github.com/cozy/cozy-stack@v0.0.0-20240603063001-31110fa4cae1/docs/diagrams/bitwarden-organization.gv

github.com/cozy/cozy-stack@v0.0.0-20240603063001-31110fa4cae1/docs/diagrams/bitwarden-organization.gv (about)

     1  digraph organization {
     2  	graph [splines=true];
     3  	node [shape="box", fontname="lato", fontsize=11, margin=0.12, color="#297EF2", fontcolor="#32363F"];
     4  	edge [color="#32363F"];
     5  	ranksep=0.7; nodesep=1;
     6  
     7  	subgraph source {
     8  		rank=same; margin=24;
     9  
    10  		cfg [label="Config", color="#7F6BEE", shape="oval"];
    11  		random [label="Random", color="#7F6BEE", shape="oval"];
    12  	}
    13  
    14  	subgraph cluster_server {
    15  		label="Cozy-stack"; labeljust="l"; fontname="lato"; fontsize=12; margin=24;
    16  
    17  		encKey [label="encryptor key"];
    18  		orgKeyS [label="organization key"];
    19  		pubKey [label="public key"];
    20  		encrypt [label="{Encrypt|<algo> Algo: RSA|<key> Key: public key|<payload> Payload: organization key}", shape="record", color="#40DE8E", fillcolor="#F2FAF5", style="filled"];
    21  		encOrgKeyS [label="encrypted org key"];
    22  		nacl [label="{Encrypt|<algo> Algo: NaCL box|<key> Key: encryptor key}", shape="record", color="#40DE8E", fillcolor="#F2FAF5", style="filled"];
    23  		encCozyKey [label="encrypted cozy key"];
    24  		db [label="Database", shape="cylinder", color="#7F6BEE", margin=0.2];
    25  		cipherS [label="cipher"];
    26  	}
    27  
    28  	subgraph cluster_client {
    29  		label="Client bitwarden"; labeljust="r"; fontname="lato"; fontsize=12; margin=24;
    30  
    31  		keyPair [label="{key pair (user)|<pub> public key|<priv> private key}", shape="record"];
    32  		encOrgKeyC [label="encrypted org key"];
    33  		decrypt [label="{Decrypt|<algo> Algo: RSA|<key> Key: private key|<payload> Payload: encrypted key}", shape="record", color="#40DE8E", fillcolor="#F2FAF5", style="filled"];
    34  		orgKeyC [label="organization key"];
    35  
    36  		item [label="item (clear)"];
    37  		aes [label="{Encrypt|<algo> Algo: AES|<key> Key: organization key|<payload> Payload: item}", shape="record", color="#40DE8E", fillcolor="#F2FAF5", style="filled"];
    38  		cipherC [label="cipher"];
    39  	}
    40  
    41  	cfg -> encKey;
    42  	random -> orgKeyS;
    43  	random -> keyPair;
    44  
    45  	pubKey -> encrypt:key;
    46  	orgKeyS -> encrypt:payload;
    47  	encrypt -> encOrgKeyS;
    48  
    49  	encKey -> nacl:key;
    50  	orgKeyS -> nacl [dir="both"];
    51  	nacl -> encCozyKey [dir="both"];
    52  	encCozyKey -> db [dir="both"];
    53  
    54  	keyPair:pub -> pubKey;
    55  	encOrgKeyS -> encOrgKeyC;
    56  
    57  	keyPair:priv -> decrypt:key;
    58  	decrypt:payload -> encOrgKeyC [dir="back"];
    59  	orgKeyC -> decrypt [dir="back"];
    60  
    61  	orgKeyC -> aes:key;
    62  	item -> aes:payload;
    63  	aes -> cipherC;
    64  
    65  	cipherC -> cipherS -> db;
    66  }