Since Bitwarden is a security product, there should definitely be an option to have emails sent from Bitwarden (i.e. activity notifications, customer support, etc.) be encrypted with OpenPGP instead of being in plain text. This would help bring security and privacy to the users since their emails from Bitwarden are encrypted.
An idea of how it can be implemented
The user goes to their Bitwarden account settings and click the checkbox that says “I want my emails from Bitwarden to be encrypted.” After clicking the checkmark, the user has the option to import/copy-and-paste their public PGP key. After clicking save, Bitwarden will then send a verification email with a clickable confirmation link that is encrypted with the user’s public PGP key to confirm that the user is able to decrypt the email. If the user successfully decrypts the verification email to click the link, all future emails sent from Bitwarden to the user will be encrypted, unless the user disables it or wants to change their keys.
The user could also send encrypted emails to Bitwarden by importing Bitwarden’s public key into their email client.
Overall, I think this would be a great feature to have and would make Bitwarden stand out from other password managers.
I would totally support that idea as well. Frankly, I don’t trust that “brand name” email providers won’t peak inside accounts if they ever suspect something at all. I use GPG daily so there would be no learning curve on this end!
I’d love to have this as an option as well!
Also, there’s a lot of email services out there that have built in OpenPGP key support like Protonmail and Mailbox as examples.
Yes please, this would be a much better solution than uploading your private keys as attachments.
This would be excellent. I like to have as many emails be PGP encrypted as possible, especially for situations relating to security - which my Bitwarden notification emails are perfect example of.
Yes please! I am in the process of degoogling, and I would prefer the option of having more security and privacy whenever possible.
Awesome! Please make pgp encryption possible!
Great feature request!
I think there should be a way to disable encryption in case a user loses his private key and can no longer decrypt emails.
Maybe generate some recovery codes at the time of enabling encryption, the same way it’s usually done when enabling 2FA? Recovery codes should be shown on screen, not emailed encrypted.
My email aliasing service uses PGP when forwarding emails and I think it would be a slam-dunk if Bitwarden could adopt this as well. Bitwarden plus my aliasing service are like peanut butter and chocolate: two great tastes that taste great together!
I now use Protonmail as my email provider. Having all emails to and from me encrypted and untraceable is a major goal. So I support this one!
I love also the idea for privacy and security
All websites need to support PGP mail encryption in a near future, forced by the laws
Really shouldn’t be too difficult to implement.
This would be nice,
Why would Facebook have this feature but not Bitwarden ?
I appreciate this as well.
Not untraceable. Only unable to see into the message.
Okay. But I did say ‘untraceable’ was an aim.
I hope the developers add this in. This would be good for the enterprise.
I would like to add something to the first post,
maybe let the user add a second email / key for recovery,
do this will let you check a box “never send me unencrypted mail / response without identity proof”
(Like that if i fail to prove my identity by signing my email to the support with my pgp key in my profile i have to prove my identity (with drive license or something like that) witch is legal since it’s an opt-in opt-in (yes pgp is opt in and this enforcement is opt-in only if pgp is enabled) feature).
I think pgp and my idea added can push those who enable it to have “social engeneering proof” account.