Using Public Private Key Authentication Instead of Password Authentication for Logins

Dear Bitwarden Developers,

I know the Bitwarden developers are aware that SSH (Secure Shell) now supports authenticating logins using strictly public-private key based authentication.

For additional security, SSH allows users to encrypt their private SSH key using a password so in the even their private key is stolen (perhaps someone stole their laptop and simply mounted their secondary storage drive in the /mnt directory) the password will stop them from being able to login anyway. Moreover, SSH now even supports FIDO U2F authentication with the ed25519-sk and ecdsa-sk keys.

Will the Bitwarden developers ever allow users to login using a public-private key authentication technique that is heavily inspired by SSH’s public-private key authentication technique.

Now, to make this work, the user will have to attach their (encrypted) private key file into the browser (or desktop application if they are using that). The user will still have to type in a password to decrypt the key just as its done in SSH.

Allow me to be clear, never does the authentication system actually send the private key file. The client or web application will simply decrypt the private key file using the user’s master password on the client side directly to complete the challenge response. The client application will only send its answer to the challenge response back to the server, just like SSH Protocol 2.

May the Bitwarden developers please inform me of what they think of this. Do they think adopting SSH’s login technique for Bitwarden logins is a good idea? If not, why not?

I thank the Bitwarden development team for any responses they send back to me.

I like this idea.

Hi Steven, thanks for letting me know!

I appreciate it!