From 347bfcd4633f81fba0e833df6955e33cc469caf3 Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Thu, 28 Nov 2024 12:35:32 +0100
Subject: [PATCH 01/18] Move desktop to sdk ssh-key generation

---
 .../core/src/ssh_agent/generator.rs           | 45 -------------------
 .../desktop_native/core/src/ssh_agent/mod.rs  |  1 -
 apps/desktop/desktop_native/napi/src/lib.rs   |  8 ----
 .../platform/main/main-ssh-agent.service.ts   |  6 ---
 apps/desktop/src/platform/preload.ts          |  3 --
 .../src/vault/app/vault/add-edit.component.ts |  9 ++--
 6 files changed, 5 insertions(+), 67 deletions(-)
 delete mode 100644 apps/desktop/desktop_native/core/src/ssh_agent/generator.rs

diff --git a/apps/desktop/desktop_native/core/src/ssh_agent/generator.rs b/apps/desktop/desktop_native/core/src/ssh_agent/generator.rs
deleted file mode 100644
index fe639f20e7f..00000000000
--- a/apps/desktop/desktop_native/core/src/ssh_agent/generator.rs
+++ /dev/null
@@ -1,45 +0,0 @@
-use rand::SeedableRng;
-use rand_chacha::ChaCha8Rng;
-use ssh_key::{Algorithm, HashAlg, LineEnding};
-
-use super::importer::SshKey;
-
-pub async fn generate_keypair(key_algorithm: String) -> Result<SshKey, anyhow::Error> {
-    // sourced from cryptographically secure entropy source, with sources for all targets: https://docs.rs/getrandom
-    // if it cannot be securely sourced, this will panic instead of leading to a weak key
-    let mut rng: ChaCha8Rng = ChaCha8Rng::from_entropy();
-
-    let key = match key_algorithm.as_str() {
-        "ed25519" => ssh_key::PrivateKey::random(&mut rng, Algorithm::Ed25519),
-        "rsa2048" | "rsa3072" | "rsa4096" => {
-            let bits = match key_algorithm.as_str() {
-                "rsa2048" => 2048,
-                "rsa3072" => 3072,
-                "rsa4096" => 4096,
-                _ => return Err(anyhow::anyhow!("Unsupported RSA key size")),
-            };
-            let rsa_keypair = ssh_key::private::RsaKeypair::random(&mut rng, bits)
-                .or_else(|e| Err(anyhow::anyhow!(e.to_string())))?;
-
-            let private_key = ssh_key::PrivateKey::new(
-                ssh_key::private::KeypairData::from(rsa_keypair),
-                "".to_string(),
-            )
-            .or_else(|e| Err(anyhow::anyhow!(e.to_string())))?;
-            Ok(private_key)
-        }
-        _ => {
-            return Err(anyhow::anyhow!("Unsupported key algorithm"));
-        }
-    }
-    .or_else(|e| Err(anyhow::anyhow!(e.to_string())))?;
-
-    let private_key_openssh = key
-        .to_openssh(LineEnding::LF)
-        .or_else(|e| Err(anyhow::anyhow!(e.to_string())))?;
-    Ok(SshKey {
-        private_key: private_key_openssh.to_string(),
-        public_key: key.public_key().to_string(),
-        key_fingerprint: key.fingerprint(HashAlg::Sha256).to_string(),
-    })
-}
diff --git a/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs b/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs
index 8cbcd97d91e..0e98f1cd4c4 100644
--- a/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs
+++ b/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs
@@ -10,7 +10,6 @@ use bitwarden_russh::ssh_agent::{self, Key};
 #[cfg_attr(target_os = "linux", path = "unix.rs")]
 mod platform_ssh_agent;
 
-pub mod generator;
 pub mod importer;
 
 #[derive(Clone)]
diff --git a/apps/desktop/desktop_native/napi/src/lib.rs b/apps/desktop/desktop_native/napi/src/lib.rs
index 8e156eb3efa..095e6573cfe 100644
--- a/apps/desktop/desktop_native/napi/src/lib.rs
+++ b/apps/desktop/desktop_native/napi/src/lib.rs
@@ -344,14 +344,6 @@ pub mod sshagent {
             .map_err(|e| napi::Error::from_reason(e.to_string()))?;
         Ok(result.into())
     }
-
-    #[napi]
-    pub async fn generate_keypair(key_algorithm: String) -> napi::Result<SshKey> {
-        desktop_core::ssh_agent::generator::generate_keypair(key_algorithm)
-            .await
-            .map_err(|e| napi::Error::from_reason(e.to_string()))
-            .map(|k| k.into())
-    }
 }
 
