Container

Key containers can be used to house multiple keys in an easily transportable format. Individual keys and groups of keys to be stored and used in other features of the software. The container can be saved on disk and opened on the same or another machine.

Security

When saved to disk, the container is encrypted with the AES-256 symmetric encryption algorithm using the CBC mode of operation. The 256 bit AES key is derived from the user entered password by the PBKDF2 key derivation algorithm using the SHA-512 hash algorithm, with 100,000 iterations, and using a 256 bit random salt value generated by the Windows CAPI. The password derived AES key is set on creation of the container and changed on the user initiated password change operation. A new AES IV is generated on each save of the container, generated by the Windows CAPI. The password length does not have an arbitrary upper limit, and can contain any characters representable in UTF-8. The lower limit of the password length is 1 character, but a message is displayed when setting the password to a value that is under 16 characters, encouraging the user to select a stronger password – however this is only a suggestion.