Integration with OnlyKey

Copying feature request from Github - Integration with OnlyKey · Issue #420 · bitwarden/clients · GitHub

It would be great if we could collaborate to add a new feature to support OnlyKey with Bitwarden. OnlyKey can already be used to generate the authenticator app OTP or FIDO U2F for two factor authentication, but OnlyKey also has a new feature that would work great with Bitwarden. The new feature is OpenPGP Everywhere and how it works is OnlyKey can support PGP directly through the browser (Firefox Quantum / Chrome) with no software/drivers required. There are several ways this could work with Bitwarden.

One way this could work is to essentially double encrypt the passwords/sensitive data Bitwarden stores. This way even if a user’s system/browser is hacked the passwords would be inaccessible. When the user goes to login Bitwarden sends the data to OnlyKey where user presence is required to decrypt it and it is sent back to Bitwarden where it used to log in.

Another way this could work is just like described above except half of the password could be typed out automatically by OnlyKey and half of the password could be entered by Bitwarden. From a threat modeling perspective this offers a mitigation to most threats.

FYI, OnlyKey is also open source. There are some demos of OpenPGP Everywhere here: