clients icon indicating copy to clipboard operation
clients copied to clipboard

Published 20 hours ago verified publisher icon bitwarden

[PS-1200] Add Bluink Key .inj importer

Open Merlin04 opened this issue 1 year ago • 2 comments

Type of change

- [ ] Bug fix
- [X] New feature development
- [X] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

This PR adds an importer for .inj backup files from Bluink Key, a discontinued password manager mobile app that paired with a physical dongle that allowed it to "type" the passwords on your computer. The app is being removed from App Stores in August if I remember correctly, so I am in the process of switching to Bitwarden; I thought I'd contribute my importer so anyone else in the same situation can easily migrate their credentials and not have to do everything manually.

Code changes

As an AES-encrypted binary format, Bluink Key .inj files are a bit different from the other primarily-text based formats BItwarden supports importing. Because of this, I've had to make some minor changes to the importer code to

  • Allow for an importer to receive the file contents as an ArrayBuffer instead of a string
  • Allow for an importer to require a password
  • Provide an instance of CryptoFunctionService to the Bluink Key importer so it can decrypt the file

Files:

  • libs/common/src/importers/bluinkKeyInjImporter.ts: This is the main contribution - it includes an importer class and some related constants/utilities for the importer (like a ConsumableBytes class to allow for easier parsing of the binary data)
  • apps/cli/src/bw.ts: (CLI) provide the CryptoFunctionService to the ImportService
  • apps/cli/src/commands/import.command.ts: (CLI) corresponding changes to work with the modified ImportService (prompt for a password and/or read the file as binary if necessary)
  • apps/cli/src/utils.ts: update the readFile utility function to support reading a file as a Buffer
  • apps/web/src/app/tools/import-export/import-export.module.ts: (web) provide the CryptoFunctionService to the ImportService
  • apps/web/src/app/tools/import-export/import.component.html: (web) add the password field + instructions for Bluink Key import
  • apps/web/src/app/tools/import-export/import.component.ts: (web) corresponding changes to work with the ImportService (password field and reading the file as binary)
  • libs/common/src/abstractions/import.service.ts: update the type of the ImportService abstract class to support receiving a file as a Uint8Array
  • libs/common/src/enums/importOptions.ts: add the Bluink Key importer option and create arrays holding the names of importers which require a password and which require receiving the file as binary
  • libs/common/src/importers/importer.ts: update the type of an Importer to support receiving the file as binary
  • libs/common/src/services/import.service.ts: update the ImportService class to support returning the new importer and receiving the file as binary

Screenshots

a screenshot of the new password field in the import screen, along with the instructions for a Bluink Key import

Before you submit

- [x] I have checked for **linting** errors (`npm run lint`) (required)
- [ ] I have added **unit tests** where it makes sense to do so (encouraged but not required)
- [ ] This change requires a **documentation update** (notify the documentation team)
- [ ] This change has particular **deployment requirements** (notify the DevOps team)

Merlin04 avatar Jul 08 '22 21:07 Merlin04

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Jul 08 '22 21:07 CLAassistant

Hi @Merlin04 , thank you for the contribution. We've added this to our internal community PR board for review. We will revert shortly.

dbosompem avatar Jul 09 '22 00:07 dbosompem

Hi, any updates on this?

Merlin04 avatar Jul 24 '23 04:07 Merlin04

Hi @Merlin04,

Firstly, thank you for your contribution, and I'm sorry for the long period without a reply. Product management had reached out to Bluink (in September 2022) to ask for an example export and some other additional documentation around the export format, but unfortunately hasn't heard back. We apologize for not updating you on the process/progress. The reason for requesting the file is that without an example file and unit tests to verify, there is no way for Bitwarden to test the functionality. Overall, but also for the completeness of the mapping.

I'm sorry to have to say that we currently cannot accept your contribution.

Secondly, I would like to say that I really appreciate your contribution, especially the high quality and refactoring you did to enable passing binary/zip-files onto the importers. Something I had been looking into while working on the 1password 1pux importer.

Closing this now, but if you have any thoughts on how to test/verify the input and mapping, please reply here and we can always re-open this.

Kind regards, Daniel

djsmith85 avatar Aug 04 '23 11:08 djsmith85

Hi Daniel,

Thanks for the response - no worries about the delay, things happen. I really appreciate you all putting time and effort into trying to get this PR merged, it's unfortunate they never got back. I've tried contacting them about the Bluink Key in the past and never got a response either, and their website doesn't seem to mention the product anywhere anymore, so I think they just don't want to put any more effort into supporting it.

My understanding of the format comes from the official Bluink Key backup viewer, which has very readable/unminified source code. I think making sure the behavior of my implementation matches that of the backup viewer would verify the mapping, but I completely get it if you don't want to rely on that/need some sort of official documentation. As for testing it - I could load the old Bluink Key app onto my phone and make some example files to share here if that would work?

Thanks so much, B

Merlin04 avatar Aug 05 '23 02:08 Merlin04

@Merlin04 is there a method you have for installing the Bluink Key app? If we could do that we'd be able to generate our own example file and could validate this contribution works as expected.

micahblut avatar Aug 07 '23 12:08 micahblut

You can download it from here: https://m.apkpure.com/bluink-key-password-manager/ca.Bluink.Injector Unfortunately it was removed from the play store when Bluink Key reached end of life but this should still work! Then once you have it installed go to settings -> backup to generate the file.

Merlin04 avatar Aug 07 '23 12:08 Merlin04

Hi @Merlin04,

I discussed this with Micah, and he's created a backup file that can be used for verifying the mappings and also to create unit tests.

File: BluinkKeyBackup_example.zip (I had to zip it as Github doesn't like *.inj) Password: “Bjornblock”

Would you be up for merging in master (resolving any merge-conflicts) and possibly adding unit tests using the provided file as input?

I'm re-opening this and adding the needs-changes-label.

Kind regards, Daniel

djsmith85 avatar Aug 09 '23 09:08 djsmith85

We can’t merge your pull request until you make the changes we’ve requested. As we haven’t heard from you recently, this pull request will be closed.

If you’re still working on this, please respond here after you’ve made the changes we’ve requested and our team will re-open it for further review.

Please make sure to resolve any conflicts with the master branch before requesting another review.

github-actions[bot] avatar Aug 31 '23 05:08 github-actions[bot]