Frequently Asked Questions (FAQ)

Quick answers to common questions about CoraleVault. Can’t find what you’re looking for? Contact support or open a GitHub issue.

Quick Navigation

• General Questions
• Security & Privacy
• Getting Started
• Features & Functionality
• Technical Questions
• Troubleshooting
• Comparison with Other Password Managers

General Questions

Is CoraleVault really free?

Yes, completely free!

• ✅ No trial period
• ✅ No premium version
• ✅ No hidden costs
• ✅ No ads
• ✅ No data collection
• ✅ No credit card required

CoraleVault is free and open source (GPL v3). You can use it for personal or commercial purposes without paying anything.

Why is it free?

Because password management should be accessible to everyone. We believe security shouldn’t cost money. The source code is open on GitHub for anyone to review, modify, or contribute to.

Can I trust CoraleVault with my passwords?

Yes, for several reasons:

1. Open Source - The source code is publicly available on GitHub. Security experts and developers can audit it.

2. Local Storage Only - Your passwords never leave your computer. No servers, no cloud, no accounts.

3. Strong Encryption - AES-256 encryption with PBKDF2 key derivation (600,000+ iterations) and HMAC-SHA256 authentication.

4. No Telemetry - The application doesn’t send any data, ever.

5. Active Development - Regular security updates and bug fixes.

6. Community Reviewed - Open to public security audits.

See our Security page for technical details.

What if development stops? What if you abandon the project?

You’re still protected:

1. Open Source - The source code will always be available. Anyone can fork and continue development.

2. No Lock-In - Your vault file is yours. You can always export your passwords to CSV or JSON.

3. No Server Dependency - CoraleVault doesn’t rely on our servers. It will continue working even if we disappear.

4. GPL v3 License - Legally guarantees the code remains free and open.

5. Community - Active users can take over maintenance.

Our commitment: If we decide to stop development, we’ll announce it 6 months in advance.

How does CoraleVault compare to 1Password, LastPass, and Bitwarden?

See our detailed Comparison Guide for a full breakdown.

Quick summary:

Best choice: It depends on your priorities.

• Most secure/private: CoraleVault or KeePass
• Easiest to use: 1Password or Bitwarden
• Best for families/teams: 1Password or Bitwarden
• Best for free: Bitwarden or CoraleVault

Is CoraleVault suitable for businesses?

Yes, but with considerations:

Pros:

• ✅ Free (no per-user costs)
• ✅ Open source (auditable)
• ✅ GPL v3 allows commercial use
• ✅ Local storage (no cloud security concerns)

Cons:

• ❌ No team sharing features (yet)
• ❌ No centralized management
• ❌ No SSO/SAML integration
• ❌ Manual setup per user

Recommendation: CoraleVault works well for:

• Small businesses (5-10 people) using shared vault files
• Developers who want full control
• Security-conscious organizations that prefer local storage

For larger businesses, consider Bitwarden (has team features, still open source) or 1Password (best team management).

Security & Privacy

How secure is CoraleVault?

Very secure. Here’s why:

Encryption:

• AES-256-CBC - Same encryption used by governments and military
• HMAC-SHA256 - Prevents tampering and forged data
• PBKDF2 - 600,000+ iterations to slow down brute-force attacks
• HKDF - Separate encryption and authentication keys

Security Features:

• ✅ Memory locking (prevents passwords in RAM dumps)
• ✅ Constant-time password comparison (prevents timing attacks)
• ✅ Secure random number generator (Crypto++)
• ✅ No password recovery (by design)
• ✅ Rate limiting (prevents brute-force attacks)

What we DON’T do:

• ❌ Store passwords in the cloud (no server breaches)
• ❌ Collect telemetry (no data leaks)
• ❌ Use weak encryption (no outdated algorithms)
• ❌ Store master password (not even hashed)

See our Security page for full technical details.

What if I forget my master password?

Your data is permanently lost. There is no recovery.

This is not a bug—it’s a security feature. Here’s why:

Why no password recovery:

• If we could recover your password, so could hackers
• Backdoors compromise security for everyone
• Your encryption is only as strong as your master password

How to prevent losing access:

1. Choose a memorable master password - Use a passphrase
2. Write it down - Store in a safe place (not digitally)
3. Practice typing it - Muscle memory helps
4. Backup your vault file - Multiple locations
5. Consider emergency access - Share with trusted family member (carefully)

If you forget:

• You’ll need to create a new vault and re-enter all passwords
• No exceptions, no backdoors, no way to recover

Can you see my passwords?

