From 8ee5fb2cbcb54adf3fd0cd1c5e21e19384632e44 Mon Sep 17 00:00:00 2001 From: Bernd Schoolmann Date: Mon, 24 Feb 2025 19:59:22 +0100 Subject: [PATCH] Tmp --- .../bulk/base-bulk-confirm.component.ts | 2 +- .../members/members.component.ts | 2 +- ...rganization-user-reset-password.service.ts | 2 +- .../services/rotateable-key-set.service.ts | 4 +- .../services/emergency-access.service.ts | 2 +- .../accept-organization.service.ts | 2 +- .../organization-plans.component.ts | 2 +- .../key-rotation/user-key-rotation.service.ts | 21 ++- .../organization-auth-request.service.ts | 2 +- .../providers/manage/members.component.ts | 2 +- .../services/web-provider.service.ts | 6 +- .../service-accounts/access/access.service.ts | 4 +- .../auth/components/set-password.component.ts | 2 +- .../vault/components/add-edit.component.ts | 6 +- .../default-set-password-jit.service.ts | 2 +- .../auth-request/auth-request.service.ts | 4 +- .../pin/pin.service.implementation.ts | 2 +- .../device-trust.service.implementation.ts | 4 +- .../auth/services/key-connector.service.ts | 6 +- .../master-password.service.ts | 13 ++ ...reset-enrollment.service.implementation.ts | 2 +- libs/common/src/enums/feature-flag.enum.ts | 2 +- .../crypto/abstractions/encrypt.service.ts | 1 - .../encrypt.service.implementation.ts | 63 ++++----- .../models/domain/encrypted-object.ts | 5 - .../models/domain/symmetric-crypto-key.ts | 121 ++++++++++++------ .../services/key-generation.service.ts | 4 +- .../services/sdk/default-sdk.service.ts | 2 +- .../services/web-crypto-function.service.ts | 2 +- .../src/tools/send/services/send.service.ts | 2 +- .../src/vault/services/cipher.service.ts | 4 +- libs/key-management/src/key.service.ts | 18 +-- ...ser-asymmetric-key-regeneration.service.ts | 4 +- .../sshkey-section.component.ts | 6 +- 34 files changed, 187 insertions(+), 139 deletions(-) diff --git a/apps/web/src/app/admin-console/organizations/members/components/bulk/base-bulk-confirm.component.ts b/apps/web/src/app/admin-console/organizations/members/components/bulk/base-bulk-confirm.component.ts index 05e302f011d..b81e6d8bc60 100644 --- a/apps/web/src/app/admin-console/organizations/members/components/bulk/base-bulk-confirm.component.ts +++ b/apps/web/src/app/admin-console/organizations/members/components/bulk/base-bulk-confirm.component.ts @@ -71,7 +71,7 @@ export abstract class BaseBulkConfirmComponent implements OnInit { if (publicKey == null) { continue; } - const encryptedKey = await this.encryptService.rsaEncrypt(key.key, publicKey); + const encryptedKey = await this.encryptService.rsaEncrypt(key.toEncoded(), publicKey); userIdsWithKeys.push({ id: user.id, key: encryptedKey.encryptedString, diff --git a/apps/web/src/app/admin-console/organizations/members/members.component.ts b/apps/web/src/app/admin-console/organizations/members/members.component.ts index 9fc27f2f199..26f306a045c 100644 --- a/apps/web/src/app/admin-console/organizations/members/members.component.ts +++ b/apps/web/src/app/admin-console/organizations/members/members.component.ts @@ -318,7 +318,7 @@ export class MembersComponent extends BaseMembersComponent async confirmUser(user: OrganizationUserView, publicKey: Uint8Array): Promise { const orgKey = await this.keyService.getOrgKey(this.organization.id); - const key = await this.encryptService.rsaEncrypt(orgKey.key, publicKey); + const key = await this.encryptService.rsaEncrypt(orgKey.toEncoded(), publicKey); const request = new OrganizationUserConfirmRequest(); request.key = key.encryptedString; await this.organizationUserApiService.postOrganizationUserConfirm( diff --git a/apps/web/src/app/admin-console/organizations/members/services/organization-user-reset-password/organization-user-reset-password.service.ts b/apps/web/src/app/admin-console/organizations/members/services/organization-user-reset-password/organization-user-reset-password.service.ts index 8e583d3106c..61fdff636c6 100644 --- a/apps/web/src/app/admin-console/organizations/members/services/organization-user-reset-password/organization-user-reset-password.service.ts +++ b/apps/web/src/app/admin-console/organizations/members/services/organization-user-reset-password/organization-user-reset-password.service.ts @@ -60,7 +60,7 @@ export class OrganizationUserResetPasswordService if (userKey == null) { throw new Error("No user key found"); } - const encryptedKey = await this.encryptService.rsaEncrypt(userKey.key, publicKey); + const encryptedKey = await this.encryptService.rsaEncrypt(userKey.toEncoded(), publicKey); return encryptedKey.encryptedString; } diff --git a/apps/web/src/app/auth/core/services/rotateable-key-set.service.ts b/apps/web/src/app/auth/core/services/rotateable-key-set.service.ts index dca37f93c36..972592529e0 100644 --- a/apps/web/src/app/auth/core/services/rotateable-key-set.service.ts +++ b/apps/web/src/app/auth/core/services/rotateable-key-set.service.ts @@ -25,7 +25,7 @@ export class RotateableKeySetService { const userKey = await this.keyService.getUserKey(); const rawPublicKey = Utils.fromB64ToArray(publicKey); - const encryptedUserKey = await this.encryptService.rsaEncrypt(userKey.key, rawPublicKey); + const encryptedUserKey = await this.encryptService.rsaEncrypt(userKey.toEncoded(), rawPublicKey); const encryptedPublicKey = await this.encryptService.encrypt(rawPublicKey, userKey); return new RotateableKeySet(encryptedUserKey, encryptedPublicKey, encryptedPrivateKey); } @@ -57,7 +57,7 @@ export class RotateableKeySetService { oldUserKey, ); const newEncryptedPublicKey = await this.encryptService.encrypt(publicKey, newUserKey); - const newEncryptedUserKey = await this.encryptService.rsaEncrypt(newUserKey.key, publicKey); + const newEncryptedUserKey = await this.encryptService.rsaEncrypt(newUserKey.toEncoded(), publicKey); const newRotateableKeySet = new RotateableKeySet( newEncryptedUserKey, diff --git a/apps/web/src/app/auth/emergency-access/services/emergency-access.service.ts b/apps/web/src/app/auth/emergency-access/services/emergency-access.service.ts