github.com/cozy/cozy-stack@v0.0.0-20240603063001-31110fa4cae1/docs/diagrams/bitwarden-organization.gv (about) 1 digraph organization { 2 graph [splines=true]; 3 node [shape="box", fontname="lato", fontsize=11, margin=0.12, color="#297EF2", fontcolor="#32363F"]; 4 edge [color="#32363F"]; 5 ranksep=0.7; nodesep=1; 6 7 subgraph source { 8 rank=same; margin=24; 9 10 cfg [label="Config", color="#7F6BEE", shape="oval"]; 11 random [label="Random", color="#7F6BEE", shape="oval"]; 12 } 13 14 subgraph cluster_server { 15 label="Cozy-stack"; labeljust="l"; fontname="lato"; fontsize=12; margin=24; 16 17 encKey [label="encryptor key"]; 18 orgKeyS [label="organization key"]; 19 pubKey [label="public key"]; 20 encrypt [label="{Encrypt|<algo> Algo: RSA|<key> Key: public key|<payload> Payload: organization key}", shape="record", color="#40DE8E", fillcolor="#F2FAF5", style="filled"]; 21 encOrgKeyS [label="encrypted org key"]; 22 nacl [label="{Encrypt|<algo> Algo: NaCL box|<key> Key: encryptor key}", shape="record", color="#40DE8E", fillcolor="#F2FAF5", style="filled"]; 23 encCozyKey [label="encrypted cozy key"]; 24 db [label="Database", shape="cylinder", color="#7F6BEE", margin=0.2]; 25 cipherS [label="cipher"]; 26 } 27 28 subgraph cluster_client { 29 label="Client bitwarden"; labeljust="r"; fontname="lato"; fontsize=12; margin=24; 30 31 keyPair [label="{key pair (user)|<pub> public key|<priv> private key}", shape="record"]; 32 encOrgKeyC [label="encrypted org key"]; 33 decrypt [label="{Decrypt|<algo> Algo: RSA|<key> Key: private key|<payload> Payload: encrypted key}", shape="record", color="#40DE8E", fillcolor="#F2FAF5", style="filled"]; 34 orgKeyC [label="organization key"]; 35 36 item [label="item (clear)"]; 37 aes [label="{Encrypt|<algo> Algo: AES|<key> Key: organization key|<payload> Payload: item}", shape="record", color="#40DE8E", fillcolor="#F2FAF5", style="filled"]; 38 cipherC [label="cipher"]; 39 } 40 41 cfg -> encKey; 42 random -> orgKeyS; 43 random -> keyPair; 44 45 pubKey -> encrypt:key; 46 orgKeyS -> encrypt:payload; 47 encrypt -> encOrgKeyS; 48 49 encKey -> nacl:key; 50 orgKeyS -> nacl [dir="both"]; 51 nacl -> encCozyKey [dir="both"]; 52 encCozyKey -> db [dir="both"]; 53 54 keyPair:pub -> pubKey; 55 encOrgKeyS -> encOrgKeyC; 56 57 keyPair:priv -> decrypt:key; 58 decrypt:payload -> encOrgKeyC [dir="back"]; 59 orgKeyC -> decrypt [dir="back"]; 60 61 orgKeyC -> aes:key; 62 item -> aes:payload; 63 aes -> cipherC; 64 65 cipherC -> cipherS -> db; 66 }