No. Absolutely not.

• Your passwords are encrypted on your device
• Your master password never leaves your computer
• We don’t have servers to store your data
• We can’t access, read, or recover your passwords

Even if:

• We wanted to (we don’t)
• We were forced by law
• Our website was hacked
• Someone stole our computers

We. Cannot. See. Your. Passwords.

That’s the whole point of local encryption.

Is it safe to store my vault file in Dropbox/Google Drive?

Yes! Your vault file is encrypted.

As long as your master password is strong, it’s safe to store your encrypted vault anywhere:

Safe for cloud storage:

• ✅ Dropbox
• ✅ Google Drive
• ✅ OneDrive
• ✅ iCloud
• ✅ Any cloud service

What’s protected:

• ✅ Your passwords (encrypted with AES-256)
• ✅ Usernames (encrypted)
• ✅ URLs (encrypted)
• ✅ Notes (encrypted)

What’s NOT in the file:

• ❌ Your master password (never stored anywhere)
• ❌ Encryption keys (derived from master password)

Benefits of cloud storage:

• Automatic backups
• Access from multiple devices
• Disaster recovery

One warning: Use a strong master password. Weak passwords can be cracked even with strong encryption.

Does CoraleVault have two-factor authentication (2FA)?

Not yet, but it’s on the roadmap.

Current status:

• 2FA for unlocking the vault is planned for a future release
• You can already use 2FA for your individual accounts (stored as TOTP secrets in notes)

Why not yet?

• Local-only storage doesn’t need 2FA as urgently as cloud services
• Physical device security is the first line of defense
• We’re focusing on implementing it correctly (YubiKey, TOTP, FIDO2 support)

When?

• Planned for 2026
• Will support multiple methods (TOTP apps, YubiKey, biometrics)

For now:

• Lock your device when not in use
• Use full-disk encryption
• Use strong master password

Getting Started

How do I create my first vault?

See our Getting Started Guide for a complete walkthrough.

Quick steps:

1. Launch CoraleVault
2. Click “Create New Vault”
3. Choose a location for your vault file
4. Create a strong master password
5. Start adding passwords!

What makes a good master password?

A strong master password should be:

1. Long - At least 16 characters (longer is better)
2. Memorable - You need to type it often
3. Unique - Don’t reuse from other accounts
4. Complex - Mix of letters, numbers, symbols

Best approach: Passphrases

Example: Correct-Horse-Battery-Staple-2025!

Why passphrases are better:

• Easier to remember than random characters
• Longer = more secure
• Harder to guess than common passwords

Avoid:

• ❌ Common phrases (“password123”, “letmein”)
• ❌ Personal info (birthday, name, address)
• ❌ Short passwords (under 12 characters)
• ❌ Dictionary words without modifications

See our Security Guide for more tips.

How do I import passwords from Chrome/Firefox/LastPass/1Password?

See our detailed Import Guide for step-by-step instructions per password manager.

General process:

1. Export passwords from your current password manager (usually to CSV)
2. Open CoraleVault
3. Go to File → Import
4. Select the source (Chrome, Firefox, LastPass, etc.)
5. Choose your exported CSV file
6. Review and confirm import
7. Important: Delete the CSV file securely after import!

Supported formats:

• Bitwarden JSON
• LastPass CSV
• 1Password CSV
• KeePass XML
• Chrome CSV
• Firefox CSV
• Generic CSV

How do I backup my vault?

Critical: You MUST backup your vault regularly. See our Backup & Recovery Guide for complete instructions.

Quick backup method:

1. Close CoraleVault
2. Copy your .vault file to multiple locations:
   • External USB drive
   • Another computer
   • Cloud storage (it’s encrypted)
3. Label backups with dates

Recommended frequency:

• After adding many new passwords
• Before changing master password
• At least once per month

Test your backups:

• Try opening them in CoraleVault
• Make sure they’re not corrupted

Features & Functionality

Can I use CoraleVault on multiple devices?

Yes! With manual sync.