index 7ac2f21a223..99d233c19bc 100644 --- a/apps/web/src/app/auth/emergency-access/services/emergency-access.service.ts +++ b/apps/web/src/app/auth/emergency-access/services/emergency-access.service.ts @@ -356,6 +356,6 @@ export class EmergencyAccessService } private async encryptKey(userKey: UserKey, publicKey: Uint8Array): Promise { - return (await this.encryptService.rsaEncrypt(userKey.key, publicKey)).encryptedString; + return (await this.encryptService.rsaEncrypt(userKey.toEncoded(), publicKey)).encryptedString; } } diff --git a/apps/web/src/app/auth/organization-invite/accept-organization.service.ts b/apps/web/src/app/auth/organization-invite/accept-organization.service.ts index 22a79ef3696..a3da0fdf5d7 100644 --- a/apps/web/src/app/auth/organization-invite/accept-organization.service.ts +++ b/apps/web/src/app/auth/organization-invite/accept-organization.service.ts @@ -186,7 +186,7 @@ export class AcceptOrganizationInviteService { // RSA Encrypt user's encKey.key with organization public key const userKey = await this.keyService.getUserKey(); - const encryptedKey = await this.encryptService.rsaEncrypt(userKey.key, publicKey); + const encryptedKey = await this.encryptService.rsaEncrypt(userKey.toEncoded(), publicKey); // Add reset password key to accept request request.resetPasswordKey = encryptedKey.encryptedString; diff --git a/apps/web/src/app/billing/organizations/organization-plans.component.ts b/apps/web/src/app/billing/organizations/organization-plans.component.ts index 071d1f75161..3a7e6432d95 100644 --- a/apps/web/src/app/billing/organizations/organization-plans.component.ts +++ b/apps/web/src/app/billing/organizations/organization-plans.component.ts @@ -800,7 +800,7 @@ export class OrganizationPlansComponent implements OnInit, OnDestroy { ); const providerKey = await this.keyService.getProviderKey(this.providerId); providerRequest.organizationCreateRequest.key = ( - await this.encryptService.encrypt(orgKey.key, providerKey) + await this.encryptService.encrypt(orgKey.toEncoded(), providerKey) ).encryptedString; const orgId = ( await this.apiService.postProviderCreateOrganization(this.providerId, providerRequest) diff --git a/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts b/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts index 222408815cc..ca842aa033d 100644 --- a/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts +++ b/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts @@ -11,10 +11,12 @@ import { VerificationType } from "@bitwarden/common/auth/enums/verification-type import { MasterPasswordVerification } from "@bitwarden/common/auth/types/verification"; import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service"; import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service"; +import { KeyGenerationService } from "@bitwarden/common/platform/abstractions/key-generation.service"; import { LogService } from "@bitwarden/common/platform/abstractions/log.service"; -import { HashPurpose } from "@bitwarden/common/platform/enums"; +import { EncryptionType, HashPurpose } from "@bitwarden/common/platform/enums"; import { Utils } from "@bitwarden/common/platform/misc/utils"; import { EncryptedString } from "@bitwarden/common/platform/models/domain/enc-string"; +import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key"; import { SendService } from "@bitwarden/common/tools/send/services/send.service.abstraction"; import { UserId } from "@bitwarden/common/types/guid"; import { UserKey } from "@bitwarden/common/types/key"; @@ -23,6 +25,7 @@ import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folde import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction"; import { ToastService } from "@bitwarden/components"; import { KeyService } from "@bitwarden/key-management"; +import { CryptoClient } from "@bitwarden/sdk-internal"; import { OrganizationUserResetPasswordService } from "../../admin-console/organizations/members/services/organization-user-reset-password/organization-user-reset-password.service"; import { WebauthnLoginAdminService } from "../../auth/core"; @@ -55,6 +58,7 @@ export class UserKeyRotationService { private vaultTimeoutService: VaultTimeoutService, private toastService: ToastService, private i18nService: I18nService, + private keyGenerationService: KeyGenerationService, ) {} /** @@ -97,10 +101,21 @@ export class UserKeyRotationService { ); const newMasterKey = await this.keyService.makeMasterKey(newMasterPassword, email, kdfConfig); - - const [newUnencryptedUserKey, newMasterKeyEncryptedUserKey] = + let [newUnencryptedUserKey, newMasterKeyEncryptedUserKey] = await this.keyService.makeUserKey(newMasterKey); + const userKey = CryptoClient.generate_user_key(); + this.logService.info("[Userkey rotation] Encrypting user key in new format"); + const userkeyEncodedBytes = Utils.fromB64ToArray(userKey); + const stretchedMasterKey = await this.keyGenerationService.stretchKey(newMasterKey); + const userkeyEncrypted = await this.encryptService.encrypt( + userkeyEncodedBytes, + stretchedMasterKey, + ); + const userkeyBytes = Utils.fromB64ToArray(CryptoClient.decode_userkey(userKey).Aes256CbcHmac); + newUnencryptedUserKey = new SymmetricCryptoKey(userkeyBytes, EncryptionType.AesCbc256_HmacSha256_B64) as UserKey; + newMasterKeyEncryptedUserKey = userkeyEncrypted; + if (!newUnencryptedUserKey || !newMasterKeyEncryptedUserKey) { this.logService.info("[Userkey rotation] User key could not be created. Aborting!"); throw new Error("User key could not be created"); diff --git a/bitwarden_license/bit-common/src/admin-console/auth-requests/organization-auth-request.service.ts b/bitwarden_license/bit-common/src/admin-console/auth-requests/organization-auth-request.service.ts index 025b021f83d..c8bf096bf66 100644 --- a/bitwarden_license/bit-common/src/admin-console/auth-requests/organization-auth-request.service.ts +++ b/bitwarden_license/bit-common/src/admin-console/auth-requests/organization-auth-request.service.ts @@ -126,6 +126,6 @@ export class