Encrypted Storage Plugin
(Android, iOS, Windows 10) Provides an encrypted local storage mechanism to that allows a Hybrid SDK (Kapsel) application's private data to be stored on the user's device. The plugin adds an encrypted key/value pair storage option to Cordova, which uses the same API method signature as the browser’s local storage option and is nonblocking.
Secure storage is an API based on the w3 Web storage API, interface Storage (see The Storage interface at http://www.w3.org/TR/2013/PR-webstorage-20130409.
The EncryptedStorage plugin uses AES 128 in CBC mode. EncryptedStorage generates a random encryption key and stores it in the Logon plugin's datavault (or calls the error callback if the datavault is locked). As required by CBC, EncryptedStorage randomly and uniformly chooses an IV from among the possible IV values.
Encryption of Stored Objects
The EncryptedStorage plugin depends on the Logon plugin to automatically store the encryption keys in the datavault of the Login plugin. The EncryptedStorage plugin does not require a password when creating an encrypted storage object. If a password is provided, it will not be used.
When you change a passcode, the contents of the datavault are deencrypted and reencrypted, including the encryption keys.
Deleting of Encrypted Storage for Security Reasons
The EncryptedStorage plugin receives a notification from the Login plugin in the event that the Login plugin's datavault is deleted. This can occur when the user forgets their password while unlocking the application, violates a password policy set on the server, or explicitly deletes the registration. The EncryptedStorage plugin then generates an OnEncryptedStorageErased event which is a notification that the encrypted storage on the device (the database the application uses for secure storage of application data) has been cleared for security reasons.
Settings Exchange and EncryptedStorage
The SettingsExchange plugin uses the EncryptedStorage plugin to store the settings. Disabling the EncryptedStorage plugin will cause the settings exchange activity of the Settings plugin to stop working properly.