Chad can add details, but rest assured this feature maintains our zero knowledge model of e2e encryption
This is a great question that I’ll try to cover in a comprehensive manner.
Bitwarden (the client application) will use the exact same mechanism for sharing private keys with this feature as we do already for Organizations’ vaults. Essentially a key exchange is done between 2 users within the Bitwarden client, you grant access to someone, they log in and have their own keys; when they accept your invitation they then share their public key with you; you will then use their public key when confirming them to encrypt your private key; that encrypted data is then stored in the database.
In this way, Bitwarden is acting essentially as a “zero-knowledge”, trusted broker. Unless we had the master password of your grantee OR you, we still would not be able to decrypt, reset the password for, etc. your account, even if Liam Neeson was at one of our houses and very angry. All of the key exchange, decryption, password resets, etc. all happen purely in the client via 2 trusted parties that took part in that key exchange (grantee + grantor), just like it’s done for organizations today. The “broker” part comes into play in that you trust Bitwarden to not release the encrypted key to the grantee until a designated time has lapsed.
So they’re stored in the client database, just like all other encrypted data. Thank you for explaining!
Is the feature still on track for being released by the end of this year?
Too close to get out before Dec 31st, but we are going to be releasing a lot of fun stuff in January, this included!
yeah I figured it would not be happening this year.
Can’t wait to see what you guys release. In the mean time I will be evaluating if bitwarden meets all my needs over lastpass
Hey, where will this announcement be posted? In the blog section?
We’ll have release announcements in our GitHub repos, status page, the forums, blog and probably a few other places
Emergency access is now live for cloud hosted services! Self-hosted updates will come in the next 48 hours or so.