VaultEncryption Property
The whole-vault encryption mode.
Syntax
public int getVaultEncryption(); public void setVaultEncryption(int vaultEncryption);
Remarks
This property controls the whole-vault encryption mode used when creating new vaults, and reflects the whole-vault encryption mode of the currently-open vault. Valid values are:
| CBFSSTORAGE_EM_NONE | 0x0 | Don't use encryption. |
| CBFSSTORAGE_EM_DEFAULT | 0x1 | Use default encryption (CBFSSTORAGE_EM_XTS_AES256_PBKDF2_HMAC_SHA256). |
| CBFSSTORAGE_EM_XTS_AES256_PBKDF2_HMAC_SHA256 | 0x2 | Use AES256 encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash. |
| CBFSSTORAGE_EM_CUSTOM256_PBKDF2_HMAC_SHA256 | 0x3 | Use event-based custom 256-bit encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.
256-bit (32-byte) block size. |
| CBFSSTORAGE_EM_CUSTOM512_PBKDF2_HMAC_SHA256 | 0x4 | Use event-based custom 512-bit encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.
512-bit (64-byte) block size. |
| CBFSSTORAGE_EM_CUSTOM1024_PBKDF2_HMAC_SHA256 | 0x5 | Use event-based custom 1024-bit encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.
1024-bit (128-byte) block size. |
| CBFSSTORAGE_EM_CUSTOM256_CUSTOM_KEY_DERIVE | 0x23 | Use event-based custom 256-bit encryption with custom key derivation.
256-bit (32-byte) block size. |
| CBFSSTORAGE_EM_CUSTOM512_CUSTOM_KEY_DERIVE | 0x24 | Use event-based custom 512-bit encryption with custom key derivation.
512-bit (64-byte) block size. |
| CBFSSTORAGE_EM_CUSTOM1024_CUSTOM_KEY_DERIVE | 0x25 | Use event-based custom 1024-bit encryption with custom key derivation.
1024-bit (128-byte) block size. |
| CBFSSTORAGE_EM_CUSTOM256_DIRECT_KEY | 0x43 | Use event-based custom 256-bit encryption with no key derivation.
256-bit (32-byte) block size. Useful for cases where the password is an identifier for an external key and should not be used for key derivation. |
| CBFSSTORAGE_EM_CUSTOM512_DIRECT_KEY | 0x44 | Use event-based custom 512-bit encryption with no key derivation.
512-bit (64-byte) block size. Useful for cases where the password is an identifier for an external key and should not be used for key derivation. |
| CBFSSTORAGE_EM_CUSTOM1024_DIRECT_KEY | 0x45 | Use event-based custom 1024-bit encryption with no key derivation.
1024-bit (128-byte) block size. Useful for cases where the password is an identifier for an external key and should not be used for key derivation. |
| CBFSSTORAGE_EM_UNKNOWN | 0xFF | Unidentified or unknown encryption. |
Applications that use custom encryption must implement at least the DataDecrypt and DataEncrypt events; and certain custom encryption modes may also require that the HashCalculate or KeyDerive event be implemented as well. Please refer to the Encryption topic for more information.
To create a new vault with whole-vault encryption enabled, the VaultPassword property must be set as well.
When an existing vault is opened, the component updates VaultEncryption automatically based on the detected whole-vault encryption mode. If the vault is encrypted, the component will attempt to access it using the password specified by VaultPassword. If VaultPassword is incorrect, the attempt will fail and the vault will not be opened.
The VaultEncryption and VaultPassword properties cannot be used to change an open vault's whole-vault encryption mode or password; use the UpdateVaultEncryption method.
Please refer to the Encryption topic for more information.
Note: This property cannot be changed when Active is true, and cannot be changed within events.
Default Value
0