DataVault

The DataVault class provides encrypted storage of occasionally used, small pieces of data. All exceptions thrown by DataVault methods are of type DataVaultException.

By linking the DataVaultLib.jar, you can use the DataVault class for on-device persistent storage of certificates, database encryption keys, passwords, and other sensitive items. Use this class to

Create a vault
Set a vault's properties
Store objects in a vault
Retrieve objects from a vault
Change the password used to access a vault

The DataVaultLib.jar is a standalone library using which you can consume the data vault APIs directly. To consume the data vault APIs via the SAP Mobile Platform Messaging Channel, you need to link the ClientLib.jar to your project.

The contents of the data vault are strongly encrypted using AES-256. The DataVault class allows you create a named vault, and specify a password and salt used to unlock it. The password can be of arbitrary length and can include any characters. The password and salt together generate the AES key. If the user enters the same password when unlocking, the contents are decrypted. If the user enters an incorrect password, exceptions occur. If the user enters an incorrect password a configurable number of times, the vault is deleted and any data stored within it becomes unrecoverable. The vault can also relock itself after a configurable amount of time.

Typical usage of the DataVault is to implement an application login screen. Upon application start, the user is prompted for a password, which unlocks the vault. If the unlock attempt is successful, the user is allowed into the rest of the application. User credentials for synchronization can also be extracted from the vault so the user need not reenter passwords.

Private Data Vault

In addition to the DataVault class, there is a PrivateDataVault class that has the features described below:

Used to securely store data that is specific to an application.
You do not have to install the SybaseDataProvider.apk to use the private data vault.

init
Initialization function that you must call with the application's context before you call any of the other vault methods. In addition to saving the context for later use, this method also initializes static member variables (such as encryption objects).
createVault
Creates a new secure store (a vault)
vaultExists
Tests whether the specified vault exists.
getVault
Retrieves a vault.
deleteVault
Deletes the specified vault from on-device storage.
getDataNames
Retrieves information about the data names stored in the vault.
setPasswordPolicy
Stores the password policy and applies it when changePassword is called, or when validating the password in the unlock method.
getPasswordPolicy android blackberry
Retrieves the password policy set by setPasswordPolicy.
isDefaultPasswordUsed
Checks whether the default password is used by the vault.
lock
Locks the vault.
isLocked
Checks whether the vault is locked.
unlock
Unlocks the vault.
setString
Stores a string object in the vault.
getString
Retrieves a string value from the vault.
setValue
Stores a binary object in the vault.
getValue
Retrieves a binary object from the vault.
deleteValue
Deletes the specified value.
changePassword (two parameters)
Changes the password for the vault. Use this method when the vault is unlocked.
changePassword (four parameters)
Changes the password for the vault. Use this method when the vault is locked

Parent topic: Security APIs