Cleanup

apps/web/src/app/key-management/key-rotation/request/account-keys.request.ts

@@ -1,7 +1,8 @@
-import { SigningKeyType } from "@bitwarden/key-management";
+import { SignedPublicKeyOwnershipClaim } from "@bitwarden/common/key-management/types";
+import { SigningKey, SigningKeyType, VerifyingKey } from "@bitwarden/key-management";
 
+// This request contains other account-owned keys that are encrypted with the user key.
 export class AccountKeysRequest {
-  // Other keys encrypted by the userkey
   userKeyEncryptedAccountPrivateKey: string;
   accountPublicKey: string;
   signedPublicKeyOwnershipClaim: string | null;
@@ -13,16 +14,15 @@ export class AccountKeysRequest {
   constructor(
     userKeyEncryptedAccountPrivateKey: string,
     accountPublicKey: string,
-    signedPublicKeyOwnershipClaim: string | null,
-    userKeyEncryptedSigningKey: string | null,
-    verifyingKey: string | null,
-    signingKeyType: SigningKeyType | null,
+    signedPublicKeyOwnershipClaim: SignedPublicKeyOwnershipClaim | null,
+    userKeyEncryptedSigningKey: SigningKey | null,
+    verifyingKey: VerifyingKey | null,
   ) {
     this.userKeyEncryptedAccountPrivateKey = userKeyEncryptedAccountPrivateKey;
     this.accountPublicKey = accountPublicKey;
     this.signedPublicKeyOwnershipClaim = signedPublicKeyOwnershipClaim;
-    this.userKeyEncryptedSigningKey = userKeyEncryptedSigningKey;
-    this.verifyingKey = verifyingKey;
-    this.signingKeyType = signingKeyType;
+    this.userKeyEncryptedSigningKey = userKeyEncryptedSigningKey.toString();
+    this.verifyingKey = verifyingKey.toString();
+    this.signingKeyType = verifyingKey?.algorithm();
   }
 }

apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts

@@ -24,7 +24,7 @@ import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.servi
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 import { DialogService, ToastService } from "@bitwarden/components";
-import { KdfConfig, KeyService, UserSigningKey, VerifyingKey } from "@bitwarden/key-management";
+import { KdfConfig, KeyService, SigningKey, VerifyingKey } from "@bitwarden/key-management";
 import {
   AccountRecoveryTrustComponent,
   EmergencyAccessTrustComponent,
@@ -136,9 +136,8 @@ export class UserKeyRotationService {
       wrappedPrivateKey.encryptedString!,
       publicKey,
       signedPublicKeyOwnershipClaim,
-      signingKey.inner(),
-      verifyingKey.toString(),
-      verifyingKey.algorithm(),
+      signingKey,
+      verifyingKey,
     ) as AccountKeysRequest;
 
     // Methods to unlock the user (access the user key)
@@ -184,7 +183,7 @@ export class UserKeyRotationService {
     kdfConfig: KdfConfig,
   ): Promise<{
     userKey: UserKey;
-    signingKey?: UserSigningKey;
+    signingKey?: SigningKey;
     verifyingKey?: VerifyingKey;
     signedPublicKeyOwnershipClaim?: string;
     wrappedPrivateKey: EncString;
@@ -217,7 +216,7 @@ export class UserKeyRotationService {
         signingKey: signingKeyEncString,
       } = noSigningKeySdkClient.crypto().make_signing_keys();
       const verifyingKey = new VerifyingKey(verifyingKeyString);
-      const signingKey = new UserSigningKey(signingKeyEncString);
+      const signingKey = new SigningKey(signingKeyEncString);
       return {
         userKey: newUserKey,
         signingKey,
@@ -238,7 +237,7 @@ export class UserKeyRotationService {
           publicKey: Utils.fromBufferToB64(publicKey),
         };
       } else {
-        const existingSigningKey: UserSigningKey = null;
+        const existingSigningKey: SigningKey = null;
         const existingVerifyingKey: VerifyingKey = null;
 
         return {

libs/common/src/key-management/keys/response/signing-keys.response.ts

@@ -1,13 +1,11 @@
-import { SigningKeyType, UserSigningKey, VerifyingKey } from "@bitwarden/key-management";
+import { SigningKey, VerifyingKey } from "@bitwarden/key-management";
 
 export class UserSigningKeyData {
-  readonly keyAlgorithm: SigningKeyType;
-  readonly wrappedSigningKey: UserSigningKey;
+  readonly wrappedSigningKey: SigningKey;
   readonly verifyingKey: VerifyingKey;
 
   constructor(response: any) {
-    this.keyAlgorithm = response.keyAlgorithm;
-    this.wrappedSigningKey = new UserSigningKey(response.wrappedSigningKey);
+    this.wrappedSigningKey = new SigningKey(response.wrappedSigningKey);
     this.verifyingKey = new VerifyingKey(response.verifyingKey);
   }
 }

libs/key-management/src/abstractions/key.service.ts

@@ -19,7 +19,7 @@ import {
 } from "@bitwarden/common/types/key";
 
 import { KdfConfig } from "../models/kdf-config";
-import { UserSigningKey } from "../models/user-signing-key";
+import { SigningKey } from "../models/signing-key";
 
 export class UserPrivateKeyDecryptionFailedError extends Error {
   constructor() {
@@ -294,7 +294,7 @@ export abstract class KeyService {
    * @param encryptedSigningKey An encrypted signing key
    * @param userId The user id of the user to set the signing key for
    */
-  abstract setUserSigningKey(encryptedSigningKey: UserSigningKey, userId: UserId): Promise<void>;
+  abstract setUserSigningKey(encryptedSigningKey: SigningKey, userId: UserId): Promise<void>;
   /**
    * Returns the private key from memory. If not available, decrypts it
    * from storage and stores it in memory
@@ -458,9 +458,10 @@ export abstract class KeyService {
   abstract userPublicKey$(userId: UserId): Observable<UserPublicKey | null>;
 
