Security question about importing a CSV file


#1

Hi

I just created an account on Bitwarden.com and I plan to use it (also) with my Firefox browser.
For now, my Bitwarden vault is empty and I mean to import data from an Enpass vault I use for years.
I red in the help section that I have to export the database from Enpass in CSV format and import it.
I red in security pages that all the data is encrypted and that I am the only one who can access it.

My question is :
The file will travel directly from my harddisk to the bitwarden server. I will use neither a firefox extension nor any desktop application.
The enpass CSV file is not protected, all the data is readable by anybody. So, when will this data been encrypted ?
Is it before, during or after the transfer from my computer to the server ?
As my data is very sensitive (as everyboby, sure) I am a bit worried with that.

I only want to get a trustworthy answer…

Thank you or reading … and answering :wink:


#2

Hello !
While I’m not able to confirm this, my hypothesis is the following :

  1. Your file is processed by some javascript code that runs in your browser.
  2. Resulting data is encrypted
  3. Encrypted data is sent to the server to be stored and synced to your other devices.

Maybe @kspearrin can confirm this ?

The important thing to note here is that when you use vault.bitwarden.com, you’re not directly communicating with BW server. Your browser downloads some javascript code that it’s able to run by itself. So your data is only decrypted in your browser and the server never knows it.

Plus, when BW sends encrypted data to its server, the communication itself is also encrypted with TLS (HTTPS).


#3

Thank you Crocmagnon for your fast and precise reply :slight_smile:
It reassures me a lot.
However, I’ll wait for - kspearrin maybe - more answers :wink:
Have a nice day


#4

Imported data is encrypted locally the same as any other data in your vault. The file is not uploaded to Bitwarden servers. @Crocmagnon is correct.


#5

OK, kspearrin, I am reassured, so I’m gonna use the bitwarden vault fearless :slight_smile: