculated on the entry's fields and on the previous entry's hash. This chaining guarantees that any modification, deletion or insertion in the log is detected at the exact entry concerned, with its timestamp. The HMAC key is generated at installation and stored in an .audit_key file with restricted access permissions. Without this key, recalculating valid hashes is impossible.
Logged events
| Category | Logged events |
|---|---|
| System | Software startup, shutdown. |
| Authentication | Successful login, failed login, session expiry. |
| Analytical data | Sample creation, modification, deletion; isotopic data update. |
| Imports and exports | CSV import completed, export created. |
| Analyses | Analysis execution, correspondence search. |
| ISOF format | ISOF file signing, verification, export, import. |
| Protection | Protection activation/deactivation, password change, database lock/unlock, backup created, backup restored. |
| Licence | Licence activation, deactivation. |
| Integrity | Log chain verification, log clearing (administrator-only action). |
| API errors | Critical FastAPI backend errors. |
Log integrity verification
Protection menu
→
Audit and Logs
→
Verify integrity
Verification recalculates the entire chain and flags any break with the exact entry concerned. The verification result is itself recorded in the log (critical severity in case of a broken chain).
Log export
The log can be exported as CSV from the Protection menu. The exported file includes the entry_hash and prev_hash fields to allow independent external verification outside of IsoFind.
The HMAC key can optionally be provided via the environment variable ISOFIND_AUDIT_KEY (hexadecimal, minimum 64 characters), enabling centralised verification in multi-workstation deployments.
Secure Memory Zeroing
Dev IsoFind's Rust component (Tauri layer) uses the zeroize crate to erase cryptographic secrets from RAM as soon as they are no longer needed. This measure applies to the session security token and its temporary copies.
Secure zeroing uses memory barriers that prevent the compiler from optimising writes considered "useless". Without this precaution, an optimising compiler may suppress erasures if the variable is not reused, leaving secrets readable in the process's memory pages.
Backend Binary Integrity
Dev At startup, IsoFind's Rust component verifies the integrity of the Python backend binary (isofind_backend.exe) before launching it. This verification is performed by SHA-256 hash compared against a signed reference hash compiled into the main binary.
If the backend file hash does not match the reference hash, the backend is not started and the user is informed of an integrity anomaly. This mechanism protects against the injection of malicious code into the backend component, which is separate from the main Tauri binary.
Interface and Content Protection
Dev IsoFind blocks several vectors for extracting interface content:
Right-click is disabled across all software pages. Page save options (Ctrl+S, WebView context menu) are blocked. Opening developer tools (F12, Ctrl+Shift+I) is disabled outside of developer mode. Standard keyboard shortcuts for content extraction are neutralised.
These measures prevent direct extraction of the interface source code from a deployed installation, complementing the Nuitka compilation which obfuscates the Python backend.
Offline Mode (Air-Gap)
User IsoFind can be configured in full offline mode, suited to deployments in isolated environments (air-gap, classified networks, laboratories without internet connectivity). This mode is determined at software installation and can only be changed by a full reinstallation.
In air-gap mode, the following network vectors are blocked:
| Feature | Behaviour in air-gap mode |
|---|---|
| Plugin download from URL | Blocked. Only installation from local file (.isplugin or .isoplugins) is permitted. |
| Plugin update checks | Blocked with notification. |
| Online plugin library | Hidden. The "From URL" tab in the installer disappears. |
| Pyodide loading from CDN | Blocked. A configurable local path allows loading Pyodide from a local copy. |
| Community database | Inaccessible (network connection disabled). |
| GeoRem and online reference data | Inaccessible. |
| Map tiles | Online map tiles are replaced by offline tiles if local packs are installed. |
Plugin export and import in air-gap mode
To transfer plugins to an air-gap machine, IsoFind provides a bundle export/import system. The export serialises all installed plugins into an isofind-plugins-YYYY-MM-DD.isoplugins file. This file can be physically transferred (USB drive, isolated network) and imported on the target machine. Import adds missing plugins without overwriting existing versions.
Offline map tiles
IsoFind's mapping module uses a local FastAPI proxy to serve tiles. In air-gap mode with locally installed tile packs (MBTiles format), the proxy automatically switches to the local source. Regional packs are available to avoid having to embed worldwide tiles, which represent a significant volume.
Licence System: Operator Workflow
Both The licence activation workflow is designed to operate without network connectivity.
| Step | Action | Tool |
|---|---|---|
| 1 | Generate the machine fingerprint on the target workstation | IsoFind, Licence menu, Get my fingerprint |
| 2 | Transmit the fingerprint to IsoFind SAS | Email to colin.ferrari@isofind.tech |
| 3 | IsoFind SAS generates and signs the .license file with the private key | Keygen tool (outside the distributed binary) |
| 4 | Import the .license file on the target workstation | IsoFind, Licence menu, Activate a licence |
| 5 | Local verification by the binary (embedded public key) | Automatic at startup |
The signing private key is never included in the binary distributed to users. The binary contains only the verification public key. Even with full access to a decompiled IsoFind binary, it is impossible to generate a valid licence without the private key.
Physical Security Keys (YubiKey / FIDO2)
User IsoFind supports authentication by physical security key compliant with the FIDO2/WebAuthn protocol as an alternative or complement to the password for session and ISOF keyring unlocking.
This option is available for users with a compatible hardware key (YubiKey 5 series, generic FIDO2 keys). Key registration is performed in account settings. Multiple keys can be registered on the same account to allow for a backup key. In the event of all registered keys being lost, master password unlocking remains available as a fallback.
Data Digital Signatures: ISOF Format
Both The ISOF exchange format integrates an ECDSA P-256 digital signature system allowing the authenticity and integrity of exported data to be certified. A signed ISOF file cryptographically binds the analytical data to the identity of the signing laboratory.
This system rests on a two-level public key infrastructure (PKI): an IsoFind root certificate authority, an issuing certificate authority that signs laboratory certificates, and the individual certificate of each laboratory. A signed ISOF file contains the SHA-256 hash of the data, the ECDSA signature, the signer's certificate and the certificate chain up to the root CA.
Verification of a signed ISOF file is possible offline, via IsoFind or via the open-source isof module available on PyPI, and via the online verifier at isofind.tech. The page dedicated to this topic is accessible here: Digital Signatures.
Summary of Measures by Level
| Measure | Active by default | Configurable | Plan required |
|---|---|---|---|
| Offline ECDSA P-256 licence | Yes | No | All |
| Secure memory zeroing (zeroize) | Yes | No | All |
| Backend binary integrity (SHA-256) | Yes | No | All |
| Right-click and dev tools blocking | Yes | No | All |
| Password-based database protection | No | Yes | Research |
| AES-256-GCM export/backup encryption | No | Yes (Standard/Advanced level) | Research |
| HMAC-SHA256 chained audit trail | No (Advanced) | Yes | Research |
| Air-gap offline mode | No | Yes | All |
| Offline map tiles | No | Yes (packs to install) | All |
| FIDO2/WebAuthn physical security key | No | Yes | Research |
| ISOF digital signatures (lab PKI) | No | Yes (certificate required) | Pro |
| Full legal traceability | No | Yes | Pro |
For deployments in sensitive environments (defence, judicial forensics, classified research), the recommended combination is: air-gap mode enabled, advanced protection with audit trail, physical security key registered, and local map tiles installed. These four measures combined produce software that is fully functional on an isolated network, with no outgoing network calls, and tamper-proof logging of all operations.