Developer

Encrypted Storage Plugin

(Android, iOS, Windows 8.1, and Windows 10) Provides an encrypted local storage mechanism to that allows a Hybrid SDK (Kapsel) application's private data to be stored on the user's device. The plugin adds an encrypted key/value pair storage option to Cordova, which uses the same API method signature as the browser’s local storage option and is nonblocking.

The plugin allows you to store data locally and securely on the device, so that you do not have to retrieve the data from the server every time the application is opened. The user can access and view the data on the device.

Secure storage is an API based on the w3 Web storage API, interface Storage (see The Storage interface at http://www.w3.org/TR/2013/PR-webstorage-20130409Information published on non-SAP site.

Encryption Algorithm

The EncryptedStorage plugin uses AES 128 in CBC mode. EncryptedStorage generates a random encryption key and stores it in the Logon plugin's datavault (or calls the error callback if the datavault is locked). As required by CBC, EncryptedStorage randomly and uniformly chooses an IV from among the possible IV values.

Encryption of Stored Objects

The EncryptedStorage plugin depends on the Logon plugin to automatically store the encryption keys in the datavault of the Login plugin. The EncryptedStorage plugin does not require a password when creating an encrypted storage object. If a password is provided, it will not be used.

When you change a passcode, the contents of the datavault are deencrypted and reencrypted, including the encryption keys.

Deleting of Encrypted Storage for Security Reasons

The EncryptedStorage plugin receives a notification from the Login plugin in the event that the Login plugin's datavault is deleted. This can occur when the user forgets their password while unlocking the application, violates a password policy set on the server, or explicitly deletes the registration. The EncryptedStorage plugin then generates an OnEncryptedStorageErased event which is a notification that the encrypted storage on the device (the database the application uses for secure storage of application data) has been cleared for security reasons.

Settings Exchange and EncryptedStorage

The SettingsExchange plugin uses the EncryptedStorage plugin to store the settings. Disabling the EncryptedStorage plugin will cause the settings exchange activity of the Settings plugin to stop working properly.