OrganizationAuthRequestService { const userKey = new SymmetricCryptoKey(decValue); // Re-encrypt user Key with the Device Public Key - return await this.encryptService.rsaEncrypt(userKey.key, devicePubKey); + return await this.encryptService.rsaEncrypt(userKey.toEncoded(), devicePubKey); } } diff --git a/bitwarden_license/bit-web/src/app/admin-console/providers/manage/members.component.ts b/bitwarden_license/bit-web/src/app/admin-console/providers/manage/members.component.ts index 03e47569a55..d1575e68815 100644 --- a/bitwarden_license/bit-web/src/app/admin-console/providers/manage/members.component.ts +++ b/bitwarden_license/bit-web/src/app/admin-console/providers/manage/members.component.ts @@ -188,7 +188,7 @@ export class MembersComponent extends BaseMembersComponent { async confirmUser(user: ProviderUser, publicKey: Uint8Array): Promise { const providerKey = await this.keyService.getProviderKey(this.providerId); - const key = await this.encryptService.rsaEncrypt(providerKey.key, publicKey); + const key = await this.encryptService.rsaEncrypt(providerKey.toEncoded(), publicKey); const request = new ProviderUserConfirmRequest(); request.key = key.encryptedString; await this.apiService.postProviderUserConfirm(this.providerId, user.id, request); diff --git a/bitwarden_license/bit-web/src/app/admin-console/providers/services/web-provider.service.ts b/bitwarden_license/bit-web/src/app/admin-console/providers/services/web-provider.service.ts index d3482ea67a5..503672390f9 100644 --- a/bitwarden_license/bit-web/src/app/admin-console/providers/services/web-provider.service.ts +++ b/bitwarden_license/bit-web/src/app/admin-console/providers/services/web-provider.service.ts @@ -36,7 +36,7 @@ export class WebProviderService { const orgKey = await this.keyService.getOrgKey(organizationId); const providerKey = await this.keyService.getProviderKey(providerId); - const encryptedOrgKey = await this.encryptService.encrypt(orgKey.key, providerKey); + const encryptedOrgKey = await this.encryptService.encrypt(orgKey.toEncoded(), providerKey); const request = new ProviderAddOrganizationRequest(); request.organizationId = organizationId; @@ -55,7 +55,7 @@ export class WebProviderService { ), ); const providerKey = await this.keyService.getProviderKey(providerId); - const encryptedOrgKey = await this.encryptService.encrypt(orgKey.key, providerKey); + const encryptedOrgKey = await this.encryptService.encrypt(orgKey.toEncoded(), providerKey); await this.providerApiService.addOrganizationToProvider(providerId, { key: encryptedOrgKey.encryptedString, organizationId, @@ -82,7 +82,7 @@ export class WebProviderService { const providerKey = await this.keyService.getProviderKey(providerId); const encryptedProviderKey = await this.encryptService.encrypt( - organizationKey.key, + organizationKey.toEncoded(), providerKey, ); diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/access/access.service.ts b/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/access/access.service.ts index 773cb83e70a..0ff2f4d7a71 100644 --- a/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/access/access.service.ts +++ b/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/access/access.service.ts @@ -104,10 +104,10 @@ export class AccessService { const [name, encryptedPayload, key] = await Promise.all([ await this.encryptService.encrypt(accessTokenView.name, organizationKey), await this.encryptService.encrypt( - JSON.stringify({ encryptionKey: organizationKey.keyB64 }), + JSON.stringify({ encryptionKey: organizationKey.toBase64() }), encryptionKey, ), - await this.encryptService.encrypt(encryptionKey.keyB64, organizationKey), + await this.encryptService.encrypt(encryptionKey.toBase64(), organizationKey), ]); accessTokenRequest.name = name; diff --git a/libs/angular/src/auth/components/set-password.component.ts b/libs/angular/src/auth/components/set-password.component.ts index de079a7ebca..ba1803cfaf3 100644 --- a/libs/angular/src/auth/components/set-password.component.ts +++ b/libs/angular/src/auth/components/set-password.component.ts @@ -209,7 +209,7 @@ export class SetPasswordComponent extends BaseChangePasswordComponent implements // RSA Encrypt user key with organization public key const userKey = await this.keyService.getUserKey(); - const encryptedUserKey = await this.encryptService.rsaEncrypt(userKey.key, publicKey); + const encryptedUserKey = await this.encryptService.rsaEncrypt(userKey.toEncoded(), publicKey); const resetRequest = new OrganizationUserResetPasswordEnrollmentRequest(); resetRequest.masterPasswordHash = masterPasswordHash; diff --git a/libs/angular/src/vault/components/add-edit.component.ts b/libs/angular/src/vault/components/add-edit.component.ts index 26f645d89ef..dc82277bd5c 100644 --- a/libs/angular/src/vault/components/add-edit.component.ts +++ b/libs/angular/src/vault/components/add-edit.component.ts @@ -825,9 +825,9 @@ export class AddEditComponent implements OnInit, OnDestroy { private async generateSshKey(showNotification: boolean = true) { await firstValueFrom(this.sdkService.client$); const sshKey = generate_ssh_key("Ed25519"); - this.cipher.sshKey.privateKey = sshKey.private_key; - this.cipher.sshKey.publicKey = sshKey.public_key; - this.cipher.sshKey.keyFingerprint = sshKey.key_fingerprint; + this.cipher.sshKey.privateKey = sshKey.privateKey; + this.cipher.sshKey.publicKey = sshKey.publicKey; + this.cipher.sshKey.keyFingerprint = sshKey.fingerprint; if (showNotification) { this.toastService.showToast({ diff --git a/libs/auth/src/angular/set-password-jit/default-set-password-jit.service.ts b/libs/auth/src/angular/set-password-jit/default-set-password-jit.service.ts index 6c9ce8f9267..d6236fedea6 100644 --- a/libs/auth/src/angular/set-password-jit/default-set-password-jit.service.ts +++ b/libs/auth/src/angular/set-password-jit/default-set-password-jit.service.ts @@ -159,7 +159,7 @@ export class DefaultSetPasswordJitService implements SetPasswordJitService { throw new Error("userKey not found. Could not handle reset password