|
|
|
|
|
|
by shakna
1981 days ago
|
|
|
> I'm under the impression that the "encrypt master key with the receiver's public key" step is done on-client However, what would prevent them sending two public keys, one for your contact, and one for someone else? Or sending the wrong public key? How is the key exchange itself verified other than "Bitwarden user"? Those questions aren't answered. |
|
|
"To ensure the integrity of your encryption keys, verify the displayed fingerprint phrase with the grantee before completing confirmation."