 #[napi]
diff --git a/apps/desktop/src/platform/main/main-ssh-agent.service.ts b/apps/desktop/src/platform/main/main-ssh-agent.service.ts
index 60487aae4da..71e0e27d788 100644
--- a/apps/desktop/src/platform/main/main-ssh-agent.service.ts
+++ b/apps/desktop/src/platform/main/main-ssh-agent.service.ts
@@ -90,12 +90,6 @@ export class MainSshAgentService {
         this.requestResponses.push({ requestId, accepted, timestamp: new Date() });
       },
     );
-    ipcMain.handle(
-      "sshagent.generatekey",
-      async (event: any, { keyAlgorithm }: { keyAlgorithm: string }): Promise<sshagent.SshKey> => {
-        return await sshagent.generateKeypair(keyAlgorithm);
-      },
-    );
     ipcMain.handle(
       "sshagent.importkey",
       async (
diff --git a/apps/desktop/src/platform/preload.ts b/apps/desktop/src/platform/preload.ts
index 171e83bbef0..c82b993c991 100644
--- a/apps/desktop/src/platform/preload.ts
+++ b/apps/desktop/src/platform/preload.ts
@@ -50,9 +50,6 @@ const sshAgent = {
   signRequestResponse: async (requestId: number, accepted: boolean) => {
     await ipcRenderer.invoke("sshagent.signrequestresponse", { requestId, accepted });
   },
-  generateKey: async (keyAlgorithm: string): Promise<ssh.SshKey> => {
-    return await ipcRenderer.invoke("sshagent.generatekey", { keyAlgorithm });
-  },
   lock: async () => {
     return await ipcRenderer.invoke("sshagent.lock");
   },
diff --git a/apps/desktop/src/vault/app/vault/add-edit.component.ts b/apps/desktop/src/vault/app/vault/add-edit.component.ts
index 6a3ad8d62e1..0be26c978ab 100644
--- a/apps/desktop/src/vault/app/vault/add-edit.component.ts
+++ b/apps/desktop/src/vault/app/vault/add-edit.component.ts
@@ -24,6 +24,7 @@ import { CipherType } from "@bitwarden/common/vault/enums";
 import { CipherAuthorizationService } from "@bitwarden/common/vault/services/cipher-authorization.service";
 import { DialogService, ToastService } from "@bitwarden/components";
 import { SshKeyPasswordPromptComponent } from "@bitwarden/importer/ui";
+import { generate_ssh_key } from "@bitwarden/sdk-internal";
 import { PasswordRepromptService } from "@bitwarden/vault";
 
 const BroadcasterSubscriptionId = "AddEditComponent";
@@ -158,10 +159,10 @@ export class AddEditComponent extends BaseAddEditComponent implements OnInit, On
   }
 
   async generateSshKey(showNotification: boolean = true) {
-    const sshKey = await ipc.platform.sshAgent.generateKey("ed25519");
-    this.cipher.sshKey.privateKey = sshKey.privateKey;
-    this.cipher.sshKey.publicKey = sshKey.publicKey;
-    this.cipher.sshKey.keyFingerprint = sshKey.keyFingerprint;
+    const sshKey = generate_ssh_key("Ed25519");
+    this.cipher.sshKey.privateKey = sshKey.private_key;
+    this.cipher.sshKey.publicKey = sshKey.public_key;
+    this.cipher.sshKey.keyFingerprint = sshKey.key_fingerprint;
 
     if (showNotification) {
       this.toastService.showToast({

From 7c95f06523bbf84e6c1d5d024cdc87db764bbd4c Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Thu, 28 Nov 2024 14:33:23 +0100
Subject: [PATCH 02/18] Add ssh keygen support on web and browser

---
 .../src/popup/services/services.module.ts     |  2 +-
 .../new-item-dropdown-v2.component.html       |  4 ++
 .../components/vault/add-edit.component.ts    |  4 +-
 .../src/vault/app/vault/add-edit.component.ts | 37 +------------------
 .../emergency-add-edit-cipher.component.ts    |  4 +-
 .../vault-item-dialog.component.ts            |  3 ++
 .../individual-vault/add-edit.component.html  |  1 +
 .../individual-vault/add-edit.component.ts    |  4 +-
 .../vault-header/vault-header.component.html  |  4 ++
 .../app/vault/org-vault/add-edit.component.ts |  4 +-
 .../vault/components/add-edit.component.ts    | 36 +++++++++++++++++-
 .../sshkey-section.component.html             |  7 ++++
 .../sshkey-section.component.ts               | 36 +++++++++++++++---
 package.json                                  |  2 +-
 14 files changed, 101 insertions(+), 47 deletions(-)