auto enroll."); } - const encryptedUserKey = await this.encryptService.rsaEncrypt(userKey.key, publicKey); + const encryptedUserKey = await this.encryptService.rsaEncrypt(userKey.toEncoded(), publicKey); const resetRequest = new OrganizationUserResetPasswordEnrollmentRequest(); resetRequest.masterPasswordHash = masterKeyHash; diff --git a/libs/auth/src/common/services/auth-request/auth-request.service.ts b/libs/auth/src/common/services/auth-request/auth-request.service.ts index 5bc200ae1e8..79df2b9682b 100644 --- a/libs/auth/src/common/services/auth-request/auth-request.service.ts +++ b/libs/auth/src/common/services/auth-request/auth-request.service.ts @@ -111,10 +111,10 @@ export class AuthRequestService implements AuthRequestServiceAbstraction { Utils.fromUtf8ToArray(masterKeyHash), pubKey, ); - keyToEncrypt = masterKey.encKey; + keyToEncrypt = masterKey.toEncoded(); } else { const userKey = await this.keyService.getUserKey(); - keyToEncrypt = userKey.key; + keyToEncrypt = userKey.toEncoded(); } const encryptedKey = await this.encryptService.rsaEncrypt(keyToEncrypt, pubKey); diff --git a/libs/auth/src/common/services/pin/pin.service.implementation.ts b/libs/auth/src/common/services/pin/pin.service.implementation.ts index 9b86440b364..9a0f4ae0cce 100644 --- a/libs/auth/src/common/services/pin/pin.service.implementation.ts +++ b/libs/auth/src/common/services/pin/pin.service.implementation.ts @@ -193,7 +193,7 @@ export class PinService implements PinServiceAbstraction { const pinKey = await this.makePinKey(pin, email, kdfConfig); - return await this.encryptService.encrypt(userKey.key, pinKey); + return await this.encryptService.encrypt(userKey.toEncoded(), pinKey); } async storePinKeyEncryptedUserKey( diff --git a/libs/common/src/auth/services/device-trust.service.implementation.ts b/libs/common/src/auth/services/device-trust.service.implementation.ts index 903c72d4211..a7fa2984e45 100644 --- a/libs/common/src/auth/services/device-trust.service.implementation.ts +++ b/libs/common/src/auth/services/device-trust.service.implementation.ts @@ -158,7 +158,7 @@ export class DeviceTrustService implements DeviceTrustServiceAbstraction { deviceKeyEncryptedDevicePrivateKey, ] = await Promise.all([ // Encrypt user key with the DevicePublicKey - this.encryptService.rsaEncrypt(userKey.key, devicePublicKey), + this.encryptService.rsaEncrypt(userKey.toEncoded(), devicePublicKey), // Encrypt devicePublicKey with user key this.encryptService.encrypt(devicePublicKey, userKey), @@ -226,7 +226,7 @@ export class DeviceTrustService implements DeviceTrustServiceAbstraction { // Encrypt the brand new user key with the now-decrypted public key for the device const encryptedNewUserKey = await this.encryptService.rsaEncrypt( - newUserKey.key, + newUserKey.toEncoded(), decryptedDevicePublicKey, ); diff --git a/libs/common/src/auth/services/key-connector.service.ts b/libs/common/src/auth/services/key-connector.service.ts index f6f76579ee5..8c6b7f3931e 100644 --- a/libs/common/src/auth/services/key-connector.service.ts +++ b/libs/common/src/auth/services/key-connector.service.ts @@ -95,7 +95,7 @@ export class KeyConnectorService implements KeyConnectorServiceAbstraction { userId ??= (await firstValueFrom(this.accountService.activeAccount$))?.id; const organization = await this.getManagingOrganization(userId); const masterKey = await firstValueFrom(this.masterPasswordService.masterKey$(userId)); - const keyConnectorRequest = new KeyConnectorUserKeyRequest(masterKey.encKeyB64); + const keyConnectorRequest = new KeyConnectorUserKeyRequest(Utils.fromBufferToB64(masterKey.getInnerKey().encryptionKey)); try { await this.apiService.postUserKeyToKeyConnector( @@ -153,11 +153,11 @@ export class KeyConnectorService implements KeyConnectorServiceAbstraction { : new Argon2KdfConfig(kdfIterations, kdfMemory, kdfParallelism); const masterKey = await this.keyService.makeMasterKey( - password.keyB64, + password.toBase64(), await this.tokenService.getEmail(), kdfConfig, ); - const keyConnectorRequest = new KeyConnectorUserKeyRequest(masterKey.encKeyB64); + const keyConnectorRequest = new KeyConnectorUserKeyRequest(Utils.fromBufferToB64(masterKey.getInnerKey().encryptionKey)); await this.masterPasswordService.setMasterKey(masterKey, userId); const userKey = await this.keyService.makeUserKey(masterKey); diff --git a/libs/common/src/auth/services/master-password/master-password.service.ts b/libs/common/src/auth/services/master-password/master-password.service.ts index 9b5ce588bd3..5fe8cc6dcc9 100644 --- a/libs/common/src/auth/services/master-password/master-password.service.ts +++ b/libs/common/src/auth/services/master-password/master-password.service.ts @@ -2,6 +2,9 @@ // @ts-strict-ignore import { firstValueFrom, map, Observable } from "rxjs"; +import { Utils } from "@bitwarden/common/platform/misc/utils"; +import { CryptoClient } from "@bitwarden/sdk-internal"; + import { EncryptService } from "../../../key-management/crypto/abstractions/encrypt.service"; import { KeyGenerationService } from "../../../platform/abstractions/key-generation.service"; import { LogService } from "../../../platform/abstractions/log.service"; @@ -191,6 +194,16 @@ export class MasterPasswordService implements InternalMasterPasswordServiceAbstr newKey, "Content: User Key; Encrypting Key: Stretched Master Key", ); + if (decUserKey.length === 32 || decUserKey.length === 64) { + return new SymmetricCryptoKey(decUserKey) as UserKey; + } else { + this.logService.info("[MasterPasswordService] Userkey in new format; using sdk"); + const decodedKey = CryptoClient.decode_userkey(decUserKey); + if (decodedKey.Aes256CbcHmac != null) { + const key = Utils.fromB64ToArray(decodedKey.Aes256CbcHmac); + return new SymmetricCryptoKey(key) as UserKey; + } + } } else { throw new Error("Unsupported encryption type."); } diff --git a/libs/common/src/auth/services/password-reset-enrollment.service.implementation.ts b/libs/common/src/auth/services/password-reset-enrollment.service.implementation.ts index