Programmer's Guide
Keystore
The Keystore
package provides operations to store information in secure wallets and
protect the stored information by encrypting the content. It is necessary to know one
of the wallet password to access its content. Wallets are protected by a master key
using AES-256 and the wallet master key is protected by a user password. The wallet
defines up to 7 slots that identify a password key that is able to unlock the master key.
To open a wallet, it is necessary to unlock one of the 7 slots by providing the correct
password. Wallet key slots are protected by the user's password and the PBKDF2-HMAC-256
algorithm, a random salt, a random counter and they are encrypted using AES-256.
Creation
To create a keystore you will first declare a Wallet_File
instance. You will also need
a password that will be used to protect the wallet master key.
with Keystore.Files;
...
WS : Keystore.Files.Wallet_File;
Pass : Keystore.Secret_Key := Keystore.Create ("There was no choice but to be pioneers");
You can then create the keystore file by using the Create
operation:
WS.Create ("secure.akt", Pass);
Storing
Values stored in the wallet are protected by their own encryption keys using AES-256.
The encryption key is generated when the value is added to the wallet by using the Add
operation.
WS.Add ("Grace Hopper", "If it's a good idea, go ahead and do it.");
The Get
function allows to retrieve the value. The value is decrypted only when the Get
operation is called.
Citation : constant String := WS.Get ("Grace Hopper");
The Delete
procedure can be used to remove the value. When the value is removed,
the encryption key and the data are erased.
WS.Delete ("Grace Hopper");