diff --git a/apps/browser/src/popup/services/services.module.ts b/apps/browser/src/popup/services/services.module.ts
index 18d109776a4..121f46884e7 100644
--- a/apps/browser/src/popup/services/services.module.ts
+++ b/apps/browser/src/popup/services/services.module.ts
@@ -576,7 +576,7 @@ const safeProviders: SafeProvider[] = [
   }),
   safeProvider({
     provide: SdkClientFactory,
-    useFactory: (logService) =>
+    useFactory: (logService: LogService) =>
       flagEnabled("sdk") ? new BrowserSdkClientFactory(logService) : new NoopSdkClientFactory(),
     deps: [LogService],
   }),
diff --git a/apps/browser/src/vault/popup/components/vault-v2/new-item-dropdown/new-item-dropdown-v2.component.html b/apps/browser/src/vault/popup/components/vault-v2/new-item-dropdown/new-item-dropdown-v2.component.html
index 78403784f46..cebe9397c30 100644
--- a/apps/browser/src/vault/popup/components/vault-v2/new-item-dropdown/new-item-dropdown-v2.component.html
+++ b/apps/browser/src/vault/popup/components/vault-v2/new-item-dropdown/new-item-dropdown-v2.component.html
@@ -19,6 +19,10 @@
     <i class="bwi bwi-sticky-note" slot="start" aria-hidden="true"></i>
     {{ "note" | i18n }}
   </a>
+  <a bitMenuItem (click)="newItemNavigate(cipherType.SshKey)">
+    <i class="bwi bwi-key" slot="start" aria-hidden="true"></i>
+    {{ "typeSshKey" | i18n }}
+  </a>
   <bit-menu-divider></bit-menu-divider>
   <button type="button" bitMenuItem (click)="openFolderDialog()">
     <i class="bwi bwi-folder" slot="start" aria-hidden="true"></i>
diff --git a/apps/browser/src/vault/popup/components/vault/add-edit.component.ts b/apps/browser/src/vault/popup/components/vault/add-edit.component.ts
index 94654e41541..0e97779eb21 100644
--- a/apps/browser/src/vault/popup/components/vault/add-edit.component.ts
+++ b/apps/browser/src/vault/popup/components/vault/add-edit.component.ts
@@ -25,7 +25,7 @@ import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folde
 import { CipherType } from "@bitwarden/common/vault/enums";
 import { LoginUriView } from "@bitwarden/common/vault/models/view/login-uri.view";
 import { CipherAuthorizationService } from "@bitwarden/common/vault/services/cipher-authorization.service";
-import { DialogService } from "@bitwarden/components";
+import { DialogService, ToastService } from "@bitwarden/components";
 import { PasswordRepromptService } from "@bitwarden/vault";
 
 import { BrowserFido2UserInterfaceSession } from "../../../../autofill/fido2/services/browser-fido2-user-interface.service";
@@ -74,6 +74,7 @@ export class AddEditComponent extends BaseAddEditComponent implements OnInit {
     configService: ConfigService,
     private fido2UserVerificationService: Fido2UserVerificationService,
     cipherAuthorizationService: CipherAuthorizationService,
+    toastService: ToastService,
   ) {
     super(
       cipherService,
@@ -95,6 +96,7 @@ export class AddEditComponent extends BaseAddEditComponent implements OnInit {
       datePipe,
       configService,
       cipherAuthorizationService,
+      toastService,
     );
   }
 
diff --git a/apps/desktop/src/vault/app/vault/add-edit.component.ts b/apps/desktop/src/vault/app/vault/add-edit.component.ts
index 0be26c978ab..4f0022e5116 100644
--- a/apps/desktop/src/vault/app/vault/add-edit.component.ts
+++ b/apps/desktop/src/vault/app/vault/add-edit.component.ts
@@ -20,11 +20,9 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { SendApiService } from "@bitwarden/common/tools/send/services/send-api.service.abstraction";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
-import { CipherType } from "@bitwarden/common/vault/enums";
 import { CipherAuthorizationService } from "@bitwarden/common/vault/services/cipher-authorization.service";
 import { DialogService, ToastService } from "@bitwarden/components";
 import { SshKeyPasswordPromptComponent } from "@bitwarden/importer/ui";
-import { generate_ssh_key } from "@bitwarden/sdk-internal";
 import { PasswordRepromptService } from "@bitwarden/vault";
 
 const BroadcasterSubscriptionId = "AddEditComponent";
@@ -57,7 +55,7 @@ export class AddEditComponent extends BaseAddEditComponent implements OnInit, On
     dialogService: DialogService,
     datePipe: DatePipe,
     configService: ConfigService,
-    private toastService: ToastService,
+    toastService: ToastService,
     cipherAuthorizationService: CipherAuthorizationService,
   ) {
     super(
@@ -80,6 +78,7 @@ export class AddEditComponent extends BaseAddEditComponent implements OnInit, On
       datePipe,
       configService,
       cipherAuthorizationService,
+      toastService,
     );
   }
 
