
The SUPDataVault class provides encrypted storage of occasionally used, small pieces of data. All exceptions thrown by SUPDataVault methods are of type SUPDataVaultException.

By linking the libDatavault.a static library, you can use the SUPDataVault class for on-device persistent storage of certificates, database encryption keys, passwords, and other sensitive items. Use this class to:
  • Create a vault
  • Set a vault's properties
  • Store objects in a vault
  • Retrieve objects from a vault
  • Change the password used to access a vault
  • Control access for a vault that is shared by multiple iOS applications

The contents of the data vault are strongly encrypted using AES-128. The SUPDataVault class allows you create a named vault, and specify a password and salt used to unlock it. The password can be of arbitrary length and can include any characters. The password and salt together generate the AES key. If the user enters the same password when unlocking, the contents are decrypted. If the user enters an incorrect password, exceptions occur. If the user enters an incorrect password a configurable number of times, the vault is deleted and any data stored within it becomes unrecoverable. The vault can also relock itself after a configurable amount of time.

Typical usage of the SUPDataVault is to implement an application login screen. Upon application start, the user is prompted for a password, which unlocks the vault. If the unlock attempt is successful, the user is allowed into the rest of the application. User credentials for synchronization can also be extracted from the vault so the user need not reenter passwords.