[PR #2421] [MERGED] [PM-115] Cipher key encryption update #3558

New Issue

Closed

opened 2025-11-26 23:34:23 -06:00 by GiteaMirror · 0 comments

GiteaMirror commented 2025-11-26 23:34:23 -06:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/bitwarden/android/pull/2421
Author: @fedemkr
Created: 3/20/2023
Status: ✅ Merged
Merged: 9/28/2023
Merged by: @fedemkr

Base: master ← Head: feature/PM-115-encryption-update-new-model

---

📝 Commits (10+)

• 2bb7207 PM-115 Added new cipher key and encryption/decryption mechanisms on cipher
• c8555ef Merge branch 'master' into feature/PM-115-encryption-update-new-model
• a3b18dc PM-115 fix format
• 74190e0 Merge branch 'master' into feature/PM-115-encryption-update-new-model
• 7cdc5a6 Merge branch 'master' into feature/PM-115-encryption-update-new-model
• 1a0e9e9 PM-115 removed ForceKeyRotation from new cipher encryption model given that another approach will be taken
• b150d88 [PM-1690] Added minimum server version restriction to cipher key encryption (#2463)
• bcd47b3 Merge branch 'master' into feature/PM-115-encryption-update-new-model
• e19b86e PM-115 Temporarily Changed cipher key new encryption config to help testing (this change should be reseted eventually)
• 74196f6 Merge branch 'master' into feature/PM-115-encryption-update-new-model

📊 Changes

26 files changed (+241 additions, -85 deletions)

View changed files

📝 src/App/Pages/Vault/AttachmentsPageViewModel.cs (+1 -1)
📝 src/Core/Abstractions/ICipherService.cs (+1 -1)
📝 src/Core/Constants.cs (+2 -0)
📝 src/Core/Models/Data/CipherData.cs (+2 -0)
📝 src/Core/Models/Domain/Attachment.cs (+19 -16)
📝 src/Core/Models/Domain/Card.cs (+2 -2)
📝 src/Core/Models/Domain/Cipher.cs (+40 -18)
📝 src/Core/Models/Domain/Fido2Key.cs (+2 -2)
📝 src/Core/Models/Domain/Field.cs (+2 -2)
📝 src/Core/Models/Domain/Identity.cs (+2 -2)
📝 src/Core/Models/Domain/Login.cs (+4 -4)
📝 src/Core/Models/Domain/LoginUri.cs (+2 -2)
📝 src/Core/Models/Domain/PasswordHistory.cs (+2 -2)
📝 src/Core/Models/Domain/SecureNote.cs (+1 -1)
📝 src/Core/Models/Domain/SymmetricCryptoKey.cs (+7 -1)
📝 src/Core/Models/Export/Cipher.cs (+4 -0)
📝 src/Core/Models/Request/CipherRequest.cs (+2 -0)
📝 src/Core/Models/Response/CipherResponse.cs (+1 -0)
📝 src/Core/Models/View/CipherView.cs (+1 -0)
📝 src/Core/Services/ApiService.cs (+1 -1)

...and 6 more files

📄 Description

Type of change

• Bug fix
• New feature development
• Tech debt (refactoring, code cleanup, dependency upgrades, etc)
• Build/deploy pipeline (DevOps)
• Other

Objective

The cipher will now have its own Key to encrypt/decrypt its content which will be encrypted using the master password or organization key.

This needs server changes to work and clients changes to have the key assigned (given that for now the mobile client won't create the cipher key):

• Server: https://github.com/bitwarden/server/pull/2681
• Clients: https://github.com/bitwarden/clients/pull/5114

Code changes

• Cipher: Added new properties for the key. Added logic to decrypt using the new Key if available, passing such key to the different item types. And updated it to not use hardcoded strings and use nameof().

• CipherService: Updated logic to encrypt the Cipher using the new Key.
  Note: for now the logic of the new Key gets applied only if the Key already exists on the Cipher. The creation of such Key locally will be enabled on a later release to avoid conflicts between clients.

• CipherData: Added new properties for the key.

• CipherRequest, CipherResponse, CipherView: Added new properties for the key.

• Attachment: Updated it to not use hardcoded strings and use nameof() and also added the key as a parameter to support the new approach.

• Card, Field, Identity, Login, LoginUri, PasswordHistory, SecureNote: Added the key as a parameter to support the new approach.

