The DataVault class provides encrypted storage of occasionally used, small pieces of data. All exceptions thrown by DataVault methods are of type DataVaultException.
The contents of the data vault are strongly encrypted using AES-256. The DataVault class allows you create a named vault, and specify a password and salt used to unlock it. The password can be of arbitrarily length and can include any characters. The password and salt together are used to generate the AES key. If the user enters the same password when unlocking, the contents are decrypted. If the user enters an incorrect password, exceptions will occur. If the user enters the incorrect password a configurable number of times, the vault is deleted and any data stored within it becomes unrecoverable. The vault can also re-lock itself after a configurable amount of time.
Typical usage of the DataVault would be to implement an application login screen. Upon application start, the user is prompted for a password, which is then used to unlock the vault. If the unlock attempt is successful, the user is allowed into the rest of the application. User credentials needed for synchronization can also be extracted from the vault so the user is not repeatedly prompted to re-enter passwords.