@@ -116,17 +115,6 @@ export class AddEditComponent extends BaseAddEditComponent implements OnInit, On
     }
 
     await super.load();
-
-    if (!this.editMode || this.cloneMode) {
-      // Creating an ssh key directly while filtering to the ssh key category
-      // must force a key to be set. SSH keys must never be created with an empty private key field
-      if (
-        this.cipher.type === CipherType.SshKey &&
-        (this.cipher.sshKey.privateKey == null || this.cipher.sshKey.privateKey === "")
-      ) {
-        await this.generateSshKey(false);
-      }
-    }
   }
 
   onWindowHidden() {
@@ -158,21 +146,6 @@ export class AddEditComponent extends BaseAddEditComponent implements OnInit, On
     );
   }
 
-  async generateSshKey(showNotification: boolean = true) {
-    const sshKey = generate_ssh_key("Ed25519");
-    this.cipher.sshKey.privateKey = sshKey.private_key;
-    this.cipher.sshKey.publicKey = sshKey.public_key;
-    this.cipher.sshKey.keyFingerprint = sshKey.key_fingerprint;
-
-    if (showNotification) {
-      this.toastService.showToast({
-        variant: "success",
-        title: "",
-        message: this.i18nService.t("sshKeyGenerated"),
-      });
-    }
-  }
-
   async importSshKeyFromClipboard(password: string = "") {
     const key = await this.platformUtilsService.readFromClipboard();
     const parsedKey = await ipc.platform.sshAgent.importKey(key, password);
@@ -233,12 +206,6 @@ export class AddEditComponent extends BaseAddEditComponent implements OnInit, On
     return await lastValueFrom(dialog.closed);
   }
 
-  async typeChange() {
-    if (this.cipher.type === CipherType.SshKey) {
-      await this.generateSshKey();
-    }
-  }
-
   truncateString(value: string, length: number) {
     return value.length > length ? value.substring(0, length) + "..." : value;
   }
diff --git a/apps/web/src/app/auth/settings/emergency-access/view/emergency-add-edit-cipher.component.ts b/apps/web/src/app/auth/settings/emergency-access/view/emergency-add-edit-cipher.component.ts
index f760b76638f..21d2fbe8d96 100644
--- a/apps/web/src/app/auth/settings/emergency-access/view/emergency-add-edit-cipher.component.ts
+++ b/apps/web/src/app/auth/settings/emergency-access/view/emergency-add-edit-cipher.component.ts
@@ -19,7 +19,7 @@ import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folde
 import { TotpService } from "@bitwarden/common/vault/abstractions/totp.service";
 import { Cipher } from "@bitwarden/common/vault/models/domain/cipher";
 import { CipherAuthorizationService } from "@bitwarden/common/vault/services/cipher-authorization.service";
-import { DialogService } from "@bitwarden/components";
+import { DialogService, ToastService } from "@bitwarden/components";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/generator-legacy";
 import { PasswordRepromptService } from "@bitwarden/vault";
 
@@ -56,6 +56,7 @@ export class EmergencyAddEditCipherComponent extends BaseAddEditComponent {
     configService: ConfigService,
     billingAccountProfileStateService: BillingAccountProfileStateService,
     cipherAuthorizationService: CipherAuthorizationService,
+    toastService: ToastService,
   ) {
     super(
       cipherService,
@@ -79,6 +80,7 @@ export class EmergencyAddEditCipherComponent extends BaseAddEditComponent {
       configService,
       billingAccountProfileStateService,
       cipherAuthorizationService,
+      toastService,
     );
   }
 
