User Manual

Complete guide to using CoraleVault, covering installation, setup, and all features.

Version: 2025.11.5

Quick Navigation

• Introduction
• Getting Started
• Creating Your First Vault
• Managing Passwords
• Password Generator
• Security Features
• Import/Export
• Troubleshooting

For the complete, detailed user manual, please see: USER_MANUAL.md on GitHub

Introduction

CoraleVault is a desktop password manager that stores your passwords in an encrypted file on your computer. Unlike cloud-based password managers, CoraleVault keeps your data completely offline, giving you full control over your sensitive information.

Key Features

✅ Military-Grade Encryption

• AES-256 encryption (same standard used by governments)
• PBKDF2-HMAC-SHA256 with 600,000+ iterations
• Constant-time password comparison (timing attack protection)

✅ Security Hardening

• Memory locking prevents passwords from swapping to disk
• Rate limiting prevents brute-force attacks
• Strong password enforcement (12+ characters)
• Perfect random password generation (no modulo bias)

✅ Privacy First

• No cloud sync - your data stays on your computer
• No internet connection required
• No telemetry or data collection
• No third-party access

✅ User-Friendly

• Clean 3-pane interface (Groups, Entries, Details)
• Powerful search functionality
• Password generator with customization
• Clipboard auto-clear (30 seconds)

Getting Started

Installation

1. Download CoraleVault for your platform
2. Verify the GPG signature (recommended)
3. Install using the installer or extract portable version
4. Launch CoraleVault

Creating Your First Vault

1. Launch CoraleVault
2. Click File → New Vault
3. Choose a location and filename (e.g., my-passwords.vault)
4. Create a strong master password (12+ characters required)
   • Use a mix of uppercase, lowercase, numbers, and symbols
   • Make it memorable but not guessable
   • NEVER lose this password - there’s no recovery option!
5. Confirm your master password
6. Your vault is created and ready to use

Adding Your First Password

1. Click Add Entry or press Ctrl+N
2. Fill in the details:
   • Title: Name of the account (e.g., “Gmail”)
   • Username: Your username or email
   • Password: Your password (or generate one)
   • URL: Website URL (optional)
   • Notes: Additional information (optional)
3. Click Save
4. Your password is now encrypted and stored

Managing Passwords

Viewing Passwords

• Search: Type in the search box to filter entries
• Select: Click an entry to view its details
• Show Password: Click the eye icon to reveal the password
• Copy: Use “Copy Username” or “Copy Password” buttons

Editing Entries

1. Select the entry
2. Click Edit or press Ctrl+E
3. Modify the fields
4. Click Save

Deleting Entries

1. Select the entry
2. Click Delete or press Delete key
3. Confirm the deletion

Organizing with Groups

• Click Add Group to create a category
• Drag entries to groups to organize
• Use groups like “Work”, “Personal”, “Banking”, etc.

Password Generator

CoraleVault includes a cryptographically secure password generator:

Using the Generator

1. When adding/editing an entry, click Generate Password
2. Configure options:
   • Length: 12-64 characters (16+ recommended)
   • Uppercase letters: A-Z
   • Lowercase letters: a-z
   • Numbers: 0-9
   • Symbols: !@#$%^&*()
3. Click Generate to create a new password
4. Click Accept to use the generated password

Generator Features

• Cryptographically random - Uses OS random source
• No modulo bias - Perfect statistical distribution
• Customizable - Choose which character types to include
• Secure - Generated passwords cleared from memory after use

Security Features

Encryption

• Algorithm: AES-256-CBC with HMAC-SHA256
• Key Derivation: PBKDF2 with 600,000+ iterations
• Salt: Unique random salt per vault file
• IV: Random initialization vector per encryption operation

Memory Protection

• Memory Locking: Passwords locked in RAM (VirtualLock/mlock)
• Secure Clearing: Memory wiped after use
• No Swap: Passwords prevented from swapping to disk

Attack Protection

• Rate Limiting: Exponential backoff after failed attempts
• Timing Attack Protection: Constant-time password comparison
• Brute Force Protection: Delays increase with failed attempts

Auto-Lock

• Vault automatically locks after inactivity (configurable)
• Must re-enter master password to unlock
• Protects against unauthorized access

Import/Export

Exporting Your Vault

1. Click File → Export
2. Choose format: JSON or CSV
3. Select save location
4. ⚠️ Warning: Exported files are NOT encrypted
5. Delete exported file after use if not needed

Importing Data

1. Click File → Import
2. Select file format (JSON or CSV)
3. Choose the file to import
4. Review imported entries
5. Click Import

Backup Your Vault

Important: Regularly backup your .vault file!

