[judge2020]

I'm under the impression that the "encrypt master key with the receiver's public key" step is done on-client, so you could verify that the master key isn't being stored the same way you can very they're not sending the master key when logging into the web ui: looking at devtools and seeing everything that leaves the network.

[e12e]

It's a little too much to sort through on mobile, but I believe this is a reasonable place to start looking (this is the web app, the server might be worth a look too). As far as I can figure out, it's not part of the cli client.

https://github.com/bitwarden/web/commit/3c5a972bc9e959c5ced9...

Reminder: bitwarden isn't just an awesome service, it's also committed to open source!

[shakna]

> I'm under the impression that the "encrypt master key with the receiver's public key" step is done on-client

However, what would prevent them sending two public keys, one for your contact, and one for someone else? Or sending the wrong public key?

How is the key exchange itself verified other than "Bitwarden user"?

Those questions aren't answered.

[warkdarrior]

They are answered right in the help article: https://bitwarden.com/help/article/emergency-access/#confirm...

"To ensure the integrity of your encryption keys, verify the displayed fingerprint phrase with the grantee before completing confirmation."

[shakna]

So keys aren't verified at all. That seems like something that needs more than a single sentence that comes _after_ they explain the confirmation process.