| |
| <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> |
| <html lang="en"> |
| <HEAD> |
| |
| <meta name="copyright" content="Copyright (c) IBM Corporation and others 2008, 2011. This page is made available under license. For full details see the LEGAL in the documentation book that contains this page." > |
| |
| <META http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> |
| <META http-equiv="Content-Style-Type" content="text/css"><LINK rel="STYLESHEET" href="../book.css" charset="ISO-8859-1" type="text/css"> |
| <script language="JavaScript" src="PLUGINS_ROOT/org.eclipse.help/livehelp.js" type="text/javascript"></script> |
| <TITLE>How secure storage works</TITLE> |
| </HEAD> |
| <BODY bgcolor="#ffffff"> |
| <H1 class="Head">How secure storage works</H1> |
| |
| <p>Let's consider a concrete example of CVS integration. When you specify a password for a CVS connection, |
| the application offers you an option to save your user name and password using secure storage.</p> |
| |
| <p align="center"><img alt="Schema of secure storage encrypting data" src="../images/equinox_secure_storage_start.svg"><br> |
| </p> |
| <p align="center"><b>Picture 1. How secure storage works.</b></p> |
| |
| <p>Your CVS password is passed as data to secure storage. Secure storage uses a "master" password |
| to encrypt it and store the encrypted CVS password in a file on disk.</p> |
| |
| <p>The master password is obtained from a password provider module. The master passwords |
| are obtained in a "lazy" fashion, only when they are about to be used. Password providers can use |
| different techniques:</p> |
| <ul> |
| <li>on <i>Windows</i>, the master password is generated as a random value that is encrypted based on your |
| Windows login information and stored in secure storage;</li> |
| <li>on <i>macOS</i>, the master password is initially created as a random value that is stored in |
| the OS keyring;</li> |
| <li>the default password provider simply prompts you for a password;</li> |
| <li>other password providers might be supplied in your application.</li> |
| </ul> |
| |
| <p>When data is saved with secure storage, the password provider is selected based on the priorities from |
| the list of enabled password providers. Only that provider can be used in future to decrypt the data.</p> |
| |
| <h3 class="related">Related concepts</h3> |
| <A href="ref-securestorage-start.htm">Secure storage</A> |
| <br><A href="ref-securestorage-recovery.htm">Password recovery</A> |
| <br><A href="ref-securestorage-passwd.htm">Life of a master password</A> |
| |
| <h3 class="related">Related reference</h3> |
| <a href="ref-securestorage-prefs.htm">Secure storage preference page</a> |
| <br><a href="ref-securestorage-options.htm">Secure storage runtime options</a> |
| |
| </BODY> |
| </HTML> |