Secure storage preferences page

The Secure Storage functionality is designed to be transparent to the users. The Secure Storage preferences page is mostly intended for troubleshooting and, to a lesser degree, for system administrators and power users.

The "Password" tab

The "Password" tab of the preferences page combines functionality related to the master password lifecycle and password providers.

The "Clear Passwords" button clears cached master passwords from memory. This is analogous to "logging out" of the secure storage. Note that some password providers obtain credentials from the operating system automatically. To prevent them from doing so, you'll need to log out from the operating system account.

The "Master password providers" section contains a list of currently available password providers. By default, the enabled provider with the highest priority is used to encrypt data added to secure storage. The priority range is from 0 to 10, with 10 being the highest. A password provider can be disabled it if malfunctions, or if a lower priority password provider is preferred by the user.

Note that if data was encrypted with the provider "ABC", only the provider "ABC" can be used to decrypt the data. This means that changes on the list of the password providers affect only new entries. To change password provider used for existing entry, it has to be overwritten by the application.

By default all password providers are enabled.

Each password provider (that was used at least once) will have a master password associated with it. The "Change Password..." button can be used to change the master password of the selected password provider.

In case the master password associated with the given provider has been forgotten or can not be retrieved from the operating system, the "Recover Password..." button can be used to open the password recovery dialog. The button will be disabled if the password recovery setup was cancelled when the master password was created. Note that the answers for the password recovery questions have to be entered exactly as they were specified during the password recovery setup. Answers are case-sensitive and white space inside answers are significant.

The "Contents" tab

The "Contents" tab of the preferences page displays contents of the default secure storage.

Secure storage is organized as a tree where nodes represent context of the information and values are associated with a node. Selecting a node in the tree will display a table of values associated with that node. Values stored in a non-encrypted form will be displayed; the encrypted values will be shown as "*********".

This tab also shows the actual file used to persist the default secure storage under the "Storage location" widget.

If you'd like to force changes to the contents of secure storage to be saved, press "Save" button.

If you'd like to delete secure storage to recover from an error or to reflect a change in the setup, press "Delete" button. This action will delete all of the contents of secure storage. In some cases, other parts of the application may depend on the contents of secure storage that you deleted. To avoid unexpected errors, it is highly recommended to restart the application after secure storage has been deleted.

The "Advanced" tab

The "Advanced" tab of the preferences page offers some extra tweaks to secure storage.

The encryption algorithm used by secure storage can be modified from this page. The drop-down list displays the discovered algorithms that are provided by the Java virtual machine which are compatible with secure storage.

The changes in the encryption algorithm are only going to apply to secure storages created after the change. If you have already created a secure storage it would have to be deleted and re-created to use the newly selected encryption algorithm.

Note that the list of available algorithm might be different for different Java virtual machines and could be extended by providing custom algorithms using the Java security provider mechanism.