Support passkeys with Bitwarden import #11401
Conversation
|
Given that fido alliance just published the first version of the passkey exchange format and protocol, and that most password managers will start supporting it soon, it this the good time for this PR ? Wouldn't it make more sense to implement this new spec, which ensures the keys are properly encrypted in transit? |
|
This is a fantastic time, especially since bitwarden is in a bit of strife, and the spec is in draft. Transferring passkeys is not mutually exclusive to the official spec and import mechanisms. |
|
Even with the new exchange format they will probably keep the data around for the database export. If at some point they are changing things and allowing passkeys to be exported only using the new protocol (and export files don't have them anymore), we will support that feature too. |
phoerious
added
pr: new feature
Add Support for passkeys when importing JSON from Bitwarden. Passkey related static attribute names are moved to EntryAttributes.
All attributes can be used directly, except the Credential ID needs to be changed from pseudo-UUID format to a hex array, and to base64 encoded string. Private key is stored as base64 with URL encoding, but KeePassXC expects a normal base64 encoding instead (in PEM string format).
Fixes #10775.
Testing strategy
Manually. Automatic tests added with a new JSON file that includes a single passkey from webauthn.io.
Type of change