This is currently Work-in-progress! It might take a while until this is ready for a pull-request!
Feature/Fix name:
SSH Key support
Feature Description
SSH key import, storage, generation support.
Clients / Repos Affected:
- Clients
- (Mobile?)
Details
I saw this post in the feature request which I found quite interesting. Having SSH keys integrated into Bitwarden for logging into my machines or signing git commits would be very cool. I did some research on this, to see what’s required for implementing this feature.
I’d split this into two different feature requests, SSH Key credential support, and ssh-agent support. This pull requests focuses on the former. SSH-agent support is for a later pull request.
To get SSH keys implement into Bitwarden in a useful manner (not just text storage) a few things are required. SSH keys come in a variety of formats (PKCS#8, PKCS#1,…) and using various cryptographic techniques (RSA, Ed25519,…), encryption of private keys and so on. There are simply no libraries that handle this in the browser. RSA is supported by WebCrypto but ed25519 support is only a draft. Furthermore, there are no parsers for the different encodings, and implementing one in a safe way is not a trivial task.
The best option to address this is using a fully featured SSH library that’s already built in another language, and compiling it to WASM. I looked at openssh and sshlib at first, but they were hard to compile and would require some more work to get ported to emscripten (to use WebCrypto for randomness f.e).
I remembered that Golang actually has quite good WASM support these days out of the box, and has official ssh libraries included. So as a proof-of-concept I built a small (not yet finished) wrapper around the key generation / parsing, compiled it to WASM and wrote a JS/TypeScript wrapper. Using this, we can handle all common SSH key formats, decrypt encrypted private keys and generate SSH keys. For now, I just implemented RSA and Ed25519 but adding other key types should be trivial as support is built into golang.
As a proof-of-concept for Bitwarden, I have added ed25519 key generation to the generator:
The goal of this pull request is to add full support for storing and importing SSH keys (by copy paste or drag and drop), and to add support for creating SSH keys right in Bitwarden.
Branch:
Not sure on the timeline on this, depending on how much time I can spare it might be a couple of weeks before this is in a pull-request ready state. I’ll post updates on this as I develop it, feel free to chime in with feedback / suggestions