diff --git a/apps/web/src/app/vault/components/vault-item-dialog/vault-item-dialog.component.ts b/apps/web/src/app/vault/components/vault-item-dialog/vault-item-dialog.component.ts
index 2742cd52ef1..27f5efd8aa6 100644
--- a/apps/web/src/app/vault/components/vault-item-dialog/vault-item-dialog.component.ts
+++ b/apps/web/src/app/vault/components/vault-item-dialog/vault-item-dialog.component.ts
@@ -426,6 +426,9 @@ export class VaultItemDialogComponent implements OnInit, OnDestroy {
       case CipherType.SecureNote:
         this.title = this.i18nService.t(partOne, this.i18nService.t("note").toLowerCase());
         break;
+      case CipherType.SshKey:
+        this.title = this.i18nService.t(partOne, this.i18nService.t("typeSshKey").toLowerCase());
+        break;
     }
   }
 
diff --git a/apps/web/src/app/vault/individual-vault/add-edit.component.html b/apps/web/src/app/vault/individual-vault/add-edit.component.html
index 01ac60fc7e6..2589081d137 100644
--- a/apps/web/src/app/vault/individual-vault/add-edit.component.html
+++ b/apps/web/src/app/vault/individual-vault/add-edit.component.html
@@ -35,6 +35,7 @@ <h1 class="modal-title" id="cipherAddEditTitle">{{ title }}</h1>
               [(ngModel)]="cipher.type"
               class="form-control"
               [disabled]="cipher.isDeleted"
+              (change)="typeChange()"
               appAutofocus
             >
               <option *ngFor="let o of typeOptions" [ngValue]="o.value">{{ o.name }}</option>
diff --git a/apps/web/src/app/vault/individual-vault/add-edit.component.ts b/apps/web/src/app/vault/individual-vault/add-edit.component.ts
index 8f8c4779514..e0b4bccc3a2 100644
--- a/apps/web/src/app/vault/individual-vault/add-edit.component.ts
+++ b/apps/web/src/app/vault/individual-vault/add-edit.component.ts
@@ -26,7 +26,7 @@ import { TotpService } from "@bitwarden/common/vault/abstractions/totp.service";
 import { CipherType } from "@bitwarden/common/vault/enums";
 import { Launchable } from "@bitwarden/common/vault/interfaces/launchable";
 import { CipherAuthorizationService } from "@bitwarden/common/vault/services/cipher-authorization.service";
-import { DialogService } from "@bitwarden/components";
+import { DialogService, ToastService } from "@bitwarden/components";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/generator-legacy";
 import { PasswordRepromptService } from "@bitwarden/vault";
 
@@ -73,6 +73,7 @@ export class AddEditComponent extends BaseAddEditComponent implements OnInit, On
     configService: ConfigService,
     private billingAccountProfileStateService: BillingAccountProfileStateService,
     cipherAuthorizationService: CipherAuthorizationService,
+    toastService: ToastService,
   ) {
     super(
       cipherService,
@@ -94,6 +95,7 @@ export class AddEditComponent extends BaseAddEditComponent implements OnInit, On
       datePipe,
       configService,
       cipherAuthorizationService,
+      toastService,
     );
   }
 
diff --git a/apps/web/src/app/vault/individual-vault/vault-header/vault-header.component.html b/apps/web/src/app/vault/individual-vault/vault-header/vault-header.component.html
index 3f46cb803cf..8ac6138db7c 100644
--- a/apps/web/src/app/vault/individual-vault/vault-header/vault-header.component.html
+++ b/apps/web/src/app/vault/individual-vault/vault-header/vault-header.component.html
@@ -99,6 +99,10 @@
               <i class="bwi bwi-sticky-note" slot="start" aria-hidden="true"></i>
               {{ "note" | i18n }}
             </button>
+            <button type="button" bitMenuItem (click)="addCipher(CipherType.SshKey)">
+              <i class="bwi bwi-key" slot="start" aria-hidden="true"></i>
+              {{ "typeSshKey" | i18n }}
+            </button>
             <bit-menu-divider />
             <button type="button" bitMenuItem (click)="addFolder()">
               <i class="bwi bwi-fw bwi-folder" aria-hidden="true"></i>
diff --git a/apps/web/src/app/vault/org-vault/add-edit.component.ts b/apps/web/src/app/vault/org-vault/add-edit.component.ts
index 7a4697f5af6..4988cfd1101 100644
--- a/apps/web/src/app/vault/org-vault/add-edit.component.ts
+++ b/apps/web/src/app/vault/org-vault/add-edit.component.ts
@@ -22,7 +22,7 @@ import { TotpService } from "@bitwarden/common/vault/abstractions/totp.service";
 import { CipherData } from "@bitwarden/common/vault/models/data/cipher.data";
 import { Cipher } from "@bitwarden/common/vault/models/domain/cipher";
 import { CipherAuthorizationService } from "@bitwarden/common/vault/services/cipher-authorization.service";
-import { DialogService } from "@bitwarden/components";
+import { DialogService, ToastService } from "@bitwarden/components";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/generator-legacy";
 import { PasswordRepromptService } from "@bitwarden/vault";
 
