Asymmetric Cryptography Cipher Support

Feature Name:

Asymmetric Cryptography Cipher Support

Introduction

DevOps makes extensive use of public key cryptography. The most common use cases of this technology are SSH, signing Git commits and sending encrypted emails, but asymmetric cryptography can be used for a great many purposes.

Bitwarden would be an ideal place to store private keys; the secure nature of this platform means that a private key could optionally be stored in an unencrypted format. If a private key is stored in an encrypted format, then Bitwarden could also store the passphrase to decrypt the private key. This would allow developers to store their private keys in the cloud, allowing easy and secure access to them anywhere and at anytime.

Furthermore, a competitor to Bitwarden (LastPass) already possesses this feature, and therefore implementing this capability would help Bitwarden compete in an increasingly crowded market.

Feature Description

A new type of Cipher would be added to Bitwarden called CipherAsymmetricKey.

This new cipher would have the following properties:

  • Private Key
  • Public Key
  • Passphrase
  • Valid From
  • Valid Until
  • Format
  • Bit Strength

The private key and passphrase fields would be obscured when rendered by a client.

Support for asymmetric key ciphers would be added first to the backend & desktop clients. Other clients would have a lower priority for integration, for the reason that tools like SSH & GPG are used less frequently on mobile, browser and web platforms.

Clients / Repos Affected:

  • Server
  • Desktop

Timeline to completion (estimate):

ETA: Q2/2021


@tgreer
@kspearrin

1 Like

Nice! We’ve tossed around this concept internally with the team and recognize the demand for it most definitely; I would say the CLI is likely an even higher priority than Desktop given its ability to be integrated into shell scripts, automation, etc. but either way should be added to the priority list for consideration. Also, since all clients need the ability to “view/edit” an item type, all clients would need to be updated to accommodate any new type that’s added, including the web vault (import/export especially).

I would say hold off for a little bit on any development as something like this we’d want to help direct some of the considerations and use-cases that should be taken into account to consider it for inclusion in the product. We’ll get back with some better detail in the coming weeks.

Is the Bitwarden Development team interested in adding support for this on the Bitwarden CLI application. I am interested in developing on the CLI application since I enjoy using CLI applications the most.