Data Vault API References

The LiteDataVault class provides encrypted storage of occasionally used, small pieces of data. All exceptions thrown by LiteDataVault methods are of type LiteDataVaultException.

If you have installed the SybaseDataProvider.apk package, you can use the LiteDataVault class for on-device persistent storage of certificates, database encryption keys, passwords, and other sensitive items. Use this class to:

Create a vault
Set a vault's properties
Store objects in a vault
Retrieve objects from a vault
Change the password used to access a vault

The contents of the data vault are strongly encrypted using AES-256. The LiteDataVault class allows you to create a named vault, and specify a password and salt used to unlock it. The password can be of arbitrarily length and can include any characters. The password and salt together are used to generate the AES key. If the user enters the same password when unlocking, the contents are decrypted. If the user enters an incorrect password, exceptions will occur. If the user enters the incorrect password a configurable number of times, the vault is deleted and any data stored within it becomes unrecoverable. The vault can also re-lock itself after a configurable amount of time.

Typical usage of the LiteDataVault would be to implement an application login screen. Upon application start, the user is prompted for a password, which is then used to unlock the vault. If the unlock attempt is successful, the user is allowed into the rest of the application. User credentials needed for synchronization can also be extracted from the vault so the user us not repeatedly prompted to re-enter passwords.

The LiteDataVault is a wrapper class of the DataVault class that is used specifically for the ODP scenario.

Private Data Vault

In addition to this, there is a class PrivateDataVault that belongs to the com.sybase.persistence package. The advantages of using the private data vault are:

To securely store data that is specific to an application
You do not have to install the SybaseDataProvider.apk to use the private data vault.

The PrivateDataVault class comprises of methods that are identical to the methods defined in the LiteDataVault class.All exceptions thrown by PrivateDataVault methods are of type PrivateDataVaultException.

Creating a Vault
Creates an instance of a vault with a set of attributes.
Opening an Existing Vault
Returns the LiteDataVault singleton instance, tied to a particular vault. If the vault does not exist or has been deleted, this method throws an exception.
Locking a Vault
Lock a vault to avoid it from being used. If the vault is locked, this API will have no effect.
Deleting a Vault
Delete the storage for this instance from the persistent storage. Once a vault is deleted, all current instance references become invalid.
Unlocking a Vault
Unlock a vault for use by an application.
Setting a Binary Value
Store a value in the vault. To remove a value, provide 'null' as the second parameter.
Retrieving a Binary Value
Retrieve a value set from the vault.
Setting the Retry Limit Value for a Vault
Set the maximum number of consecutive failed attempts to unlock the vault.
Setting the Lock Timeout Value for a Vault
Set the time until which the vault remains in an unlocked state. Once this time is lapsed, the vault reverts to the locked state.

Parent topic: Developing Applications in the Android Development Environment