DevOps makes extensive use of public key cryptography. The most common use cases of this technology are SSH, signing Git commits and sending encrypted emails, but asymmetric cryptography can be used for a great many purposes.
Bitwarden would be an ideal place to store private keys; the secure nature of this platform means that a private key could optionally be stored in an unencrypted format. If a private key is stored in an encrypted format, then Bitwarden could also store the passphrase to decrypt the private key. This would allow developers to store their private keys in the cloud, allowing easy and secure access to them anywhere and at anytime.
Furthermore, a competitor to Bitwarden (LastPass) already possesses this feature, and therefore implementing this capability would help Bitwarden compete in an increasingly crowded market.
Feature Description
A new type of Cipher would be added to Bitwarden called CipherAsymmetricKey.
This new cipher would have the following properties:
Private Key
Public Key
Passphrase
Valid From
Valid Until
Format
Bit Strength
The private key and passphrase fields would be obscured when rendered by a client.
Support for asymmetric key ciphers would be added first to the backend & desktop clients. Other clients would have a lower priority for integration, for the reason that tools like SSH & GPG are used less frequently on mobile, browser and web platforms.
Nice! We’ve tossed around this concept internally with the team and recognize the demand for it most definitely; I would say the CLI is likely an even higher priority than Desktop given its ability to be integrated into shell scripts, automation, etc. but either way should be added to the priority list for consideration. Also, since all clients need the ability to “view/edit” an item type, all clients would need to be updated to accommodate any new type that’s added, including the web vault (import/export especially).
I would say hold off for a little bit on any development as something like this we’d want to help direct some of the considerations and use-cases that should be taken into account to consider it for inclusion in the product. We’ll get back with some better detail in the coming weeks.
Is the Bitwarden Development team interested in adding support for this on the Bitwarden CLI application. I am interested in developing on the CLI application since I enjoy using CLI applications the most.
Is this proposal still undergoing a process of consideration within the BitWarden decision-making team?
Could I please get an update on where the project management’s thoughts are at in regards to support for asymmetric crypto like certificates, PGP/GNUPG keys (etc.)?
We are planning some additional items that may cover this functionality in the latter part of the year and into early next year. Stay tuned as the scope of this addition may change somewhat