   /**
-   * Gets a users signing key.
+   * Gets a users signing keys from local state.
+   * The observable will emit null, exactly if the local state returns null.
    */
-  abstract userSigningKey$(userId: UserId): Observable<UserSigningKey | null>;
+  abstract userSigningKey$(userId: UserId): Observable<SigningKey | null>;
 
   /**
    * Validates that a userkey is correct for a given user

libs/key-management/src/index.ts

@@ -21,7 +21,7 @@ export { KdfConfigService } from "./abstractions/kdf-config.service";
 export { DefaultKdfConfigService } from "./kdf-config.service";
 export { KdfType } from "./enums/kdf-type.enum";
 export { SigningKeyType, parseSigningKeyTypeFromString } from "./enums/signing-key-type.enum";
-export { UserSigningKey, SerializableUserSigningKeyPair } from "./models/user-signing-key";
+export { SigningKey, SerializableUserSigningKeyPair } from "./models/signing-key";
 export { VerifyingKey } from "./models/verifying-key";
 
 export * from "./user-asymmetric-key-regeneration";

libs/key-management/src/key.service.ts

@@ -60,7 +60,7 @@ import {
   UserPrivateKeyDecryptionFailedError,
 } from "./abstractions/key.service";
 import { KdfConfig } from "./models/kdf-config";
-import { UserSigningKey } from "./models/user-signing-key";
+import { SigningKey } from "./models/signing-key";
 
 export class DefaultKeyService implements KeyServiceAbstraction {
   private readonly activeUserEverHadUserKey: ActiveUserState<boolean>;
@@ -999,7 +999,7 @@ export class DefaultKeyService implements KeyServiceAbstraction {
     );
   }
 
-  async setUserSigningKey(userSigningKey: UserSigningKey, userId: UserId): Promise<void> {
+  async setUserSigningKey(userSigningKey: SigningKey, userId: UserId): Promise<void> {
     if (userSigningKey == null) {
       throw new Error("No user signing key provided.");
     }
@@ -1013,13 +1013,13 @@ export class DefaultKeyService implements KeyServiceAbstraction {
     );
   }
 
-  userSigningKey$(userId: UserId): Observable<UserSigningKey | null> {
+  userSigningKey$(userId: UserId): Observable<SigningKey | null> {
     return this.stateProvider.getUser(userId, USER_KEY_ENCRYPTED_SIGNING_KEY).state$.pipe(
       map((encryptedSigningKey) => {
         if (encryptedSigningKey == null) {
           return null;
         }
-        return UserSigningKey.fromSerializable(encryptedSigningKey);
+        return SigningKey.fromSerializable(encryptedSigningKey);
       }),
     );
   }

libs/key-management/src/models/signing-key.ts

@@ -1,11 +1,11 @@
 import { EncString } from "@bitwarden/sdk-internal";
 
 /**
- * Represents a signing key for a user.
+ * Represents a signing key.
  * Internally, this is encrypted and needs an unlocked SDK instance for the correct user
  * to use.
  */
-export class UserSigningKey {
+export class SigningKey {
   private innerKey: EncString;
 
   constructor(innerKey: string) {
@@ -31,8 +31,8 @@ export class UserSigningKey {
   /**
    * Creates a serializable version of the signing key.
    */
-  static fromSerializable(serializable: SerializableUserSigningKeyPair): UserSigningKey {
-    return new UserSigningKey(serializable.signingKey);
+  static fromSerializable(serializable: SerializableUserSigningKeyPair): SigningKey {
+    return new SigningKey(serializable.signingKey);
   }
 }
 

libs/key-management/src/models/verifying-key.ts

@@ -1,8 +1,11 @@
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { PureCrypto } from "@bitwarden/sdk-internal";
 
-import { SigningKeyType } from "../enums/signing-key-type.enum";
+import { SigningKeyType as SigningKeyAlgorithm } from "../enums/signing-key-type.enum";
 
+/**
+ * A verifying key is a public key used to verify signatures
+ */
 export class VerifyingKey {
   private innerKey: string;
 
@@ -10,11 +13,17 @@ export class VerifyingKey {
     this.innerKey = verifyingKey;
   }
 
+  /**
+   * Returns the verifying key in base64 format.
+   */
   toString(): string {
     return this.innerKey;
   }
 
-  algorithm(): SigningKeyType {
+  /**
+   * Returns the algorithm of the underlying signature scheme of the verifying key.
+   */
+  algorithm(): SigningKeyAlgorithm {
     return PureCrypto.key_algorithm_for_verifying_key(Utils.fromB64ToArray(this.innerKey));
   }
 }