[PM-2297] Add DecryptUserKeyWithDeviceKey method

2025-12-05 23:53:33 +00:00 · 2023-07-13 15:41:08 +01:00
parent b688b85d0f
commit e9ac1e3b5b
2 changed files with 24 additions and 0 deletions
--- a/src/Core/Abstractions/IDeviceTrustCryptoService.cs
+++ b/src/Core/Abstractions/IDeviceTrustCryptoService.cs
@@ -10,5 +10,6 @@ namespace Bit.Core.Abstractions
        Task<DeviceResponse> TrustDeviceIfNeededAsync();
        Task<bool> GetShouldTrustDeviceAsync();
        Task SetShouldTrustDeviceAsync(bool value);
+        Task<SymmetricCryptoKey> DecryptUserKeyWithDeviceKey(string encryptedDevicePrivateKey, string encryptedUserKey);
    }
 }
--- a/src/Core/Services/DeviceTrustCryptoService.cs
+++ b/src/Core/Services/DeviceTrustCryptoService.cs
@@ -99,5 +99,28 @@ namespace Bit.Core.Services
            await SetShouldTrustDeviceAsync(false);
            return response;
        }
+
+        // TODO: Add proper types to parameters once we have them coming down from server
+        public async Task<SymmetricCryptoKey> DecryptUserKeyWithDeviceKey(string encryptedDevicePrivateKey, string encryptedUserKey)
+        {
+            // Get device key
+            var existingDeviceKey = await GetDeviceKeyAsync();
+
+            if (existingDeviceKey == null)
+            {
+              // User doesn't have a device key anymore so device is untrusted
+              return null;
+            }
+
+            // Attempt to decrypt encryptedDevicePrivateKey with device key
+            var devicePrivateKey = await _cryptoService.DecryptToBytesAsync(
+              new EncString(encryptedDevicePrivateKey),
+              existingDeviceKey
+            );
+
+            // Attempt to decrypt encryptedUserDataKey with devicePrivateKey
+            var userKey = await _cryptoService.RsaDecryptAsync(encryptedUserKey, devicePrivateKey);
+            return new SymmetricCryptoKey(userKey);
+        }
    }
 }