Getting Started with Kapsel – Part 5 — EncryptedStorage (SP09+)
The EncryptedStorage plugin provides an asynchronous API to store key value pairs securely. The API is based on the the web storage interface but is asynchronous in nature. The Logon plugin also provides get and set methods that can be used to store user names, password, keys and certificates while the Encrypted Storage plugin is better suited to storing application data.
For additional details see C:\SAP\MobileSDK3\KapselSDK\docs\api\sap.EncryptedStorage.html or Using the EncryptedStorage Plugin.
The following steps will demonstrate this plugin.
- Create the project and add the encryptedstorage plugin.
cordova create C:\Kapsel_Projects\StorageDemo com.mycompany.storage StorageDemo cd StorageDemo cordova platform add android cordova plugin add kapsel-plugin-encryptedstorage --searchpath %KAPSEL_HOME%/plugins cordova create ~/Documents/Kapsel_Projects/StorageDemo com.mycompany.storage StorageDemo cd ~/Documents/Kapsel_Projects/StorageDemo cordova platform add ios cordova plugin add kapsel-plugin-encryptedstorage --searchpath $KAPSEL_HOME/plugins
- Replace www\index.html with index.html or for an example that also demonstrates storing values in the Logon plugin’s data vault index2.html
- Notice that the API is asynchronous. This can make it a bit more challenging to work with. The article Asynchronous JS: Callbacks, Listeners, Control Flow Libs and Promises provides some suggestions on how to work with asynchronous methods.
- Prepare, build and deploy the app with the following command.
cordova run android or cordova run ios
- If the Logging plugin is added and the log level set to debug, the messages logged by the EncryptedStorage plugin can be viewed. The log tag it uses is SMP_ENCRYPTED_STORAGE.
- The data vault of the Logon plugin is required by the EncryptedStorage plugin. The Logon plugin can be initialized using the method sap.Logon.initPasscodeManager. This is to be used instead of sap.Logon.init if the application is not registering against an SAP Mobile Platform or Gateway server and Logon plugin’s data vault is required.
If the Logon plugin’s data vault is deleted, the EncyptedStorage plugin will also delete all storage as well. This can occur when the user clicks the Forgot Application Passcode button on the unlock screen of the Logon plugin, if the user enters too many incorrect passcodes or if the method sap.Logon.core.deleteRegistration is called.
- The following are some technical details of where the data is stored on Android.
Key value pairs are stored in a SQLLite Database.
The database is created using local storage which can only be accessed by the application that created it. The file is stored under /data/data/packageName and can be seen and accessed when using an emulator but not a device.
The values and the keys stored in this SQLLite database are encrypted. See EncryptedStorage Plugin for additional technical details on the encryption used to store the data.