[PM-10938] Import ssh-keys from 1password 1pux #10787
Draft
+132
−0
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
New Issues
|
quexten
reviewed
Aug 29, 2024
There was a problem hiding this comment.
Potential blocker: From the sample key it seems that 1Password uses the legacy PKCS#8 format for private keys. The library we use in rust for parsing keys (https://github.com/RustCrypto/SSH/tree/master/ssh-key) only supports the modern OPENSSH format. So either, we have to use another library on the fly to convert them, or convert them on import. Either way this will become a problem. (I'll have to note this on the regular import ticket as well)
@djsmith85 Any preference on converting during import or converting on the fly during usage? (it would mean blocking import until we either have a js library for parsing or add rust to web, but we would have a consistent format for private keys)
I'm leaning towards on import, so that we just have one consistent format (openssh) in the vault ciphers.
|
@quexten Usually I'd say the conversion needs to happen on import, as the target system dictates what is supported. I'll need to look into libraries then to convert PKCS#8 to OPENSSH. Idea for a future improvement: Adding support for users to manually add PKCS#8 into their vault and convert it on save? |
Base automatically changed from
auth/pm-10395/ssh-keys-item-type
to
feature/ssh-keys
August 30, 2024 14:16
quexten
force-pushed
the
tools/PM-10938/1pux-ssh-key-import
branch
from
1d33726
to
5bda3d1
Compare
|
@djsmith85 Merge & squashing the target branch PR to the feature branch added all the squashed commits to your PR's diff (since they were squashed in the target) so I did an interactive rebase & force push to not have this PR be convoluted. Sorry about the inconvenience. |
|
@djsmith85 Adding support for PKCS#8 parsing to rust importing code here: #11048, this will be ported over to sdk later on. Once sdk is included in all clients, it should not matter what format 1password provides, it will be parsed either way. For now users should be able to either go the 1password->file-openssh->bitwarden-desktop-import or 1password->copypaste-pkcs#8->bitwarden-desktop route. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🎟️ Tracking
https://bitwarden.atlassian.net/browse/PM-10938
📔 Objective
With the introduction of the SSH keys item type, we can now also support importing ssh keys from other password managers. This add support for 1password's 1pux format.
The 1pux format has changed and the updates to fix it have been done at #10778. This PR requires the aforementioned to be merged first
⏰ Reminders before review
🦮 Reviewer guidelines
:+1:) or similar for great changes:memo:) or ℹ️ (:information_source:) for notes or general info:question:) for questions:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion:art:) for suggestions / improvements:x:) or:warning:) for more significant problems or concerns needing attention:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt:pick:) for minor or nitpick changes