github.com/cozy/cozy-stack@v0.0.0-20240603063001-31110fa4cae1/docs/diagrams/bitwarden-onboarding.gv

github.com/cozy/cozy-stack@v0.0.0-20240603063001-31110fa4cae1/docs/diagrams/bitwarden-onboarding.gv (about)

     1  digraph bitwarden {
     2  	graph [splines=true];
     3  	node [shape="box", fontname="lato", fontsize=11, margin=0.12, color="#297EF2", fontcolor="#32363F"];
     4  	edge [color="#32363F"];
     5  	ranksep=0.45; nodesep=0.6;
     6  
     7  	subgraph source {
     8  		rank=same; margin=24;
     9  
    10  		user [label="User", color="#7F6BEE", shape="oval"];
    11  		random [label="Random", color="#7F6BEE", shape="oval"];
    12  	}
    13  
    14  	subgraph cluster_client {
    15  		label="Client bitwarden"; labeljust="l"; fontname="lato"; fontsize=12; margin=24;
    16  
    17  		symKey [label="{symmetric key| enc key (256 bits) | mac key (256 bits)}", shape="record"];
    18  		iv [label="iv (128 bits)"];
    19  		makeKey [label="{Encrypt| Algo: AES |<key> Key: master key |<payload> Payload: symmetric key |<iv> IV: iv}", shape="record", color="#40DE8E", fillcolor="#F2FAF5", style="filled"];
    20  		protectedKey [label="protected key\n(key)"]
    21  
    22  		masterPassword [label="master password"];
    23  		email [label="email\n(me@<domain>)"];
    24  		kdfOne [label="{Hash| Algo: PBKDF2 - SHA256 | Iterations: 100_000 |<payload> Payload: master password |<salt> Salt: email}", shape="record", color="#40DE8E", fillcolor="#F2FAF5", style="filled"];
    25  		masterKey [label="master key\n(internal key)"];
    26  		kdfTwo [label="{Hash| Algo: PBKDF2 - SHA256 | Iterations: 1 |<payload> Payload: master key |<salt> Salt: master password | Iterations: 1}", shape="record", color="#40DE8E", fillcolor="#F2FAF5", style="filled"];
    27  		hashedPasswordC [label="hashed password\n(derivated passphrase)"];
    28  	}
    29  
    30  	subgraph cluster_server {
    31  		label="Cozy-stack"; labeljust="l"; fontname="lato"; fontsize=12; margin=24;
    32  
    33  		keyS [label="key"];
    34  		hashedPasswordS [label="hashed password"];
    35  		scrypt [label="{Hash| Algo: Scrypt}", shape="record", color="#40DE8E", fillcolor="#F2FAF5", style="filled"];
    36  		hashPass [label="passphrase hash"];
    37  		db [label="Database", shape="cylinder", color="#7F6BEE", margin=0.2];
    38  	}
    39  
    40  	random -> iv;
    41  	random -> symKey;
    42  	user -> masterPassword;
    43  	user -> email;
    44  
    45  	masterKey -> makeKey:key;
    46  	symKey -> makeKey:payload;
    47  	iv -> makeKey:iv;
    48  	makeKey -> protectedKey;
    49  
    50  	masterPassword -> kdfOne:payload;
    51  	email -> kdfOne:salt;
    52  	kdfOne -> masterKey;
    53  
    54  	masterKey -> kdfTwo:payload;
    55  	masterPassword -> kdfTwo:salt;
    56  	kdfTwo -> hashedPasswordC;
    57  
    58  	hashedPasswordC -> hashedPasswordS -> scrypt -> hashPass -> db;
    59  	protectedKey -> keyS -> db;
    60  }