vault_encryption Property
The whole-vault encryption mode.
Syntax
def get_vault_encryption() -> int: ... def set_vault_encryption(value: int) -> None: ...
vault_encryption = property(get_vault_encryption, set_vault_encryption)
Default Value
0
Remarks
This property controls the whole-vault encryption mode used when creating new vaults, and reflects the whole-vault encryption mode of the currently-open vault. Valid values are:
| CBFSSTORAGE_EM_NONE | 0x0 | Don't use encryption. |
| CBFSSTORAGE_EM_DEFAULT | 0x1 | Use default encryption (CBFSSTORAGE_EM_XTS_AES256_PBKDF2_HMAC_SHA256). |
| CBFSSTORAGE_EM_XTS_AES256_PBKDF2_HMAC_SHA256 | 0x2 | Use AES256 encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash. |
| CBFSSTORAGE_EM_CUSTOM256_PBKDF2_HMAC_SHA256 | 0x3 | Use event-based custom 256-bit encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.
256-bit (32-byte) block size. |
| CBFSSTORAGE_EM_CUSTOM512_PBKDF2_HMAC_SHA256 | 0x4 | Use event-based custom 512-bit encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.
512-bit (64-byte) block size. |
| CBFSSTORAGE_EM_CUSTOM1024_PBKDF2_HMAC_SHA256 | 0x5 | Use event-based custom 1024-bit encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.
1024-bit (128-byte) block size. |
| CBFSSTORAGE_EM_CUSTOM256_CUSTOM_KEY_DERIVE | 0x23 | Use event-based custom 256-bit encryption with custom key derivation.
256-bit (32-byte) block size. |
| CBFSSTORAGE_EM_CUSTOM512_CUSTOM_KEY_DERIVE | 0x24 | Use event-based custom 512-bit encryption with custom key derivation.
512-bit (64-byte) block size. |
| CBFSSTORAGE_EM_CUSTOM1024_CUSTOM_KEY_DERIVE | 0x25 | Use event-based custom 1024-bit encryption with custom key derivation.
1024-bit (128-byte) block size. |
| CBFSSTORAGE_EM_CUSTOM256_DIRECT_KEY | 0x43 | Use event-based custom 256-bit encryption with no key derivation.
256-bit (32-byte) block size. Useful for cases where the password is an identifier for an external key and should not be used for key derivation. |
| CBFSSTORAGE_EM_CUSTOM512_DIRECT_KEY | 0x44 | Use event-based custom 512-bit encryption with no key derivation.
512-bit (64-byte) block size. Useful for cases where the password is an identifier for an external key and should not be used for key derivation. |
| CBFSSTORAGE_EM_CUSTOM1024_DIRECT_KEY | 0x45 | Use event-based custom 1024-bit encryption with no key derivation.
1024-bit (128-byte) block size. Useful for cases where the password is an identifier for an external key and should not be used for key derivation. |
| CBFSSTORAGE_EM_UNKNOWN | 0xFF | Unidentified or unknown encryption. |
Applications that use custom encryption must implement at least the on_data_decrypt and on_data_encrypt events; and certain custom encryption modes may also require that the on_hash_calculate or on_key_derive event be implemented as well. Please refer to the Encryption topic for more information.
To create a new vault with whole-vault encryption enabled, the vault_password property must be set as well.
When an existing vault is opened, the class updates vault_encryption automatically based on the detected whole-vault encryption mode. If the vault is encrypted, the class will attempt to access it using the password specified by vault_password. If vault_password is incorrect, the attempt will fail and the vault will not be opened.
The vault_encryption and vault_password properties cannot be used to change an open vault's whole-vault encryption mode or password; use the update_vault_encryption method.
Please refer to the Encryption topic for more information.
Note: This property cannot be changed when active is True, and cannot be changed within events.