bitwarden/help
1
0
Fork 0
mirror of https://github.com/bitwarden/help synced 2026-01-05 01:53:14 +00:00
Code Issues Releases Wiki Activity

add article back into URL for launch

Browse Source
This commit is contained in:
DanHillesheim
2021-09-13 10:49:34 -06:00
parent 7180626937
commit 4a6df075e5
157 changed files with 985 additions and 985 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
_articles/send/send-encryption.md
View File

@@ -10,18 +10,18 @@ order: "07"
## Send Encryption
Sends are a secure and ephemeral mechanism for transmitting sensitive information to anyone, include plaintext and files. As the [About Send]({{site.baseurl}}/about-send/) article notes, Sends are **end-to-end encrypted**, meaning that encryption (*described below*) and decryption occur client-side. When you create a Send:
Sends are a secure and ephemeral mechanism for transmitting sensitive information to anyone, include plaintext and files. As the [About Send]({{site.baseurl}}/article/about-send/) article notes, Sends are **end-to-end encrypted**, meaning that encryption (*described below*) and decryption occur client-side. When you create a Send:
1. A new 128-bit secret key is generated for the Send.
2. Using HKDF-SHA256, a 512-bit encryption key is derived from the secret key.
3. The derived key is used to AES-256 encrypt the Send, including its file/text data and metadata (Name, Filename, Notes, etc.).
{% callout success %}Any [password]({{site.baseurl}}/send-privacy/#send-passwords) used to protect a Send **is not involved in encryption** and decryption of a Send. Passwords are purely an authentication method, however password-protected Sends will be [blocked from decrypting](#send-decryption) until password authentication is successful.{% endcallout %}
{% callout success %}Any [password]({{site.baseurl}}/article/send-privacy/#send-passwords) used to protect a Send **is not involved in encryption** and decryption of a Send. Passwords are purely an authentication method, however password-protected Sends will be [blocked from decrypting](#send-decryption) until password authentication is successful.{% endcallout %}
4. The encrypted Send is uploaded to Bitwarden servers, including a unique Send ID that Bitwarden uses to [identify the Send for decryption](#send-decryption) but **not including** the encryption key.
## Send Decryption
Sends are decrypted by opening the [Send link]({{site.baseurl}}/receive-send/), which are constructed from a unique Send ID and the derived encryption key:
Sends are decrypted by opening the [Send link]({{site.baseurl}}/article/receive-send/), which are constructed from a unique Send ID and the derived encryption key:
`https://vault.bitwarden.com/#/send/send_id/encryption_key`
@@ -34,7 +34,7 @@ When you access a Send link:
5. Bitwarden servers return the encrypted Send to the Web Vault client.
6. The Web Vault client locally decrypts the Send using the encryption key.
{% callout success %}If your send is [password-protected]({{site.baseurl}}/send-privacy/#send-passwords), decryption of the Send will be **blocked by authentication**. The server validates the password and only returns the Send if the password is correct. This should not be confused with the password being used for decryption.{% endcallout %}
{% callout success %}If your send is [password-protected]({{site.baseurl}}/article/send-privacy/#send-passwords), decryption of the Send will be **blocked by authentication**. The server validates the password and only returns the Send if the password is correct. This should not be confused with the password being used for decryption.{% endcallout %}
## Send Security