Before you submit

• Please check for formatting errors (dotnet format --verify-no-changes) (required)
• Please add unit tests where it makes sense to do so (encouraged but not required)
• If this change requires a documentation update - notify the documentation team
• If this change has particular deployment requirements - notify the DevOps team

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/bitwarden/android/pull/2421 **Author:** [@fedemkr](https://github.com/fedemkr) **Created:** 3/20/2023 **Status:** ✅ Merged **Merged:** 9/28/2023 **Merged by:** [@fedemkr](https://github.com/fedemkr) **Base:** `master` ← **Head:** `feature/PM-115-encryption-update-new-model` --- ### 📝 Commits (10+) - [`2bb7207`](https://github.com/bitwarden/android/commit/2bb72076ae97b18b3d96209c1633458192720014) PM-115 Added new cipher key and encryption/decryption mechanisms on cipher - [`c8555ef`](https://github.com/bitwarden/android/commit/c8555ef1e70390865d390dabcc0d1b5d922fceba) Merge branch 'master' into feature/PM-115-encryption-update-new-model - [`a3b18dc`](https://github.com/bitwarden/android/commit/a3b18dced6a5e7ac7c8a09d447c40d5c43ca2b1b) PM-115 fix format - [`74190e0`](https://github.com/bitwarden/android/commit/74190e0125aa07819159716fdc30f97b74007d70) Merge branch 'master' into feature/PM-115-encryption-update-new-model - [`7cdc5a6`](https://github.com/bitwarden/android/commit/7cdc5a62331eca9b93e887dde1000057e3e12d42) Merge branch 'master' into feature/PM-115-encryption-update-new-model - [`1a0e9e9`](https://github.com/bitwarden/android/commit/1a0e9e961d36a5d1818f2398a9f5d99a717dd7ac) PM-115 removed ForceKeyRotation from new cipher encryption model given that another approach will be taken - [`b150d88`](https://github.com/bitwarden/android/commit/b150d883c03b68da2d0737fb1de915ff7701bfb8) [PM-1690] Added minimum server version restriction to cipher key encryption (#2463) - [`bcd47b3`](https://github.com/bitwarden/android/commit/bcd47b3b3e14b19580a006e9af7b15ed58a5fbbd) Merge branch 'master' into feature/PM-115-encryption-update-new-model - [`e19b86e`](https://github.com/bitwarden/android/commit/e19b86ee003358cdc81318dad429bc6572bffe90) PM-115 Temporarily Changed cipher key new encryption config to help testing (this change should be reseted eventually) - [`74196f6`](https://github.com/bitwarden/android/commit/74196f6ecf1d14ec7506f2db4c81f7718b86adfb) Merge branch 'master' into feature/PM-115-encryption-update-new-model ### 📊 Changes **26 files changed** (+241 additions, -85 deletions) <details> <summary>View changed files</summary> 📝 `src/App/Pages/Vault/AttachmentsPageViewModel.cs` (+1 -1) 📝 `src/Core/Abstractions/ICipherService.cs` (+1 -1) 📝 `src/Core/Constants.cs` (+2 -0) 📝 `src/Core/Models/Data/CipherData.cs` (+2 -0) 📝 `src/Core/Models/Domain/Attachment.cs` (+19 -16) 📝 `src/Core/Models/Domain/Card.cs` (+2 -2) 📝 `src/Core/Models/Domain/Cipher.cs` (+40 -18) 📝 `src/Core/Models/Domain/Fido2Key.cs` (+2 -2) 📝 `src/Core/Models/Domain/Field.cs` (+2 -2) 📝 `src/Core/Models/Domain/Identity.cs` (+2 -2) 📝 `src/Core/Models/Domain/Login.cs` (+4 -4) 📝 `src/Core/Models/Domain/LoginUri.cs` (+2 -2) 📝 `src/Core/Models/Domain/PasswordHistory.cs` (+2 -2) 📝 `src/Core/Models/Domain/SecureNote.cs` (+1 -1) 📝 `src/Core/Models/Domain/SymmetricCryptoKey.cs` (+7 -1) 📝 `src/Core/Models/Export/Cipher.cs` (+4 -0) 📝 `src/Core/Models/Request/CipherRequest.cs` (+2 -0) 📝 `src/Core/Models/Response/CipherResponse.cs` (+1 -0) 📝 `src/Core/Models/View/CipherView.cs` (+1 -0) 📝 `src/Core/Services/ApiService.cs` (+1 -1) _...and 6 more files_ </details> ### 📄 Description ## Type of change - [ ] Bug fix - [X] New feature development - [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [ ] Build/deploy pipeline (DevOps) - [ ] Other ## Objective <!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding--> The cipher will now have its own `Key` to encrypt/decrypt its content which will be encrypted using the master password or organization key. This needs server changes to work and clients changes to have the key assigned (given that for now the mobile client won't create the cipher key): - Server: [https://github.com/bitwarden/server/pull/2681](https://github.com/bitwarden/server/pull/2681 ) - Clients: [https://github.com/bitwarden/clients/pull/5114](https://github.com/bitwarden/clients/pull/5114) ## Code changes <!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes--> <!--Also refer to any related changes or PRs in other repositories--> * **Cipher:** Added new properties for the key. Added logic to decrypt using the new `Key` if available, passing such key to the different item types. And updated it to not use hardcoded strings and use `nameof()`. * **CipherService:** Updated logic to encrypt the `Cipher` using the new `Key`. _Note: for now the logic of the new `Key` gets applied only if the `Key` already exists on the `Cipher`. The creation of such `Key` locally will be enabled on a later release to avoid conflicts between clients._ * **CipherData:** Added new properties for the key. * **CipherRequest, CipherResponse, CipherView:** Added new properties for the key. * **Attachment:** Updated it to not use hardcoded strings and use `nameof()` and also added the `key` as a parameter to support the new approach. * **Card, Field, Identity, Login, LoginUri, PasswordHistory, SecureNote:** Added the `key` as a parameter to support the new approach. ## Before you submit - Please check for formatting errors (`dotnet format --verify-no-changes`) (required) - Please add **unit tests** where it makes sense to do so (encouraged but not required) - If this change requires a **documentation update** - notify the documentation team - If this change has particular **deployment requirements** - notify the DevOps team --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