@@ -59,6 +59,7 @@ export class AddEditComponent extends BaseAddEditComponent {
     configService: ConfigService,
     billingAccountProfileStateService: BillingAccountProfileStateService,
     cipherAuthorizationService: CipherAuthorizationService,
+    toastService: ToastService,
   ) {
     super(
       cipherService,
@@ -82,6 +83,7 @@ export class AddEditComponent extends BaseAddEditComponent {
       configService,
       billingAccountProfileStateService,
       cipherAuthorizationService,
+      toastService,
     );
   }
 
diff --git a/libs/angular/src/vault/components/add-edit.component.ts b/libs/angular/src/vault/components/add-edit.component.ts
index 3747236d51d..a89533a0be1 100644
--- a/libs/angular/src/vault/components/add-edit.component.ts
+++ b/libs/angular/src/vault/components/add-edit.component.ts
@@ -39,7 +39,8 @@ import { LoginView } from "@bitwarden/common/vault/models/view/login.view";
 import { SecureNoteView } from "@bitwarden/common/vault/models/view/secure-note.view";
 import { SshKeyView } from "@bitwarden/common/vault/models/view/ssh-key.view";
 import { CipherAuthorizationService } from "@bitwarden/common/vault/services/cipher-authorization.service";
-import { DialogService } from "@bitwarden/components";
+import { DialogService, ToastService } from "@bitwarden/components";
+import { generate_ssh_key } from "@bitwarden/sdk-internal";
 import { PasswordRepromptService } from "@bitwarden/vault";
 
 @Directive()
@@ -130,6 +131,7 @@ export class AddEditComponent implements OnInit, OnDestroy {
     protected datePipe: DatePipe,
     protected configService: ConfigService,
     protected cipherAuthorizationService: CipherAuthorizationService,
+    protected toastService: ToastService,
   ) {
     this.typeOptions = [
       { name: i18nService.t("typeLogin"), value: CipherType.Login },
@@ -339,6 +341,17 @@ export class AddEditComponent implements OnInit, OnDestroy {
       [this.collectionId as CollectionId],
       this.isAdminConsoleAction,
     );
+
+    if (!this.editMode || this.cloneMode) {
+      // Creating an ssh key directly while filtering to the ssh key category
+      // must force a key to be set. SSH keys must never be created with an empty private key field
+      if (
+        this.cipher.type === CipherType.SshKey &&
+        (this.cipher.sshKey.privateKey == null || this.cipher.sshKey.privateKey === "")
+      ) {
+        await this.generateSshKey(false);
+      }
+    }
   }
 
   async submit(): Promise<boolean> {
@@ -787,4 +800,25 @@ export class AddEditComponent implements OnInit, OnDestroy {
 
     return true;
   }
+
+  async generateSshKey(showNotification: boolean = true) {
+    const sshKey = generate_ssh_key("Ed25519");
+    this.cipher.sshKey.privateKey = sshKey.private_key;
+    this.cipher.sshKey.publicKey = sshKey.public_key;
+    this.cipher.sshKey.keyFingerprint = sshKey.key_fingerprint;
+
+    if (showNotification) {
+      this.toastService.showToast({
+        variant: "success",
+        title: "",
+        message: this.i18nService.t("sshKeyGenerated"),
+      });
+    }
+  }
+
+  async typeChange() {
+    if (this.cipher.type === CipherType.SshKey) {
+      await this.generateSshKey();
+    }
+  }
 }
diff --git a/libs/vault/src/cipher-form/components/sshkey-section/sshkey-section.component.html b/libs/vault/src/cipher-form/components/sshkey-section/sshkey-section.component.html
index 51b07a1cbf3..d468b743acb 100644
--- a/libs/vault/src/cipher-form/components/sshkey-section/sshkey-section.component.html
+++ b/libs/vault/src/cipher-form/components/sshkey-section/sshkey-section.component.html
@@ -8,6 +8,13 @@ <h2 bitTypography="h6">
     <bit-form-field>
       <bit-label>{{ "sshPrivateKey" | i18n }}</bit-label>
       <input id="privateKey" bitInput formControlName="privateKey" type="password" />
+      <button
+        type="button"
+        bitSuffix
+        data-testid="toggle-privateKey-generate"
+        bitIconButton="bwi-generate"
+        (click)="generateSshKey()"
+      ></button>
       <button
         type="button"
         bitIconButton
diff --git a/libs/vault/src/cipher-form/components/sshkey-section/sshkey-section.component.ts b/libs/vault/src/cipher-form/components/sshkey-section/sshkey-section.component.ts
index a15237421bd..ab9257cab7d 100644
--- a/libs/vault/src/cipher-form/components/sshkey-section/sshkey-section.component.ts
+++ b/libs/vault/src/cipher-form/components/sshkey-section/sshkey-section.component.ts
@@ -14,8 +14,11 @@ import {
   SelectModule,
   TypographyModule,
 } from "@bitwarden/components";
+import { generate_ssh_key } from "@bitwarden/sdk-internal";
 
