Storing sensitive data in encrypted cache
What is Encrypted Cache?
Encrypted Cache is a mechanism for storing sensitive data on the client side. Encrypted Cache is implemented by using HTML5 web storage technology, which allows data to be saved locally and retrieved on subsequent application use or relaunch.
The Data is encrypted using a combination of a user-provided key and a server-retrieved randomly generated token, which makes it more secure Data is stored in key-value pairs. Encrypted Cache is like a security deposit box – it remains open until you close it, so it is important to remember to close the cache when finished working with it.
Encrypted Cache is similar to technologies such as:
- Local web or DOM storage
- Indexed database API
- Cordova API: Storage API or File API
The table on the next slide shows how some features provided by Encrypted Cache compare with other technologies.
(1): These features are further described in the module JSONStore – Common JSONStore usage. (2): Reliable Storage means that your data is not deleted unless the application is removed from the device or one of the methods that removes data is called. (3): Dev. Only means that it is designed only for development. There are no security features and a ~5 MB storage space limit.
Supported browsers and devices
Encrypted cache is implemented by using HTML5 web storage technology. Mobile devices HTML5 web storage support chart:
For more information, see http://caniuse.com
Creating and opening encrypted cache
To create or open previously created encrypted cache, use the following API:
WL.EncryptedCache.open(credentials, createIfNone, onComplete, onError);
credentials– string value that represents user-provided password
createIfNone– Boolean value that specifies whether new encrypted cache is created if none is found
onComplete– a callback function to be invoked when cache opening/creating is complete
onError- a callback function to be invoked when cache is not successfully opened/created
Note: The application must be able to connect to the MobileFirst Server to create a new encrypted cache.
A callback function can receive one of the following statuses:
WL.EncryptedCache.OK– Encrypted cache was successfully opened or created
WL.EncryptedCache.ERROR_CREDENTIALS_MISMATCH– an attempt was made to open existing encrypted cache by using wrong credentials
WL.EncryptedCache.ERROR_SECURE_RANDOM_GENERATOR_UNAVAILABLE– unable to generate random token due to MobileFirst Server unavailability
WL.EncryptedCache.ERROR_NO_EOC– could not open encrypted cache because it was not previously created
WL.EncryptedCache.ERROR_LOCAL_STORAGE_NOT_SUPPORTED– device does not support HTML5 local storage
WL.EncryptedCache.ERROR_KEY_CREATION_IN_PROGRESS– an open() or changeCredentials() request is already running
Reading, Writing and Removing data using Encrypted Cache
When the encrypted cache is open, operations such as reading, writing and removing data can be performed.
To store data in encrypted cache, use the following API:
WL.EncryptedCache.write(key, value, onSuccess, onFailure);
To read data from the encrypted cache, use the following API:
WL.EncryptedCache.read(key, onSuccess, onFailure);
To remove data from the encrypted cache, use the following API:
WL.EncryptedCache.remove(key, onSuccess, onFailure);
Closing and destroying Encrypted CacheTo avoid possible undesired access to Encrypted Cache, close it. After an encrypted cache is closed, access to its data is not possible without the encryption key that was used to create it. To close the encrypted cache, use the following API:
Changing the encryption key
While Encrypted Cache is in the open state, it is possible to change the encryption key. To do so, use the following API:
WL.EncryptedCache.changeCredentials(credentials, onComplete, onError)
credentials– new user password to be used
onComplete– a callback function to be invoked when complete
onError– a callback function to be invoked in case of an error
Callback - receives a status object with the same structure as WL.EncryptedCache.open()
Click to download the Studio projet.