Hacker News new | ask | show | jobs
by GCUMstlyHarmls 325 days ago
This got me to check Bitwardens account export, which does not include any private keys making the backup "incomplete" in terms of importing it into a separate platform.

I guess this is by design, the user can't self "own", but they also cant self own the data. It does look a bit like lock-in though.

I was recently looking at Pocket-ID as a SSO for my home lab, which only supports passkeys by design. In that context I can probably hack the gibson and get into my accounts if something went wrong, but it does make me uneasy about a future where most sites only accept a passkey.
2 comments
Disposal8433 325 days ago
Bitwarden says that "Passkeys are included in .json exports from Bitwarden." I'm not sure if it's true but it should be there by now.
link
GCUMstlyHarmls 325 days ago
Actually I may just misinterpret the JSON. It only includes `keyType=public-key` and `keyValue=...`, I was expecting there to be `keyType=public-key` and `keyType=private-key`, but perhaps keyType is impliying the authentication method and the keyValue is my private key?

They certainly are included, but whether they're included in a way that you can use them elsewhere, vs re-importing them into the same bitwarden account (something their vault has options to do if you encrypt the export), I'm not sure. I should spin up the vaultwarden clone and see if it correctly imports it.

    {
      "passwordHistory": null,
      "revisionDate": "2025-08-04T03:02:03.600Z",
      "creationDate": "2025-08-04T03:02:03.140Z",
      "deletedDate": null,
      "id": "<UUID>",
      "organizationId": null,
      "folderId": null,
      "type": 1,
      "reprompt": 0,
      "name": "abcdef",
      "notes": null,
      "favorite": false,
      "login": {
        "uris": [
          {
            "match": null,
            "uri": "https://<URL>"
          }
        ],
        "fido2Credentials": [
          {
            "credentialId": "<UUID>",
            "keyType": "public-key",
            "keyAlgorithm": "ECDSA",
            "keyCurve": "P-256",
            "keyValue":  "<238 chars>",
            "rpId": "<URL>",
            "userHandle": "<SOME BLOB>",
            "userName": "abcdef",
            "counter": "0",
            "rpName": "abcdef",
            "userDisplayName": "abcdef",
            "discoverable": "true",
            "creationDate": "2025-08-04T03:04:34.418Z"
          }
        ],
        "username": "abcdef",
        "password": null,
        "totp": null
      },
      "collectionIds": null
    }
link
GCUMstlyHarmls 324 days ago
Seems you can only import to the same account, some hand gesturing at FIDO Credential Exchange Format & Credential Exchange Protocol which aren't yet ratified.

https://community.bitwarden.com/t/passkey-portability/59177

https://community.bitwarden.com/t/passkey-export-file/77448/...

link
Saris 324 days ago
I just migrated to a new Bitwarden server using their JSON export/import and it included my passkeys.
link