• Method 1: Copy the .vault file to external storage
• Method 2: Export to JSON and store securely
• Method 3: Use your regular backup solution

⚠️ Remember: Your vault file is only as secure as your backup location!

Troubleshooting

I forgot my master password

There is NO password recovery option. This is by design for security.

• If you have a backup, try passwords you might have used
• If you have an exported JSON/CSV backup, create a new vault and import

The application won’t start

• Check system requirements
• Run as administrator (Windows)
• Check antivirus isn’t blocking it
• Reinstall the application

Cannot open vault file

• Ensure the file isn’t corrupted
• Check you’re using the correct master password
• Restore from backup if file is corrupted

Slow unlock/lock operations

This is normal! PBKDF2 with 600,000+ iterations is intentionally slow to prevent brute-force attacks. A 1-2 second delay is expected and desired for security.

Performance issues with large databases

• Close other applications to free memory
• Consider organizing entries into groups
• Export old/unused entries to archive vault

Keyboard Shortcuts

Security Best Practices

Master Password

• Use 12+ characters (longer is better)
• Include uppercase, lowercase, numbers, symbols
• Make it memorable but not guessable
• Don’t use dictionary words or personal information
• Never reuse passwords across vaults

Vault File Storage

• Store on encrypted disk if possible
• Keep backups in secure location
• Don’t store in cloud unless encrypted
• Don’t email or share vault files

Generated Passwords

• Use 16+ characters for important accounts
• Enable all character types for maximum entropy
• Change passwords regularly for critical accounts
• Use unique passwords for each account

General Security

• Lock vault when stepping away
• Close CoraleVault when not in use
• Keep software updated
• Use strong master password
• Backup regularly

Cloud Sync

CoraleVault doesn’t have built-in cloud sync, but you can easily set up manual sync using cloud storage services.

How It Works

Your vault file is encrypted, so it’s safe to store in cloud services like:

• Dropbox
• Google Drive
• OneDrive
• iCloud Drive
• Any other cloud storage

Setting Up Cloud Sync

Method 1: Move Vault to Cloud Folder

1. Close CoraleVault
2. Move your .vault file to your cloud sync folder:
   • Dropbox: C:\Users\YourName\Dropbox\
   • Google Drive: C:\Users\YourName\Google Drive\
   • OneDrive: C:\Users\YourName\OneDrive\
3. Open the vault from the new location
4. Cloud service will automatically sync changes

Method 2: Create Vault in Cloud Folder

1. File → New Vault
2. Save location: Choose your cloud sync folder
3. Create master password
4. Cloud service syncs automatically

Using on Multiple Devices

1. Install CoraleVault on all devices
2. Install cloud storage app (Dropbox, Google Drive, etc.)
3. Open same vault file from cloud folder
4. Changes sync automatically via cloud service

IMPORTANT RULES:

• ⚠️ Only open on ONE device at a time - Prevents sync conflicts
• ⚠️ Wait for sync before switching devices
• ⚠️ Close CoraleVault when done to ensure changes are saved

Avoiding Sync Conflicts

What is a sync conflict? When the vault file is modified on multiple devices simultaneously, cloud services create conflicted copies.

How to prevent:

1. ✅ Close vault on Device A
2. ✅ Wait 30 seconds for cloud sync
3. ✅ Open vault on Device B
4. ✅ Close vault on Device B
5. ✅ Wait for sync before using Device A again

If conflict occurs:

1. Cloud service creates: passwords (conflicted copy).vault
2. Open most recent file (check modification date)
3. Manually merge entries from conflicted copy if needed
4. Delete conflicted copy after merging

Security Considerations

Is it safe to store encrypted vault in cloud?

✅ YES - Your vault file is encrypted with AES-256. Even if:

• Cloud service is hacked
• Someone steals your cloud account
• Employee at cloud company accesses files

They cannot decrypt your passwords without your master password.

Additional security tips:

• Use strong master password (16+ characters)
• Enable 2FA on cloud account
• Don’t store master password in cloud
• Consider using encrypted cloud services (Sync.com, Tresorit) for extra protection

Troubleshooting Cloud Sync

Vault won’t open after sync

• Check file isn’t corrupted
• Try opening a backup copy
• See Troubleshooting Guide

Changes not syncing

• Ensure cloud app is running
• Check internet connection
• Force sync in cloud app
• Check cloud storage quota

Sync conflicts happening frequently

• Only open on one device at a time
• Wait longer for sync between devices
• Close vault immediately after use

Getting Help

• Documentation: Full documentation
• GitHub Issues: Report bugs
• Discussions: Ask questions
• Security: Report vulnerabilities

Full manual: USER_MANUAL.md on GitHub