crypto

package
v0.0.0-...-d1189bc Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 8, 2026 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Overview

Package crypto implements the Bitwarden client-side encryption primitives. It covers key derivation (PBKDF2, Argon2id), key stretching (HKDF), AES-256-CBC + HMAC-SHA256 encryption, RSA-OAEP key exchange, the Bitwarden EncString format, and Send key derivation.

Index

Constants

View Source 
const (
	KdfTypePBKDF2 = 0
	KdfTypeArgon2 = 1
)

KDF type constants matching the Bitwarden API.

View Source 
const RSAKeySize = 2048

RSAKeySize is the key size used by Bitwarden for RSA key pairs.

View Source 
const SendSecretSize = 16

SendSecretSize is the size in bytes of the random secret generated for each Bitwarden Send (128 bits).

Variables

This section is empty.

Functions

func Decrypt 

func Decrypt(iv, ct, mac, encKey, macKey []byte) ([]byte, error)

Decrypt verifies the HMAC-SHA256 MAC and then decrypts AES-256-CBC ciphertext, removing PKCS7 padding.

func DecryptPrivateKey 

func DecryptPrivateKey(encPrivateKey EncString, symKey *SymmetricKey) ([]byte, error)

DecryptPrivateKey decrypts an RSA private key that is stored encrypted in the vault (as a type 2 EncString).

func DeriveKey 

func DeriveKey(password, salt []byte, kdfType, iterations int, memory, parallelism *int) ([]byte, error)

DeriveKey derives a 32-byte master key from a password and salt using the specified KDF algorithm. For PBKDF2 the salt is typically the user's email (lowercased). For Argon2id the salt is a raw 32-byte value returned by the server.

func EncodeSendSecret 

func EncodeSendSecret(secret []byte) string

EncodeSendSecret encodes a Send secret as a base64url string suitable for use in a Send access URL fragment.

func Encrypt 

func Encrypt(data, encKey, macKey []byte) (iv, ct, mac []byte, err error)

Encrypt encrypts data using AES-256-CBC with PKCS7 padding and produces an HMAC-SHA256 MAC over (iv || ciphertext).

func EncryptOrgKeyForMember 

func EncryptOrgKeyForMember(orgKey *SymmetricKey, memberPublicKeyDER []byte) (string, error)

EncryptOrgKeyForMember RSA-encrypts an organization's symmetric key using a member's public key. Returns the encrypted key as a type 4 EncString in its string form.

func GenerateRSAKeyPair 

func GenerateRSAKeyPair() (publicKeyDER, privateKeyDER []byte, err error)

GenerateRSAKeyPair generates a new RSA-2048 key pair and returns the public key in PKIX DER format and private key in PKCS8 DER format.

func GenerateSendSecret 

func GenerateSendSecret() ([]byte, error)

GenerateSendSecret generates a 16-byte (128-bit) cryptographically random secret for a new Send.

func HashPassword 

func HashPassword(password string, masterKey []byte) string

HashPassword produces the master password hash sent to the server for authentication. It computes PBKDF2-SHA256(masterKey, password, 1) and returns the base64-encoded result.

func PublicKeyFromPrivate 

func PublicKeyFromPrivate(privateKeyDER []byte) ([]byte, error)

PublicKeyFromPrivate extracts the public key in DER format from a private key DER.

func RSADecrypt 

func RSADecrypt(data, privateKeyDER []byte) ([]byte, error)

RSADecrypt decrypts data using RSA-OAEP with SHA-1.

func RSADecryptEncString 

func RSADecryptEncString(enc EncString, privateKeyDER []byte) ([]byte, error)

RSADecryptEncString decrypts a type 4 EncString using an RSA private key.

func RSAEncrypt 

func RSAEncrypt(data, publicKeyDER []byte) ([]byte, error)

RSAEncrypt encrypts data using RSA-OAEP with SHA-1 (as Bitwarden uses).

func StretchKey 

func StretchKey(masterKey []byte) ([]byte, error)

StretchKey stretches a 32-byte master key into a 64-byte key using HKDF-SHA256. The first 32 bytes are the encryption key ("enc"), the second 32 bytes are the MAC key ("mac").

Types

type EncString 

type EncString struct {
	Type int
	IV   []byte // only for type 2
	CT   []byte
	MAC  []byte // only for type 2
}

EncString represents a Bitwarden encrypted string.

Format:

  • Type 2 (AES-CBC-256 + HMAC): "2.base64(iv)|base64(ct)|base64(mac)"
  • Type 4 (RSA-OAEP-SHA1): "4.base64(rsaEncryptedData)"

func EncryptToEncString 

func EncryptToEncString(plaintext []byte, key *SymmetricKey) (EncString, error)

EncryptToEncString encrypts plaintext and returns a type 2 EncString.

func ParseEncBytes 

func ParseEncBytes(data []byte) (EncString, error)

ParseEncBytes parses a Bitwarden encrypted string from its binary format.

func ParseEncString 

func ParseEncString(s string) (EncString, error)

ParseEncString parses a Bitwarden encrypted string into its components.

func (EncString) Decrypt 

func (e EncString) Decrypt(key *SymmetricKey) ([]byte, error)

Decrypt decrypts a type 2 EncString using the given SymmetricKey. For type 4 (RSA), use RSADecryptEncString instead.

func (EncString) IsZero 

func (e EncString) IsZero() bool

IsZero returns true if the EncString is uninitialized.

func (EncString) String 

func (e EncString) String() string

String serializes the EncString back to its Bitwarden wire format.

func (EncString) ToBytes 

func (e EncString) ToBytes() []byte

ToBytes packs the EncString into Bitwarden's binary format. Format for type 2: Type (1 byte) + IV (16) + MAC (32) + CT

type SymmetricKey 

type SymmetricKey struct {
	EncKey []byte // 32 bytes – AES-256 key
	MacKey []byte // 32 bytes – HMAC-SHA256 key
}

SymmetricKey holds a 64-byte key split into a 32-byte encryption key and a 32-byte MAC key. This is used for both the user's vault encryption key and organization keys.

func DecryptSymmetricKey 

func DecryptSymmetricKey(protectedKey EncString, stretchedKey []byte) (*SymmetricKey, error)

DecryptSymmetricKey decrypts the server-stored protected symmetric key using the stretched master key.

func DeriveSendKey 

func DeriveSendKey(secret []byte) (*SymmetricKey, error)

DeriveSendKey derives a 64-byte SymmetricKey from a 16-byte Send secret using HKDF-SHA256 with "bitwarden-send" as the salt and "send" as the info parameter. The first 32 bytes are the encryption key, the second 32 bytes the MAC key.

func GenerateSymmetricKey 

func GenerateSymmetricKey() (*SymmetricKey, error)

GenerateSymmetricKey creates a new random 64-byte symmetric key using a cryptographically secure random number generator.

func MakeSymmetricKey 

func MakeSymmetricKey(stretched []byte) (*SymmetricKey, error)

MakeSymmetricKey creates a SymmetricKey from a 64-byte stretched key.

func SendKeyFromAccessURL 

func SendKeyFromAccessURL(urlFragment string) (*SymmetricKey, error)

SendKeyFromAccessURL decodes a base64url-encoded secret from a Send access URL fragment and derives the Send encryption key.

func (*SymmetricKey) Bytes 

func (sk *SymmetricKey) Bytes() []byte

Bytes returns the full 64-byte key (enc + mac concatenated).

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.