[PM-10938] Import ssh-keys from 1password 1pux #10787
Conversation
|
New Issues
Fixed Issues
|
There was a problem hiding this comment.
Potential blocker: From the sample key it seems that 1Password uses the legacy PKCS#8 format for private keys. The library we use in rust for parsing keys (https://github.com/RustCrypto/SSH/tree/master/ssh-key) only supports the modern OPENSSH format. So either, we have to use another library on the fly to convert them, or convert them on import. Either way this will become a problem. (I'll have to note this on the regular import ticket as well)
@djsmith85 Any preference on converting during import or converting on the fly during usage? (it would mean blocking import until we either have a js library for parsing or add rust to web, but we would have a consistent format for private keys)
I'm leaning towards on import, so that we just have one consistent format (openssh) in the vault ciphers.
|
@quexten Usually I'd say the conversion needs to happen on import, as the target system dictates what is supported. I'll need to look into libraries then to convert PKCS#8 to OPENSSH. Idea for a future improvement: Adding support for users to manually add PKCS#8 into their vault and convert it on save? |
* Implement ssh-key cipher type * Fix linting * Fix edit and view components for ssh-keys on desktop * Fix tests * Remove ssh key type references * Remove add ssh key option * Fix typo * Add tests
quexten
force-pushed
the
tools/PM-10938/1pux-ssh-key-import
branch
from
1d33726 to
5bda3d1
Compare
|
@djsmith85 Merge & squashing the target branch PR to the feature branch added all the squashed commits to your PR's diff (since they were squashed in the target) so I did an interactive rebase & force push to not have this PR be convoluted. Sorry about the inconvenience. |
|
@djsmith85 Adding support for PKCS#8 parsing to rust importing code here: #11048, this will be ported over to sdk later on. Once sdk is included in all clients, it should not matter what format 1password provides, it will be parsed either way. For now users should be able to either go the 1password->file-openssh->bitwarden-desktop-import or 1password->copypaste-pkcs#8->bitwarden-desktop route. |
…s/PM-10938/1pux-ssh-key-import
Codecov ReportAll modified and coverable lines are covered by tests ✅
✅ All tests successful. No failed tests found. Additional details and impacted files@@ Coverage Diff @@
## main #10787 +/- ##
=======================================
Coverage 33.79% 33.79%
=======================================
Files 2912 2912
Lines 90701 90713 +12
Branches 17153 17155 +2
=======================================
+ Hits 30648 30660 +12
Misses 57667 57667
Partials 2386 2386 ☔ View full report in Codecov by Sentry. |
🎟️ Tracking
https://bitwarden.atlassian.net/browse/PM-10938
📔 Objective
With the introduction of the SSH keys item type, we can now also support importing ssh keys from other password managers. This add support for 1password's 1pux format.
The 1pux format has changed and the updates to fix it have been done at #10778. This PR requires the aforementioned to be merged first
⏰ Reminders before review
🦮 Reviewer guidelines
:+1:) or similar for great changes:memo:) or ℹ️ (:information_source:) for notes or general info:question:) for questions:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion:art:) for suggestions / improvements:x:) or:warning:) for more significant problems or concerns needing attention:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt:pick:) for minor or nitpick changes