 import { CipherFormContainer } from "../../cipher-form-container";
+import { SshKeyView } from "@bitwarden/common/vault/models/view/ssh-key.view";
+import { takeUntilDestroyed } from "@angular/core/rxjs-interop";
 
 @Component({
   selector: "vault-sshkey-section",
@@ -48,20 +51,34 @@ export class SshKeySectionComponent implements OnInit {
    * leaving as just null gets inferred as `unknown`
    */
   sshKeyForm = this.formBuilder.group({
-    privateKey: null as string | null,
-    publicKey: null as string | null,
-    keyFingerprint: null as string | null,
+    privateKey: [""],
+    publicKey: [""],
+    keyFingerprint: [""],
   });
 
   constructor(
     private cipherFormContainer: CipherFormContainer,
     private formBuilder: FormBuilder,
     private i18nService: I18nService,
-  ) {}
+  ) {
+    this.cipherFormContainer.registerChildForm("sshKeyDetails", this.sshKeyForm);
+    this.sshKeyForm.valueChanges.pipe(takeUntilDestroyed()).subscribe((value) => {
+      const data = new SshKeyView();
+      data.privateKey = value.privateKey;
+      data.publicKey = value.publicKey;
+      data.keyFingerprint = value.keyFingerprint;
+      this.cipherFormContainer.patchCipher((cipher) => {
+        cipher.sshKey = data;
+        return cipher;
+      });
+    });
+  }
 
   ngOnInit() {
-    if (this.originalCipherView?.card) {
+    if (this.originalCipherView?.sshKey) {
       this.setInitialValues();
+    } else {
+      this.generateSshKey();
     }
 
     this.sshKeyForm.disable();
@@ -77,4 +94,13 @@ export class SshKeySectionComponent implements OnInit {
       keyFingerprint,
     });
   }
+
+  generateSshKey() {
+    const sshKey = generate_ssh_key("Ed25519");
+    this.sshKeyForm.setValue({
+      privateKey: sshKey.private_key,
+      publicKey: sshKey.public_key,
+      keyFingerprint: sshKey.key_fingerprint,
+    });
+  }
 }
diff --git a/package.json b/package.json
index acaf51c92ca..ea8bf57c402 100644
--- a/package.json
+++ b/package.json
@@ -153,7 +153,7 @@
     "@angular/platform-browser": "17.3.12",
     "@angular/platform-browser-dynamic": "17.3.12",
     "@angular/router": "17.3.12",
-    "@bitwarden/sdk-internal": "0.2.0-main.3",
+    "@bitwarden/sdk-internal": "0.2.0-main.11",
     "@electron/fuses": "1.8.0",
     "@koa/multer": "3.0.2",
     "@koa/router": "13.1.0",

From e0c0d1f3eed7a46aab92fbc6b8a32cb31a462f51 Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Thu, 28 Nov 2024 14:40:29 +0100
Subject: [PATCH 03/18] Move ssh keygen on all clients behind feature flag