GiteaMirror added the pull-request label 2025-11-26 23:34:23 -06:00

GiteaMirror closed this issue 2025-11-26 23:34:23 -06:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

android-collections

PM-29829/duplicate-items-created-scanning-qrcode

sdlc/sdk-update

PM-25654-preview-attachment

cx/android-architect-agent

PM-30130-remove-archive-feature-flag

premium-upgrade/PM-33510-billing-manager

llm/add-resolving-sdk-updates-skill

premium-upgrade/PM-33509-billing-repository

QA-1523/sanity-test-saucelabs

release/2026.3-rc48

PM-24380/flight-recorder-redact-hostname

PM-26577-app-links-support

PM-26896-autofill-fix

release/2026.2-rc47

PM-32714/fallback-to-web-vault-host

pr-6572

PM-28834/setting-app-layout-horizonos

release/2026.2-rc46

release/2026.1-rc45

PM-30644/added-logs-for-debug

PM-30644/quicktile-nav-not-showing-migration

minor-gradle-updates

release/2026.1-rc42

release/2026.1-rc44

release/2026.1-rc43

PM-28834/set-landscape-on-horizonos-devices

context-rules

devclarity/update-code-review-command

PM-20026/force-ltr-passwords-and-codes

release/2025.12-rc41

cmcg/testCoverage

PM-29014/talkback-support-for-passwords

release/2025.12-rc40

BRE-1305/publish_test

accept-user-certs

autofill-permissions

release/2025.11-rc39

PM-22479/check-all-certificates-validate-asset-links

release/2025.10-rc38

agalles/android-latest

optimize-test-workflows

tier2-test-sharding

retro-agent

PM-27001/skip-account-selection-only-one-exists-cxp

release/2025.10-rc37

agalles/test-1118

release/2025.10-rc36

PM-20593-token-refresh

QA-1126b/adding-native-sanity-test

release/2025.9-rc35

pm-25933/sdk-update-password

release/2025.9-rc34

release/2025.8-rc33

agalles/20250821-release

debug-release-issues

pm-24249-allow-automated-prs-for-sdk-updates

release/2025.8-rc32

release/WORKFLOW-TEST-2025.8-rc28

agalles/20250807release

release/2025.07-rc25

release/hotfix-v2025.7.0-bwa

pm-23311/export-vault-policy-bypass

release/2025.07-rc24

authenticator-pm-sync-flags-issue

ps/implement-sdk-repository-example

release/hotfix-v2025.6.0-bwpm

release/2025.06-rc21

agalles/automate-android-fastlane-patch

release/2025.05-rc20

release/2025.04-rc19

languages/basque

release/2025.03-rc19

update-readme

qrcode/feature

innovation/archive/pm-19153-archive-items

qrcode/2-ui-fields

qrcode/1-page

hold-on-biometric-prompt-alternative

release-notes-process

release/2025.02-rc16

bwa-monorepo

PM-8223/new-device-verification-ux-improvements

pm-18451/exempt-from-policies

test-bwa

cs-workaround-linked-0-copy

release/2025.01-rc15

release/2025.01-rc14

release/2024.12-rc13

pm-16670/sync-leave-notice

821

PM-16695/backport-lean-more-new-device-verification

km/15084-testing

release/hotfix-v2024.11.7

release/2024.11-rc1

pm-11304/collection-add-item-button

PM-14241/disabling-logs-app-crash

poc/offline-editing

