EncryptedStorage Plugin Overview
The EncryptedStorage plugin adds an encrypted key/value pair storage option to Cordova, which uses the same API method signature as the browser’s local storage option and is non-blocking. The plugin is supported for use with applications on the Android, iOS, and Windows 8.1 platforms.
The plugin allows you to store data locally and securely on the device, so that you do not have to retrieve the data from the server every time the application is opened. The user can access and view the data on the device.
Secure storage is
an
API based on the w3 Web storage API, interface Storage (http://www.w3.org/TR/2013/PR-webstorage-20130409/#the-storage-interface
.
The EncryptedStorage plugin uses AES 128 in CBC mode. EncryptedStorage generates a random encryption key and stores it in the Logon plugin's data vault (or calls the error callback if the datavault is locked). As required by CBC, EncryptedStorage randomly and uniformly chooses an IV from among the possible IV values.
The EncryptedStorage plugin depends on the Logon plugin to automatically store the encryption keys in the data vault of the Login plugin. The EncryptedStorage plugin does not require a password when creating an encrypted storage object. If a password is provided, it will not be used.
When you change a passcode, the contents of the datvault are deencrypted and reencrypted, including the encryption keys.
The EncryptedStorage plugin receives a notification from the Login plugin in the event that the Login plugin's data vault is deleted. This can occur when the user forgets their password while unlocking the application, violates a password policy set on the server, or explictly deletes the registration. The EncryptedStorage plugin then generates an OnEncryptedStorageErased event which is a notification that the encrypted storage on the device (the database the application uses for secure storage of application data) has been cleared for security reasons.