Vault Integrity Check
Necron Vault Manager includes a powerful integrity verification system that checks every encrypted file across all vault storage locations. It detects corruption, tampering, missing files, and filename manipulation — then repairs any problems by restoring damaged or missing copies from a healthy source.
Why Integrity Matters
When you store encrypted files across multiple locations (local drives, Dropbox, Google Drive, OneDrive), several things can go wrong:
- A cloud sync client may fail to upload a file completely
- A storage device may develop data corruption
- A file may be accidentally deleted or moved
- An attacker may tamper with encrypted files
The integrity check catches all of these problems.
Two-Phase Integrity Model
Necron Vault Manager uses a two-phase approach to integrity:
Phase 1 — Automatic Missing-Files Reconcile
This runs automatically every time you open a vault. It's fast and non-disruptive:
- The app checks which files exist at each storage location
- Any location missing a file receives a copy from the first available source
- If any files were restored, a summary notification appears
If no files were missing, the vault opens without interruption.
Note
Phase 1 checks for missing files only — it does not verify file contents. For full verification, use Phase 2.
Phase 2 — Full Integrity Check & Repair
This is a comprehensive, manually triggered verification that checks every encrypted file:
- Click the "Check vault integrity" button in the right-hand inspector panel
- A progress modal appears showing per-file progress
- Every file across all locations is cryptographically verified to detect corruption or tampering
Each copy is classified as:
| Status | Meaning |
|---|---|
| Good | File verified — no corruption or tampering detected |
| Damaged | Corruption or tampering detected |
| Missing | File not found at this location |
Repair Behavior
When the integrity check finds problems, it attempts automatic repair:
- Missing copies — restored from a good copy at another location
- Damaged copies — overwritten from a good copy at another location
- Renamed/swapped files — detected as damage; replaced with a correct copy
- Unrecoverable files — if no good copy exists at any location, the file is flagged as unrecoverable
Warning
If a file is damaged or missing at all locations simultaneously, it cannot be repaired. This is why using multiple locations with different providers is strongly recommended — it minimizes the chance of simultaneous failure.
Progress and Results
During the integrity check, the progress modal shows:
- A progress bar showing how many files have been checked
- A status label like "Checking 47 of 200 files…"
At completion, the modal shows one of:
- "Vault integrity OK — no repairs were required." — everything is healthy
- A per-location summary of repairs, such as:
The Close button remains disabled until the check completes, so you can't accidentally dismiss an in-progress verification.
When to Run an Integrity Check
- After a cloud sync issue — if your cloud provider reported sync errors or conflicts
- After a power failure or crash — if the app was interrupted during import or sync
- Periodically — as a routine health check, especially for critical vaults
- Before creating a backup — to ensure your backup contains only healthy data
- After re-connecting an offline location — to verify the location is in sync
Requirements
- A vault must be open
- At least one dongle must be connected (the check is read-only, so SLAVE dongles can run it)
- All locations you want to verify should be online
Next Steps
- Self-Healing & Repair — deeper look at the repair mechanisms
- Adding Locations — add more mirrors for better resilience
- Best Practices — security recommendations including integrity