new-version-calc

pm-11649/expired-link-services

pm-6702/add-feature-flag

pm-6702/email-verification-feature

pm-9933/marketing-copy-update

pm-6702/registration-flows

update-templates

pm-6701/email-verification-selfhost-registration

v2026.2.1-bwpm

v2026.2.1-bwa

v2026.2.0-bwpm

v2026.2.0-bwa

v2026.1.1-bwa

v2026.1.1-bwpm

temp-test

v2026.1.0-bwpm

v2026.1.0-bwa

v2025.12.1-bwa

v2025.12.1-bwpm

v2025.12.0-bwa

v2025.12.0-bwpm

v2025.11.1-bwpm

v2025.11.1-bwa

v2025.11.0-bwpm

v2025.11.0-bwa

v2025.10.1-bwa

v2025.10.1-bwpm

v2025.10.0-bwa

v2025.10.0-bwpm

v2025.9.1-bwa

v2025.9.1-bwpm

v2025.9.0-bwa

v2025.9.0-bwpm

v2025.8.1-bwa

v2025.8.1-bwpm

v2025.8.0-bwa

v2025.8.0-bwpm

v2025.7.2-bwa

v2025.7.2-bwpm

v2025.7.1-bwa

v2025.7.1-bwpm

v2025.7.0-bwa

v2025.7.0-bwpm

v2025.6.1-bwpm

v2025.6.0-bwa

v2025.6.0-bwpm

v2025.1.0-bwa

v2025.5.0-bwa

v2025.5.0-bwpm

v2025.5.999

2025.4.0

v2025.4.0

untagged-4731eaadac73f3dfbbb8

v2025.3.0

v2025.2.0

untagged-815a165c5d70ffe75bc7

v2025.1.2

v2025.1.1

v2025.1.0

v2024.12.0

untagged-5a76b6392a4c8998c63a

v2024.11.7

v2024.11.6

v2024.11.5

v2024.11.4

v2024.11.3

v2024.11.2

v2024.11.1

v2024.11.0

v2024.10.2

v2024.10.1

v2024.10.0

v2024.9.0

v2024.8.1

v2024.8.0

v2024.7.3

v2024.7.2

v2024.7.1

v2024.7.0

v2024.6.1

v2024.6.0

v2024.5.1

v2024.4.1

v2024.4.2

v2024.4.0

v2024.3.3

v2024.3.1

v2024.3.0

v2024.2.1

v2024.2.0

v2024.1.1

v2024.1.0

v2023.12.0

v2023.10.0

v2023.9.2

maui-single-project-android

v2023.9.1

v2023.9.0

v2023.8.0

v2023.7.0

v2023.5.0

v2023.4.0

v2023.3.2

v2023.3.1

v2023.3.0

v2023.2.0

v2023.1.0

v2022.11.0

v2022.10.0

v2022.9.1

v2022.9.0

v2022.8.0

v2022.6.2

v2022.6.1

v2022.6.0

v2022.05.0

v2.18.0

v2.17.0

v2.16.4

v2.16.3

v2.16.2

v2.16.1

v2.15.0

v2.14.2

v2.14.1

v2.14.0

v2.13.0

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.0

v2.9.1

v2.9.0

v2.8.2

v2.8.1

v2.8.0

v2.7.2

v2.7.0

v2.6.1

v2.6.0

v2.5.6

v.2.5.5

v2.5.5

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.1

v2.3.0

v2.2.8

v2.2.7

v2.2.6

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.0

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.22.1

v1.22.0

v1.21.0

v1.20.0

v1.19.0

v1.18.1

v1.18.0

v1.17.0

v1.16.0

v1.15.2

v1.15.1

v1.15.0

v1.14.4

v1.14.1

v1.14.0

v1.13.0

v1.12.2

v1.12.1

v1.12.0

v1.11.1

v1.11.0

v1.10.0

v1.9.0

v1.8.1

v1.8.0

v1.7.0

v1.6.5

v1.6.1

v1.6.0

v1.5.1

v1.5.0

v1.4.4

v1.4.3

v1.4.0

v1.3.0

v1.2.1

v1.2.0

v1.1.0

v1.0.0

v0.0.6

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.1

Labels

Clear labels

app:authenticator

app:password-manager

bug

bug-passkey

customer-support

duplicate

enhancement

good first issue

help wanted

needs-reply

needs-response

pull-request

Mirrored from GitHub Pull Request

question

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/android#3558