Expand description
Pin-based unlock in Bitwarden works using a PasswordProtectedKeyEnvelope, which is sealed with
the PIN and contains the user-key. When unlocking with PIN, the envelope is unsealed with the
PIN and the key is loaded into the key-store.
There are two modes of PIN-based unlock: Before-first-unlock (BFU) and after-first-unlock (AFU). In BFU mode, the PIN envelope is persisted to disk. In AFU mode, the PIN envelope is only stored in memory. The memory copy is always loaded into memory when transitioning from BFU to AFU mode with an unlock.
Structsยง
- PinLock
System - Provides PIN-based unlock functionality. This includes enrolling into PIN-based unlock, unlocking using the PIN and handling necessary operations (PIN envelope refreshing when transitioning to after-first-unlock mode).
Enumsยง
- PinLock
Type - Pin unlock can be configured to use one of two modes. Before-first-unlock and after-first-unlock. In AFU mode, the PIN is available only after unlocking once with the master password or another unlock method. In BFU mode, PIN unlock is available right after app start. For this, the PIN-encrypted vault key is stored on disk.
- PinUnlock
Status - Current availability state for PIN-based unlock.
- Unlock
Error ๐