c0a961d5bbb..954e4f8382e 100644 --- a/libs/common/src/auth/services/password-reset-enrollment.service.implementation.ts +++ b/libs/common/src/auth/services/password-reset-enrollment.service.implementation.ts @@ -53,7 +53,7 @@ export class PasswordResetEnrollmentServiceImplementation userId ?? (await firstValueFrom(this.accountService.activeAccount$.pipe(map((a) => a?.id)))); userKey = userKey ?? (await this.keyService.getUserKey(userId)); // RSA Encrypt user's userKey.key with organization public key - const encryptedKey = await this.encryptService.rsaEncrypt(userKey.key, orgPublicKey); + const encryptedKey = await this.encryptService.rsaEncrypt(userKey.toEncoded(), orgPublicKey); const resetRequest = new OrganizationUserResetPasswordEnrollmentRequest(); resetRequest.resetPasswordKey = encryptedKey.encryptedString; diff --git a/libs/common/src/enums/feature-flag.enum.ts b/libs/common/src/enums/feature-flag.enum.ts index 913054a164d..4afc35684ea 100644 --- a/libs/common/src/enums/feature-flag.enum.ts +++ b/libs/common/src/enums/feature-flag.enum.ts @@ -100,7 +100,7 @@ export const DefaultFeatureFlagValue = { [FeatureFlag.UnauthenticatedExtensionUIRefresh]: FALSE, [FeatureFlag.SSHKeyVaultItem]: FALSE, [FeatureFlag.SSHAgent]: FALSE, - [FeatureFlag.UserKeyRotationV2]: FALSE, + [FeatureFlag.UserKeyRotationV2]: true, [FeatureFlag.CipherKeyEncryption]: FALSE, [FeatureFlag.PM11901_RefactorSelfHostingLicenseUploader]: FALSE, [FeatureFlag.TrialPaymentOptional]: FALSE, diff --git a/libs/common/src/key-management/crypto/abstractions/encrypt.service.ts b/libs/common/src/key-management/crypto/abstractions/encrypt.service.ts index e00d053ce7b..64a483e7306 100644 --- a/libs/common/src/key-management/crypto/abstractions/encrypt.service.ts +++ b/libs/common/src/key-management/crypto/abstractions/encrypt.service.ts @@ -36,7 +36,6 @@ export abstract class EncryptService { ): Promise; abstract rsaEncrypt(data: Uint8Array, publicKey: Uint8Array): Promise; abstract rsaDecrypt(data: EncString, privateKey: Uint8Array): Promise; - abstract resolveLegacyKey(key: SymmetricCryptoKey, encThing: Encrypted): SymmetricCryptoKey; /** * @deprecated Replaced by BulkEncryptService, remove once the feature is tested and the featureflag PM-4154-multi-worker-encryption-service is removed * @param items The items to decrypt diff --git a/libs/common/src/key-management/crypto/services/encrypt.service.implementation.ts b/libs/common/src/key-management/crypto/services/encrypt.service.implementation.ts index 075b9da4964..7458054bbb8 100644 --- a/libs/common/src/key-management/crypto/services/encrypt.service.implementation.ts +++ b/libs/common/src/key-management/crypto/services/encrypt.service.implementation.ts @@ -44,7 +44,7 @@ export class EncryptServiceImplementation implements EncryptService { const iv = Utils.fromBufferToB64(encObj.iv); const data = Utils.fromBufferToB64(encObj.data); const mac = encObj.mac != null ? Utils.fromBufferToB64(encObj.mac) : null; - return new EncString(encObj.key.encType, data, iv, mac); + return new EncString(encObj.key.encryptionType(), data, iv, mac); } async encryptToBytes(plainValue: Uint8Array, key: SymmetricCryptoKey): Promise { @@ -59,7 +59,7 @@ export class EncryptServiceImplementation implements EncryptService { } const encBytes = new Uint8Array(1 + encValue.iv.byteLength + macLen + encValue.data.byteLength); - encBytes.set([encValue.key.encType]); + encBytes.set([encValue.key.encryptionType()]); encBytes.set(new Uint8Array(encValue.iv), 1); if (encValue.mac != null) { encBytes.set(new Uint8Array(encValue.mac), 1 + encValue.iv.byteLength); @@ -78,13 +78,11 @@ export class EncryptServiceImplementation implements EncryptService { throw new Error("No key provided for decryption."); } - key = this.resolveLegacyKey(key, encString); - // DO NOT REMOVE OR MOVE. This prevents downgrade to mac-less CBC, which would compromise integrity and confidentiality. if (key.macKey != null && encString?.mac == null) { this.logService.error( "[Encrypt service] Key has mac key but payload is missing mac bytes. Key type " + - encryptionTypeName(key.encType) + + encryptionTypeName(key.encryptionType()) + "Payload type " + encryptionTypeName(encString.encryptionType), "Decrypt context: " + decryptContext, @@ -92,10 +90,10 @@ export class EncryptServiceImplementation implements EncryptService { return null; } - if (key.encType !== encString.encryptionType) { + if (key.encryptionType() !== encString.encryptionType) { this.logService.error( "[Encrypt service] Key encryption type does not match payload encryption type. Key type " + - encryptionTypeName(key.encType) + + encryptionTypeName(key.encryptionType()) + "Payload type " + encryptionTypeName(encString.encryptionType), "Decrypt context: " + decryptContext, @@ -119,7 +117,7 @@ export class EncryptServiceImplementation implements EncryptService { if (!macsEqual) { this.logMacFailed( "[Encrypt service] decryptToUtf8 MAC comparison failed. Key or payload has changed. Key type " + - encryptionTypeName(key.encType) + + encryptionTypeName(key.encryptionType()) + "Payload type " + encryptionTypeName(encString.encryptionType) + " Decrypt context: " + @@ -145,13 +143,11 @@ export class EncryptServiceImplementation implements EncryptService { throw new Error("Nothing provided for decryption."); } - key = this.resolveLegacyKey(key, encThing); - // DO NOT REMOVE OR MOVE. This prevents downgrade to mac-less CBC, which would compromise integrity and confidentiality. if (key.macKey != null && encThing.macBytes == null) { this.logService.error( "[Encrypt service] Key has mac key but payload is missing mac bytes. Key type " + - encryptionTypeName(key.encType) + + encryptionTypeName(key.encryptionType()) + " Payload type " + encryptionTypeName(encThing.encryptionType) + " Decrypt context: " + @@ -160,10 +156,10 @@ export class EncryptServiceImplementation implements EncryptService { return null; } - if (key.encType !== encThing.encryptionType) { + if (key.encryptionType() !