Method 1: Cloud Storage (Recommended)

1. Store your .vault file in Dropbox/Google Drive/OneDrive
2. Install CoraleVault on all devices
3. Open the same vault file from each device

Important: Only open the vault on one device at a time to avoid conflicts.

Method 2: Manual Copy

• Copy the .vault file via USB drive
• Email it to yourself (it’s encrypted)
• Use network file sharing

Limitations:

• No automatic sync (yet)
• Manual conflict resolution if you forget to close
• Coming in future: automatic sync

Does CoraleVault have browser extensions?

Not yet. Planned for 2026.

Current workaround:

1. Keep CoraleVault open
2. Search for the website
3. Copy password (Ctrl+C)
4. Paste into browser (Ctrl+V)

Why not yet?

• Browser extensions are complex and security-critical
• We want to do them right (no compromises)
• Focus on core application stability first

When they’re ready:

• Chrome, Firefox, Edge, Safari support
• Auto-fill passwords
• Generate passwords directly in browser
• Secure communication with desktop app

Can I share passwords with family members?

Not yet. Single-user only.

Current workarounds:

Option 1: Shared Vault (Least Secure)

• Share the vault file and master password
• Anyone with both can access all passwords
• ⚠️ Risk: Everyone has access to everything

Option 2: Separate Vaults

• Each person has their own vault
• Export specific passwords to CSV
• Import into their vault
• ⚠️ Manual process

Option 3: Export Individual Entries

• Right-click entry → Export
• Share the exported file securely
• They import it

Future plans:

• Family sharing features (separate vaults, selective sharing)
• Emergency access (designated person can access after delay)
• Planned for 2027

Does CoraleVault work offline?

Yes! Always.

CoraleVault is completely offline:

• No internet connection required
• Never contacts servers
• No network activity at all
• Works on air-gapped systems

This is a feature, not a limitation:

• ✅ More secure (no remote attacks)
• ✅ More private (no tracking)
• ✅ Works anywhere (plane, remote locations)
• ✅ No service outages

Can I generate passwords in CoraleVault?

Yes! Strong password generator included.

Features:

• Configurable length (8-64 characters)
• Include/exclude character types
• Avoid ambiguous characters (0/O, 1/l/I)
• Cryptographically secure (Crypto++ RNG)
• One-click generate

How to use:

1. Create or edit an entry
2. Click “Generate” next to password field
3. Adjust settings
4. Click “Generate” until you like it
5. Click “Use Password”

See Getting Started Guide for details.

Technical Questions

What encryption does CoraleVault use?

AES-256-CBC with HMAC-SHA256.

Technical details:

• Cipher: AES-256 in CBC mode
• Authentication: HMAC-SHA256 (Encrypt-then-MAC)
• Key Derivation: PBKDF2-HMAC-SHA256 with 600,000+ iterations
• Key Separation: HKDF for encryption vs authentication keys
• Random Generation: Crypto++ library (cryptographically secure)

Why these choices:

• AES-256: Industry standard, battle-tested, fast
• CBC mode: Well-understood, secure with proper authentication
• HMAC: Prevents tampering and chosen-ciphertext attacks
• PBKDF2: Slows down brute-force password attacks
• 600,000+ iterations: Exceeds OWASP recommendations (2025)

See our Security page for more technical details.

What file format does CoraleVault use?

Custom encrypted binary format (.vault).

Structure:

• Salt (for key derivation)
• Initialization vector (IV)
• Encrypted data (AES-256-CBC)
• HMAC tag (authentication)

Why custom format:

• Optimized for security
• Compact file size
• Fast encryption/decryption
• Not human-readable (security)

Interoperability:

• Export to CSV or JSON for compatibility
• No standardized password manager format exists
• KeePass and others also use custom formats

What operating systems are supported?

Windows, Linux, and macOS.

