I just created an account on Bitwarden.com and I plan to use it (also) with my Firefox browser.
For now, my Bitwarden vault is empty and I mean to import data from an Enpass vault I use for years.
I red in the help section that I have to export the database from Enpass in CSV format and import it.
I red in security pages that all the data is encrypted and that I am the only one who can access it.
My question is :
The file will travel directly from my harddisk to the bitwarden server. I will use neither a firefox extension nor any desktop application.
The enpass CSV file is not protected, all the data is readable by anybody. So, when will this data been encrypted ?
Is it before, during or after the transfer from my computer to the server ?
As my data is very sensitive (as everyboby, sure) I am a bit worried with that.
I only want to get a trustworthy answer…
Thank you or reading … and answering
While I’m not able to confirm this, my hypothesis is the following :
- Resulting data is encrypted
- Encrypted data is sent to the server to be stored and synced to your other devices.
Maybe @kspearrin can confirm this ?
Plus, when BW sends encrypted data to its server, the communication itself is also encrypted with TLS (HTTPS).
Thank you Crocmagnon for your fast and precise reply
It reassures me a lot.
However, I’ll wait for - kspearrin maybe - more answers
Have a nice day
Imported data is encrypted locally the same as any other data in your vault. The file is not uploaded to Bitwarden servers. @Crocmagnon is correct.
OK, kspearrin, I am reassured, so I’m gonna use the bitwarden vault fearless
I had the same question and also wanted to see myself that the sent information was indeed encrypted. I tried with a (json) file with 1 password. Indeed it was encrypted. Also when I after that submitted all my sites/passwords, I saw their URL, login name and password were all encrypted.
You can test/see it yourself:
I used Firefox, the following information is for Firefox, but Chrome has a similar functionality and I assume Safari and Edge too (but I have no experience with those).
- Being in your browser press F12. This will open an ‘under the hood’ window (it is used by developers).
- Select the tab ‘Network’. This will show all traffic going out from and coming into your browser
- Go to the https://vault.bitwarden.com/ where you import your passwords (tools> import) and import your passwords (or just a test file with one password). When you press the ‘Import data’ button, you will see a lot of traffic showing up in the ‘under the hood’ window.
- Look in the ‘under the hood’ window for a row somewhere at the top of all the rows that reads ‘POST’. This is the actual sending of your submission from your browser to the Bitwarden server. Click/ select this row.
- (in Firefox): to the right in the ‘under the hood’ window is a sub window with a number of tabs. Click the tab ‘Request’. This shows what actually was sent off from your browser to the Bitwarden server.
- I saw a numbered list, for each password an entry. Click on one to see what is in it.
- I saw the URL, my login name, my password where all encrypted to long, unrecognizable scrambled strings.
See the shot below.
I tried what you wrote. and yes, i am completly quiet now.
So, thank you for your (precise) work