hi everyone,
I was reading here how the passkeys are used for encryption in bitwarden,
When a passkey is registered for encryption the following things are uploaded:
- passkey public key
- PRF public key
- PRF-encrypted private key
- PRF-encrypted account encryption key
Questions:
- is [PRF public key] unique per account?
- are we gonna have so many [PRF-encrypted private key] and [PRF-encrypted account encryption key] as passkeys have we have registered for vault encryption?
As I understand our account has a single encryption key pair in the system, the unique “private key” is used to encrypt the unique “account encryption key” and we encrypt the “private key” so many times as passkeys we have registered, the private key is encrypted symmetrically using as seed the deterministic 32 byte keys derive from WebAuthn PRF.
- is “account encryption key” a 32 byte key?
- where is the web client github repository the part where a passkey is registered for encryption?
Thanks