Windows:

• ✅ Windows 11 (recommended)
• ✅ Windows 10
• ✅ Windows 8.1
• ✅ Windows 8
• ✅ Windows 7 (minimal testing)

Linux:

• ✅ Ubuntu 20.04+ (primary testing)
• ✅ Debian 10+
• ✅ Fedora 35+
• ✅ RHEL/CentOS 8+
• ✅ Arch Linux (community tested)
• ✅ Most distributions with GTK 3

macOS:

• ✅ macOS 14 (Sonoma)
• ✅ macOS 13 (Ventura)
• ✅ macOS 12 (Monterey)
• ✅ macOS 11 (Big Sur)
• ✅ macOS 10.15 (Catalina)
• ✅ macOS 10.13+ (High Sierra) should work

Architecture:

• ✅ x86_64 (Intel/AMD 64-bit)
• ✅ ARM64 (Apple Silicon, Raspberry Pi, etc.)

See System Requirements for details.

Is CoraleVault available for mobile?

Not yet. Planned for 2026.

Current status:

• Desktop apps only (Windows, Linux, macOS)
• Mobile apps (iOS/Android) in development

Why not yet:

• Mobile apps require different UI/UX
• Security considerations (biometrics, secure storage)
• Focus on perfecting desktop experience first

Workaround:

• Access vault via Dropbox/Google Drive app
• Some (limited) viewing of vault possible

When ready:

• iOS app (iPhone, iPad)
• Android app
• Biometric unlock
• Auto-fill support

Troubleshooting

I can’t open my vault file. What do I do?

See our Troubleshooting Guide for detailed solutions.

Common causes:

1. Wrong master password

   • Most common issue
   • Try variations (caps lock, typos)
   • Check keyboard layout

2. Corrupted file

   • File size is 0 bytes or suspiciously small
   • Restore from backup
   • Check disk health

3. Wrong CoraleVault version

   • Newer vault files may not open in older versions
   • Update to latest version

4. File permissions

   • Check if you have read access
   • Try copying to different location

CoraleVault is slow. How do I fix it?

Try these solutions:

1. Large vault - Split into multiple vaults
2. Many entries - Use groups and search
3. Old computer - CoraleVault is lightweight but minimum specs needed
4. Antivirus scanning - Exclude vault file from real-time scanning
5. Network drive - Copy vault to local disk

Performance tips:

• Close unused groups
• Limit notes field size
• Regular cleanup (delete old entries)

I forgot my master password. Can you help?

No. Your data is permanently lost.

Why no recovery:

• By design for security
• No backdoors = no way to break in
• Proves nobody can access your data

Prevention for next time:

1. Write down master password (paper, not digital)
2. Store in safe or secure location
3. Tell trusted family member the location
4. Practice typing it regularly

Starting over:

1. Create new vault with new master password
2. Re-enter passwords manually
3. Update from old backups if available (and you remember the password)

How do I update CoraleVault?

Manual updates only (no auto-update).

Steps:

1. Visit Download page
2. Download latest version
3. Close CoraleVault
4. Install new version (vault file is untouched)
5. Open your vault with the new version

Your data is safe:

• Vault file is separate from application
• No risk to your passwords
• Backward compatible (newer versions open old vaults)

Stay informed:

• Watch GitHub releases
• Read Changelog
• Follow GitHub repository

Comparison with Other Password Managers

CoraleVault vs KeePass?

Very similar! Both are local, open-source password managers.

Similarities:

• ✅ Local storage (no cloud)
• ✅ Open source
• ✅ Free
• ✅ Strong encryption
• ✅ No telemetry

Differences:

Choose CoraleVault if:

• You want modern UI
• You’re new to password managers
• You prefer simpler, fewer options

Choose KeePass if:

• You need plugins
• You want maximum customization
• You prefer mature, battle-tested software

CoraleVault vs Bitwarden?

Different philosophies: Local vs Cloud.

Choose CoraleVault if:

• Privacy is paramount
• You distrust cloud storage
• You want simplicity

Choose Bitwarden if:

• You need browser extensions now
• You want team sharing
• You prefer automatic sync

CoraleVault vs 1Password?

Different target audiences: DIY vs Premium.

Choose CoraleVault if:

• You want free
• You want open source
• You want local-only storage

Choose 1Password if:

• You want premium support
• You want family/team features
• You prefer polished, mature product
• You don’t mind paying

Still Have Questions?

Contact Us

• GitHub Issues: Report bugs or ask questions
• GitHub Discussions: Community support
• Email: dev@coralesoft.nz
• Documentation: User Manual

Contribute

Help improve this FAQ!

• Submit a pull request
• Suggest a question
• Join the discussion

Last updated: November 4, 2025