The Adobe® AIR™ runtime provides a persistent encrypted local store for each AIR application installed on a user's computer. This lets you save and retrieve data that is stored on the user's local hard drive in an encrypted format that cannot easily be deciphered by other applications or users. A separate encrypted local store is used for each AIR application, and each AIR application uses a separate encrypted local store for each user.

You may want to use the encrypted local store to store information that must be secured, such as login credentials for web services.

AIR uses DPAPI on Windows and KeyChain on Mac OS to associate the encrypted local store to each application and user. The encrypted local store uses AES-CBC 128-bit encryption.

Information in the encrypted local store is only available to AIR application content in the application security sandbox.

Use the setItem() and removeItem() static methods of the EncryptedLocalStore class to store and retrieve data from the local store. The data is stored in a hash table, using strings as keys, with the data stored as byte arrays.

For example, the following code stores a string in the encrypted local store:

var str = "Bob";
var bytes = new air.ByteArray();
bytes.writeUTFBytes(str);
air.EncryptedLocalStore.setItem("firstName", bytes);

var storedValue = air.EncryptedLocalStore.getItem("firstName");
air.trace(storedValue.readUTFBytes(storedValue.length)); // "foo"

The third parameter of the setItem() method, the stronglyBound parameter, is optional. When this parameter is set to true, the encrypted local store provides a higher level of security, by binding the stored item to the storing AIR application's digital signature and bits, as well as to the application's publisher ID when:

var str = "Bob";
var bytes = new air.ByteArray();
bytes.writeUTFBytes(str);
air.EncryptedLocalStore.setItem("firstName", bytes, true);

For an item that is stored with stronglyBound set to true, subsequent calls to getItem() only succeed if the calling AIR application is identical to the storing application (if no data in files in the application directory have changed). If the calling AIR application is different from the storing application, the application throws an Error exception when you call getItem() for a strongly bound item. If you update your application, it will not be able to read strongly bound data previously written to the encrypted local store.

By default, an AIR application cannot read the encrypted local store of another application. The stronglyBound setting provides extra binding (to the data in the application bits) that prevents an attacker application from attempting to read from your application's encrypted local store by trying to hijack your application's publisher ID.

You can delete a value from the encrypted local store by using the EncryptedLocalStore.removeItem() method, as in the following example:

air.EncryptedLocalStore.removeItem("firstName");

You can clear all data from the encrypted local store by calling the EncryptedLocalStore.reset() method, as in the following example:

air.EncryptedLocalStore.reset();

When debugging an application in the AIR Debug Launcher (ADL), the application uses a different encrypted local store than the one used in the installed version of the application.

The encrypted local store has a maximum supported total capacity of 10 MB.

When you uninstall an AIR application, the uninstaller does not delete data stored in the encrypted local store.

Encrypted local store data is put in a subdirectory of the user's application data directory; the subdirectory path is Adobe/AIR/ELS/ followed by the application ID.