== encThing.encryptionType) { this.logService.error( "[Encrypt service] Key encryption type does not match payload encryption type. Key type " + - encryptionTypeName(key.encType) + + encryptionTypeName(key.encryptionType()) + " Payload type " + encryptionTypeName(encThing.encryptionType) + " Decrypt context: " + @@ -181,7 +177,7 @@ export class EncryptServiceImplementation implements EncryptService { this.logMacFailed( "[Encrypt service#decryptToBytes] Failed to compute MAC." + " Key type " + - encryptionTypeName(key.encType) + + encryptionTypeName(key.encryptionType()) + " Payload type " + encryptionTypeName(encThing.encryptionType) + " Decrypt context: " + @@ -195,7 +191,7 @@ export class EncryptServiceImplementation implements EncryptService { this.logMacFailed( "[Encrypt service#decryptToBytes]: MAC comparison failed. Key or payload has changed." + " Key type " + - encryptionTypeName(key.encType) + + encryptionTypeName(key.encryptionType()) + " Payload type " + encryptionTypeName(encThing.encryptionType) + " Decrypt context: " + @@ -208,7 +204,7 @@ export class EncryptServiceImplementation implements EncryptService { const result = await this.cryptoFunctionService.aesDecrypt( encThing.dataBytes, encThing.ivBytes, - key.encKey, + key.encryptionType() "cbc", ); @@ -278,19 +274,23 @@ export class EncryptServiceImplementation implements EncryptService { } private async aesEncrypt(data: Uint8Array, key: SymmetricCryptoKey): Promise { - const obj = new EncryptedObject(); - obj.key = key; - obj.iv = await this.cryptoFunctionService.randomBytes(16); - obj.data = await this.cryptoFunctionService.aesEncrypt(data, obj.iv, obj.key.encKey); + const innerKey = key.getInnerKey(); + if (innerKey.type === EncryptionType.AesCbc256_HmacSha256_B64) { + const obj = new EncryptedObject(); + // AES-CBC Encrypt the data + obj.iv = await this.cryptoFunctionService.randomBytes(16); + obj.data = await this.cryptoFunctionService.aesEncrypt(data, obj.iv, innerKey.encryptionKey); - if (obj.key.macKey != null) { + // Calculate the HMAC const macData = new Uint8Array(obj.iv.byteLength + obj.data.byteLength); macData.set(new Uint8Array(obj.iv), 0); macData.set(new Uint8Array(obj.data), obj.iv.byteLength); - obj.mac = await this.cryptoFunctionService.hmac(macData, obj.key.macKey, "sha256"); - } + obj.mac = await this.cryptoFunctionService.hmac(macData, innerKey.authenticationKey, "sha256"); - return obj; + return obj; + } else { + throw new Error("Unsupported encryption type."); + } } private logMacFailed(msg: string) { @@ -298,19 +298,4 @@ export class EncryptServiceImplementation implements EncryptService { this.logService.error(msg); } } - - /** - * Transform into new key for the old encrypt-then-mac scheme if required, otherwise return the current key unchanged - * @param encThing The encrypted object (e.g. encString or encArrayBuffer) that you want to decrypt - */ - resolveLegacyKey(key: SymmetricCryptoKey, encThing: Encrypted): SymmetricCryptoKey { - if ( - encThing.encryptionType === EncryptionType.AesCbc128_HmacSha256_B64 && - key.encType === EncryptionType.AesCbc256_B64 - ) { - return new SymmetricCryptoKey(key.key, EncryptionType.AesCbc128_HmacSha256_B64); - } - - return key; - } } diff --git a/libs/common/src/platform/models/domain/encrypted-object.ts b/libs/common/src/platform/models/domain/encrypted-object.ts index 92153b27636..1d54062e18f 100644 --- a/libs/common/src/platform/models/domain/encrypted-object.ts +++ b/libs/common/src/platform/models/domain/encrypted-object.ts @@ -1,10 +1,5 @@ -// FIXME: Update this file to be type safe and remove this and next line -// @ts-strict-ignore -import { SymmetricCryptoKey } from "../../../platform/models/domain/symmetric-crypto-key"; - export class EncryptedObject { iv: Uint8Array; data: Uint8Array; mac: Uint8Array; - key: SymmetricCryptoKey; } diff --git a/libs/common/src/platform/models/domain/symmetric-crypto-key.ts b/libs/common/src/platform/models/domain/symmetric-crypto-key.ts index eab4c7b2114..64d4e09dfe4 100644 --- a/libs/common/src/platform/models/domain/symmetric-crypto-key.ts +++ b/libs/common/src/platform/models/domain/symmetric-crypto-key.ts @@ -2,64 +2,61 @@ // @ts-strict-ignore import { Jsonify } from "type-fest"; +import { CryptoClient, ExportedUserKey } from "@bitwarden/sdk-internal"; + import { Utils } from "../../../platform/misc/utils"; import { EncryptionType } from "../../enums"; -export class SymmetricCryptoKey { - key: Uint8Array; - encKey: Uint8Array; - macKey?: Uint8Array; - encType: EncryptionType; +type Aes256CbcHmacKey = { + type: EncryptionType.AesCbc256_HmacSha256_B64; + encryptionKey: Uint8Array; + authenticationKey: Uint8Array; +}; - keyB64: string; - encKeyB64: string; - macKeyB64: string; +type Aes256CbcKey = { + type: EncryptionType.AesCbc256_B64; + encryptionKey: Uint8Array; +}; + +export class SymmetricCryptoKey { + private key: Aes256CbcKey | Aes256CbcHmacKey; + private newFormat = false; meta: any; - constructor(key: Uint8Array, encType?: EncryptionType) { + constructor(key: Uint8Array, new_format = false) { if (key == null) { throw new Error("Must provide key"); } - if (encType == null) { - if (key.byteLength === 32) { - encType = EncryptionType.AesCbc256_B64; - } else if (key.byteLength === 64) { - encType = EncryptionType.AesCbc256_HmacSha256_B64; - } else { - throw new Error("Unable to determine encType."); + if (key.byteLength === 32) { + this.key = { + type: EncryptionType.AesCbc256_B64, + encryptionKey: key, + } + } else if (key.byteLength === 64) { + this.key = { + type: EncryptionType.AesCbc256_HmacSha256_B64, + encryptionKey: key.slice(0, 32), + authenticationKey: key.slice(32), + } + } else if (key.byteLength > 64) { + const decoded_key = CryptoClient.decode_userkey(key).Aes256CbcHmac; + this.key = { + type: EncryptionType.AesCbc256_HmacSha256_B64, + encryptionKey: decoded_key.encryption_key, + authenticationKey: decoded_key.authentication_key, } - } - - this.key = key; - this.encType = encType; - - if (encType === EncryptionType.AesCbc256_B64 && key.byteLength === 32) { - this.encKey = key; - this.macKey = null; - } else if (encType === EncryptionType.AesCbc128_HmacSha256_B64 && key.byteLength === 32) { - this.encKey = key.slice(0, 16); - this.macKey = key.slice(16, 32); - } else if (encType === EncryptionType.AesCbc256_HmacSha256_B64 && key.byteLength === 64) { - this.encKey = key.slice(0, 32); - this.macKey = key.slice(32, 64); } else { - throw new Error("Unsupported encType/key length."); - } - - this.keyB64 = Utils.fromBufferToB64(this.key); - this.encKeyB64 = Utils.fromBufferToB64(this.encKey); - if (this.macKey != null) { - this.macKeyB64 = Utils.fromBufferToB64(this.macKey); + throw new Error("Unable to determine encType."); } } - toJSON() { - // The whole object is constructed from the initial key, so just store the B64 key - return { keyB64: this.keyB64 }; + getInnerKey(): Aes256CbcKey | Aes256CbcHmacKey { + return this.key; } + static fromString(s: string): SymmetricCryptoKey { if (s == null) { return null; @@ -69,7 +66,51 @@ export class SymmetricCryptoKey { return new SymmetricCryptoKey(arrayBuffer); } + // For test only + toJSON() { + // The whole object is constructed from the initial key, so just store the B64 key + return { keyB64: Utils.fromBufferToB64(this) }; + } + + // For test only static fromJSON(obj: Jsonify): SymmetricCryptoKey { return SymmetricCryptoKey.fromString(obj?.keyB64); } + + toSdkKey(): ExportedUserKey { + if (this.key.type === EncryptionType.AesCbc256_B64) { + throw new Error("Unsupported encryption type."); + } else if (this.key.type === EncryptionType.AesCbc256_HmacSha256_B64) { + return { + Aes256CbcHmac: { + encryption_key: this.key.encryptionKey, + authentication_key: this.key.authenticationKey, + }, + }; + } else { + throw new Error("Unsupported encryption type."); + } + } + + toBase64(): string { + return Utils.fromBufferToB64(this.toEncoded()); + } + + toEncoded(): Uint8Array { + if (this.newFormat) { + return CryptoClient.encode_userkey(this.toSdkKey()); + } else { + if (this.key.type === EncryptionType.AesCbc256_B64) { + return this.key.encryptionKey; + } else if (this.key.type === EncryptionType.AesCbc256_HmacSha256_B64) { + return new Uint8Array([...this.key.encryptionKey, ...this.key.authenticationKey]); + } else { + throw new Error("Unsupported encryption type."); + } + } + } + + encryptionType(): EncryptionType { + return this.key.type; + } } diff --git a/libs/common/src/platform/services/key-generation.service.ts b/libs/common/src/platform/services/key-generation.service.ts index 8b8ba6cb355..8ccfef0c657 100644 --- a/libs/common/src/platform/services/key-generation.service.ts +++ b/libs/common/src/platform/services/key-generation.service.ts @@ -80,8 +80,8 @@ export class KeyGenerationService implements KeyGenerationServiceAbstraction { async stretchKey(key: SymmetricCryptoKey): Promise { const newKey = new Uint8Array(64); - const encKey = await this.cryptoFunctionService.hkdfExpand(key.key, "enc", 32, "sha256"); - const macKey = await this.cryptoFunctionService.hkdfExpand(key.key, "mac", 32, "sha256"); + const encKey = await this.cryptoFunctionService.hkdfExpand(key.getInnerKey().encryptionKey, "enc", 32, "sha256"); + const macKey = await this.cryptoFunctionService.hkdfExpand(key.getInnerKey().encryptionKey, "mac", 32, "sha256"); newKey.set(new Uint8Array(encKey)); newKey.set(new Uint8Array(macKey), 32); diff --git a/libs/common/src/platform/services/sdk/default-sdk.service.ts b/libs/common/src/platform/services/sdk/default-sdk.service.ts index 516334c7fb4..8831436a953 100644 --- a/libs/common/src/platform/services/sdk/default-sdk.service.ts +++ b/libs/common/src/platform/services/sdk/default-sdk.service.ts @@ -136,7 +136,7 @@ export class DefaultSdkService implements SdkService { ) { await client.crypto().initialize_user_crypto({ email: account.email, - method: { decryptedKey: { decrypted_user_key: userKey.keyB64 } }, + method: { decryptedKey: { decrypted_user_key: userKey.toBase64() } }, kdfParams: kdfParams.kdfType === KdfType.PBKDF2_SHA256 ? { diff --git a/libs/common/src/platform/services/web-crypto-function.service.ts b/libs/common/src/platform/services/web-crypto-function.service.ts index 61edf7a13b1..fc3c5d98b1b 100644 --- a/libs/common/src/platform/services/web-crypto-function.service.ts +++ b/libs/common/src/platform/services/web-crypto-function.service.ts @@ -251,7 +251,7 @@ export class WebCryptoFunctionService implements CryptoFunctionService { } if (p.encKey == null) { - p.encKey = forge.util.decode64(key.encKeyB64); + p.encKey = forge.util.decode64(Utils.fromBufferToB64(key.getInnerKey().encryptionKey)); } p.data = forge.util.decode64(data); p.iv = forge.util.decode64(iv); diff --git a/libs/common/src/tools/send/services/send.service.ts b/libs/common/src/tools/send/services/send.service.ts index 1b5e5f6aa31..37871bdda33 100644 --- a/libs/common/src/tools/send/services/send.service.ts +++ b/libs/common/src/tools/send/services/send.service.ts @@ -76,7 +76,7 @@ export class SendService implements InternalSendServiceAbstraction { model.key, new PBKDF2KdfConfig(SEND_KDF_ITERATIONS), ); - send.password = passwordKey.keyB64; + send.password = passwordKey.toBase64(); } if (key == null) { key = await this.keyService.getUserKey(); diff --git a/libs/common/src/vault/services/cipher.service.ts b/libs/common/src/vault/services/cipher.service.ts index 9e06d3335c3..f52a3c20989 100644 --- a/libs/common/src/vault/services/cipher.service.ts +++ b/libs/common/src/vault/services/cipher.service.ts @@ -279,7 +279,7 @@ export class CipherService implements CipherServiceAbstraction { key, ).then(async () => { if (model.key != null) { - attachment.key = await this.encryptService.encrypt(model.key.key, key); + attachment.key = await this.encryptService.encrypt(model.key.toEncoded(), key); } encAttachments.push(attachment); }); @@ -1770,7 +1770,7 @@ export class CipherService implements CipherServiceAbstraction { // Then, we have to encrypt the cipher key with the proper key. cipher.key = await