Skip to content

[PM-24128] New Pin service, using PasswordProtectedKeyEnvelope #15863

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 79 commits into from
Oct 17, 2025
Merged

[PM-24128] New Pin service, using PasswordProtectedKeyEnvelope #15863

merged 79 commits into from
Oct 17, 2025

Conversation

@quexten
Copy link
Contributor

@quexten quexten commented Jul 31, 2025
edited
Loading

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-24128

📔 Objective

This migrates PIN service to use the new password-protected key envelope. For ephemeral PINs, support for the old format is immediately dropped, except for migrations of existing persistent PINs, which are migrated.

Overall, this both migrates to the new encryption primitive, but also simplifies the interface of the PIN service, no longer leaking the encryption details out of the service. You only provide userid / PIN, as the consumer, but the cryptographic details are hidden in the service.

Ephemeral PINs

For ephemeral PINs, support for the old format is immediately dropped, and a new state is introduced. This is fine and requires no migration, because the ephemeral PinProtectedKeyEnvelope is generated from the pin after unlock every time.

Persistent PINs

For persistent PINs, the same mechanism as for ephemeral PINs is used to migrate to the new PIN format, if the old format is detected. The PIN is used to create a new envelope, which is saved to disk, and the old states are wiped.

📸 Screenshots

Ephemeral PIN - First APP boot:

Screen.Recording.2025-08-01.at.15.16.26.mov

Ephemeral PIN - Setup

Screen.Recording.2025-08-01.at.15.15.35.mov

Persistent PIN - Setup

Screen.Recording.2025-08-01.at.15.21.30.mov

Legacy Persistent PIN - Migrate

Screen.Recording.2025-08-01.at.15.14.23.mov

⏰ Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • ❓ (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

coroiu and others added 21 commits May 27, 2025 12:20
@coroiu
fix: broken SDK interface
769fe1b
@Hinton
Fix all compile errors related to uuids
568ac8b
@Hinton
Merge branch 'main' of github.com:bitwarden/clients into arch/uuids
f638719 
# Conflicts:
#	libs/common/src/platform/services/sdk/default-sdk.service.ts
@quexten
Update usages of sdk to type-safe SDK type
9f4cae8
@quexten
Update sdk version
fdb038b
@quexten
Merge branch 'main' into km/encstring-sdk
1660428
@quexten
Update to "toSdk"
f57c59f
@quexten
Merge branch 'km/encstring-sdk' of github.com:bitwarden/clients into …
6315a46 
…km/encstring-sdk
@quexten
Move pin service to km ownership
7a9a614
@quexten
Run format
e626314
@quexten
Eslint
d7cdbcf
@quexten
Fix tsconfig
3ab3160
@quexten
Fix imports and test
7320305
@quexten
Clean up imports
93df2b1
@quexten
Pin tmp
f6f8949
@quexten
Merge branch 'main' into km/encstring-sdk
6a6e8a1
@quexten
Merge branch 'km/encstring-sdk' into km/new-pin-service-interface
55dc331
@quexten
Initial version of updated pin service
a149716
@quexten
Add tests
619688a
@quexten
Rename function
06fbb6e
@quexten
Merge branch 'main' into km/new-pin-service-interface
49427c0
@github-actions
Copy link
Contributor

github-actions bot commented Jul 31, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Details82db20a8-2ef6-4562-9079-52acbb779ca7

Great job! No new security vulnerabilities introduced in this pull request

@quexten quexten changed the title New Pin service, using PasswordProtectedKeyEnvelope [PM-24128] New Pin service, using PasswordProtectedKeyEnvelope Jul 31, 2025
@quexten quexten changed the base branch from main to km/pin-service-km-ownership August 1, 2025 16:13
@quexten quexten changed the base branch from km/pin-service-km-ownership to main August 1, 2025 16:13
Hinton added 2 commits August 22, 2025 12:31
@Hinton
Merge branch 'main' of github.com:bitwarden/clients into arch/uuids
30b7db7 
# Conflicts:
#	libs/common/src/platform/services/sdk/default-sdk.service.ts
#	libs/common/src/vault/models/domain/cipher.ts
#	libs/common/src/vault/models/view/cipher.view.ts
@Hinton
Fix browser desktop
77f4d00
@quexten
Copy link
Contributor Author

quexten commented Oct 8, 2025

PR has been updated to include a separate PinStateService to resolve a DI cycle. The DI cycle here is still an issue for KM and requires further work (possibly in other team's code), but it no longer blocks this specific PR.

JaredSnider-Bitwarden
JaredSnider-Bitwarden previously approved these changes Oct 8, 2025
View reviewed changes
Copy link
Contributor

@JaredSnider-Bitwarden JaredSnider-Bitwarden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auth files still look good!

Thomas-Avery
Thomas-Avery previously approved these changes Oct 8, 2025
View reviewed changes
Copy link
Contributor

@Thomas-Avery Thomas-Avery left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

coroiu
coroiu previously approved these changes Oct 14, 2025
View reviewed changes
Thomas-Avery
Thomas-Avery previously approved these changes Oct 14, 2025
View reviewed changes
@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 17, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@bw-ghapp
Copy link
Contributor

bw-ghapp bot commented Oct 17, 2025

Changes in this PR impact the Autofill experience of the browser client

BIT has tested the core experience with these changes and the feature flag configuration used by vault.bitwarden.com.

✅ Fortunately, these BIT tests have passed! 🎉

@bw-ghapp
Copy link
Contributor

bw-ghapp bot commented Oct 17, 2025

Changes in this PR impact the Autofill experience of the browser client

BIT has tested the core experience with these changes and all feature flags disabled.

✅ Fortunately, these BIT tests have passed! 🎉

@quexten quexten merged commit a860f21 into main Oct 17, 2025
116 of 117 checks passed
@quexten quexten deleted the km/new-pin-service-interface branch October 17, 2025 14:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coroiu coroiu coroiu approved these changes

@Thomas-Avery Thomas-Avery Thomas-Avery approved these changes

@JaredSnider-Bitwarden JaredSnider-Bitwarden JaredSnider-Bitwarden approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@quexten @coroiu @Thomas-Avery @JaredSnider-Bitwarden @jlf0dev @Hinton