Module key_management 

This module contains the definition for the key identifiers used by the rest of the crates. Any code that needs to interact with the [KeyStore] should use these types.

• SymmetricKeyId is used to identify symmetric keys.
• PrivateKeyId is used to identify private keys.
• KeyIds is a helper type that combines both symmetric and private key identifiers. This is usually used in the type bounds of [KeyStore], KeyStoreContext, PrimitiveEncryptable, CompositeEncryptable, and Decryptable.

Modules

account_cryptographic_state

User account cryptographic state

crypto

Mobile specific crypto operations

crypto_client 🔒

master_password 🔒

security_state 🔒

Security state is a signed object that attests to a user’s (or later an organization’s) security state. The security goal is to prevent downgrades of specific features within the user’s account by the server / a networked attacker with TLS introspection access.

user_decryption 🔒

v2_upgrade_token 🔒

V2 Upgrade Token is created during V1→V2 key rotation and holds both user keys wrapped by each other. This allows V1 devices to retrieve the V2 key (to complete the upgrade), and V2 devices to retrieve the V1 key (e.g. to rotate local device unlock methods still encrypted with V1).

wasm_unlock_state 🔒

The WASM sdk currently does not hold persistent SDK instances and instead re-createds SDK instances frequently. The unlock-state is lost, since the user-key is only held in the SDK. This file implements setting the user-key to WASM client-managed ephemeral state, so that SDK-re-creations have access to the user-key.

Structs

CryptoClient

A client for the crypto operations.

KeyIds

MasterPasswordAuthenticationData

Represents the data required to authenticate with the master password.

MasterPasswordUnlockData

Represents the data required to unlock with the master password.

SecurityState

The security state is a signed object attesting to the security state of a user.

SignedSecurityState

A signed and serialized SecurityState object.

UserDecryptionData

Represents data required to decrypt user’s vault. Currently, this is only used for master password unlock.

UserKeyState

Represents the decrypted symmetric user-key of a user. This is held in ephemeral state of the client.

V2UpgradeToken

Holds both V1 and V2 user keys, each wrapped by the other.

Enums

MasterPasswordError

Error for master password related operations.

PrivateKeyId

SigningKeyId

SymmetricKeyId

V2UpgradeTokenError

Errors that can occur when working with V2UpgradeToken

Constants

MINIMUM_ENFORCE_ICON_URI_HASH_VERSION

Icon URI hashes are enforced starting with this security state version.

UNIFFI_META_CONST_BITWARDEN_CORE_RECORD_USERKEYSTATE 🔒

Functions

create_test_crypto_with_user_and_org_key

This is a helper function to create a test KeyStore with a single user key and an organization key using the provided organization uuid. While this function is not marked as #[cfg(test)], it should only be used for testing purposes. It’s only public so that other crates can make use of it in their own tests.

create_test_crypto_with_user_key

This is a helper function to create a test KeyStore with a single user key. While this function is not marked as #[cfg(test)], it should only be used for testing purposes. It’s only public so that other crates can make use of it in their own tests.