this.encryptService.encrypt( - decryptedCipherKey.key, + decryptedCipherKey.toEncoded(), keyForCipherKeyEncryption, ); diff --git a/libs/key-management/src/key.service.ts b/libs/key-management/src/key.service.ts index 82020bf91b4..c3243d649db 100644 --- a/libs/key-management/src/key.service.ts +++ b/libs/key-management/src/key.service.ts @@ -57,7 +57,7 @@ import { PlatformUtilsService } from "../../common/src/platform/abstractions/pla import { StateService } from "../../common/src/platform/abstractions/state.service"; // FIXME: remove `src` and fix import // eslint-disable-next-line no-restricted-imports -import { KeySuffixOptions, HashPurpose } from "../../common/src/platform/enums"; +import { KeySuffixOptions, HashPurpose, EncryptionType } from "../../common/src/platform/enums"; // FIXME: remove `src` and fix import // eslint-disable-next-line no-restricted-imports import { convertValues } from "../../common/src/platform/misc/convert-values"; @@ -274,7 +274,7 @@ export class DefaultKeyService implements KeyServiceAbstraction { } const newUserKey = await this.keyGenerationService.createKey(512); - return this.buildProtectedSymmetricKey(masterKey, newUserKey.key); + return this.buildProtectedSymmetricKey(masterKey, newUserKey.toEncoded()); } /** @@ -356,7 +356,7 @@ export class DefaultKeyService implements KeyServiceAbstraction { userKey?: UserKey, ): Promise<[UserKey, EncString]> { userKey ||= await this.getUserKey(); - return await this.buildProtectedSymmetricKey(masterKey, userKey.key); + return await this.buildProtectedSymmetricKey(masterKey, userKey.toEncoded()); } // TODO: move to MasterPasswordService @@ -375,7 +375,7 @@ export class DefaultKeyService implements KeyServiceAbstraction { } const iterations = hashPurpose === HashPurpose.LocalAuthorization ? 2 : 1; - const hash = await this.cryptoFunctionService.pbkdf2(key.key, password, "sha256", iterations); + const hash = await this.cryptoFunctionService.pbkdf2(key.toEncoded(), password, "sha256", iterations); return Utils.fromBufferToB64(hash); } @@ -462,7 +462,7 @@ export class DefaultKeyService implements KeyServiceAbstraction { } const newSymKey = await this.keyGenerationService.createKey(512); - return this.buildProtectedSymmetricKey(key, newSymKey.key); + return this.buildProtectedSymmetricKey(key, newSymKey.toEncoded()); } private async clearOrgKeys(userId: UserId): Promise { @@ -510,7 +510,7 @@ export class DefaultKeyService implements KeyServiceAbstraction { const shareKey = await this.keyGenerationService.createKey(512); userId ??= await firstValueFrom(this.stateProvider.activeUserId$); const publicKey = await firstValueFrom(this.userPublicKey$(userId)); - const encShareKey = await this.encryptService.rsaEncrypt(shareKey.key, publicKey); + const encShareKey = await this.encryptService.rsaEncrypt(shareKey.toEncoded(), publicKey); return [encShareKey, shareKey as T]; } @@ -741,7 +741,7 @@ export class DefaultKeyService implements KeyServiceAbstraction { protected async storeAdditionalKeys(key: UserKey, userId: UserId) { const storeAuto = await this.shouldStoreKey(KeySuffixOptions.Auto, userId); if (storeAuto) { - await this.stateService.setUserKeyAutoUnlock(key.keyB64, { userId: userId }); + await this.stateService.setUserKeyAutoUnlock(key.toBase64(), { userId: userId }); } else { await this.stateService.setUserKeyAutoUnlock(null, { userId: userId }); } @@ -843,10 +843,10 @@ export class DefaultKeyService implements KeyServiceAbstraction { newSymKey: Uint8Array, ): Promise<[T, EncString]> { let protectedSymKey: EncString = null; - if (encryptionKey.key.byteLength === 32) { + if (encryptionKey.getInnerKey().type === EncryptionType.AesCbc256_B64) { const stretchedEncryptionKey = await this.keyGenerationService.stretchKey(encryptionKey); protectedSymKey = await this.encryptService.encrypt(newSymKey, stretchedEncryptionKey); - } else if (encryptionKey.key.byteLength === 64) { + } else if (encryptionKey.getInnerKey().type === EncryptionType.AesCbc256_HmacSha256_B64) { protectedSymKey = await this.encryptService.encrypt(newSymKey, encryptionKey); } else { throw new Error("Invalid key size."); diff --git a/libs/key-management/src/user-asymmetric-key-regeneration/services/default-user-asymmetric-key-regeneration.service.ts b/libs/key-management/src/user-asymmetric-key-regeneration/services/default-user-asymmetric-key-regeneration.service.ts index 3110ebad637..2ee773b1719 100644 --- a/libs/key-management/src/user-asymmetric-key-regeneration/services/default-user-asymmetric-key-regeneration.service.ts +++ b/libs/key-management/src/user-asymmetric-key-regeneration/services/default-user-asymmetric-key-regeneration.service.ts @@ -81,7 +81,7 @@ export class DefaultUserAsymmetricKeysRegenerationService throw new Error("SDK is undefined"); } return sdk.crypto().verify_asymmetric_keys({ - userKey: userKey.keyB64, + userKey: userKey.toBase64(), userPublicKey: publicKeyResponse.publicKey, userKeyEncryptedPrivateKey: userKeyEncryptedPrivateKey, }); @@ -125,7 +125,7 @@ export class DefaultUserAsymmetricKeysRegenerationService if (sdk === undefined) { throw new Error("SDK is undefined"); } - return sdk.crypto().make_key_pair(userKey.keyB64); + return sdk.crypto().make_key_pair(userKey.toBase64()); }), ), ); diff --git a/libs/vault/src/cipher-form/components/sshkey-section/sshkey-section.component.ts b/libs/vault/src/cipher-form/components/sshkey-section/sshkey-section.component.ts index 134897c9356..773ddd4ad66 100644 --- a/libs/vault/src/cipher-form/components/sshkey-section/sshkey-section.component.ts +++ b/libs/vault/src/cipher-form/components/sshkey-section/sshkey-section.component.ts @@ -104,9 +104,9 @@ export class SshKeySectionComponent implements OnInit { await firstValueFrom(this.sdkService.client$); const sshKey = generate_ssh_key("Ed25519"); this.sshKeyForm.setValue({ - privateKey: sshKey.private_key, - publicKey: sshKey.public_key, - keyFingerprint: sshKey.key_fingerprint, + privateKey: sshKey.privateKey, + publicKey: sshKey.publicKey, + keyFingerprint: sshKey.fingerprint, }); } }