---
 .../new-item-dropdown-v2.component.html            |  2 +-
 .../new-item-dropdown-v2.component.spec.ts         |  2 ++
 .../new-item-dropdown-v2.component.ts              | 14 +++++++++++---
 .../src/vault/components/add-edit.component.ts     |  4 ++--
 4 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/apps/browser/src/vault/popup/components/vault-v2/new-item-dropdown/new-item-dropdown-v2.component.html b/apps/browser/src/vault/popup/components/vault-v2/new-item-dropdown/new-item-dropdown-v2.component.html
index cebe9397c30..c338decdf8f 100644
--- a/apps/browser/src/vault/popup/components/vault-v2/new-item-dropdown/new-item-dropdown-v2.component.html
+++ b/apps/browser/src/vault/popup/components/vault-v2/new-item-dropdown/new-item-dropdown-v2.component.html
@@ -19,7 +19,7 @@
     <i class="bwi bwi-sticky-note" slot="start" aria-hidden="true"></i>
     {{ "note" | i18n }}
   </a>
-  <a bitMenuItem (click)="newItemNavigate(cipherType.SshKey)">
+  <a bitMenuItem (click)="newItemNavigate(cipherType.SshKey)" *ngIf="sshKeysEnabled">
     <i class="bwi bwi-key" slot="start" aria-hidden="true"></i>
     {{ "typeSshKey" | i18n }}
   </a>
diff --git a/apps/browser/src/vault/popup/components/vault-v2/new-item-dropdown/new-item-dropdown-v2.component.spec.ts b/apps/browser/src/vault/popup/components/vault-v2/new-item-dropdown/new-item-dropdown-v2.component.spec.ts
index 6842f35ea6f..2009dde7ee3 100644
--- a/apps/browser/src/vault/popup/components/vault-v2/new-item-dropdown/new-item-dropdown-v2.component.spec.ts
+++ b/apps/browser/src/vault/popup/components/vault-v2/new-item-dropdown/new-item-dropdown-v2.component.spec.ts
@@ -3,6 +3,7 @@ import { ComponentFixture, TestBed } from "@angular/core/testing";
 import { Router } from "@angular/router";
 
 import { JslibModule } from "@bitwarden/angular/jslib.module";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { CipherType } from "@bitwarden/common/vault/enums";
 import { ButtonModule, DialogService, MenuModule } from "@bitwarden/components";
@@ -33,6 +34,7 @@ describe("NewItemDropdownV2Component", () => {
       providers: [
         { provide: I18nService, useValue: { t: (key: string) => key } },
         { provide: Router, useValue: { navigate } },
+        { provide: ConfigService, useValue: { getFeatureFlag: () => Promise.resolve(false) } },
       ],
     })
       .overrideProvider(DialogService, { useValue: { open } })
diff --git a/apps/browser/src/vault/popup/components/vault-v2/new-item-dropdown/new-item-dropdown-v2.component.ts b/apps/browser/src/vault/popup/components/vault-v2/new-item-dropdown/new-item-dropdown-v2.component.ts
index a1d5cbd332d..9e1490e1522 100644
--- a/apps/browser/src/vault/popup/components/vault-v2/new-item-dropdown/new-item-dropdown-v2.component.ts
+++ b/apps/browser/src/vault/popup/components/vault-v2/new-item-dropdown/new-item-dropdown-v2.component.ts
@@ -1,8 +1,10 @@
 import { CommonModule } from "@angular/common";
-import { Component, Input } from "@angular/core";
+import { Component, Input, OnInit } from "@angular/core";
 import { Router, RouterLink } from "@angular/router";
 
 import { JslibModule } from "@bitwarden/angular/jslib.module";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { CollectionId, OrganizationId } from "@bitwarden/common/types/guid";
 import { CipherType } from "@bitwarden/common/vault/enums";
@@ -25,7 +27,7 @@ export interface NewItemInitialValues {
   standalone: true,
   imports: [NoItemsModule, JslibModule, CommonModule, ButtonModule, RouterLink, MenuModule],
 })
-export class NewItemDropdownV2Component {
+export class NewItemDropdownV2Component implements OnInit {
   cipherType = CipherType;
 
   /**
@@ -33,12 +35,18 @@ export class NewItemDropdownV2Component {
    */
   @Input()
   initialValues: NewItemInitialValues;
-
   constructor(
     private router: Router,
     private dialogService: DialogService,
+    private configService: ConfigService,
   ) {}
 
+  sshKeysEnabled = false;
+
+  async ngOnInit() {
+    this.sshKeysEnabled = await this.configService.getFeatureFlag(FeatureFlag.SSHKeyVaultItem);
+  }
+
   private async buildQueryParams(type: CipherType): Promise<AddEditQueryParams> {
     const tab = await BrowserApi.getTabFromCurrentWindow();
     const poppedOut = BrowserPopupUtils.inPopout(window);
diff --git a/libs/angular/src/vault/components/add-edit.component.ts b/libs/angular/src/vault/components/add-edit.component.ts
index a89533a0be1..7981174dfa0 100644
--- a/libs/angular/src/vault/components/add-edit.component.ts
+++ b/libs/angular/src/vault/components/add-edit.component.ts
@@ -14,7 +14,7 @@ import { OrganizationUserStatusType, PolicyType } from "@bitwarden/common/admin-
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { normalizeExpiryYearFormat } from "@bitwarden/common/autofill/utils";
-import { ClientType, EventType } from "@bitwarden/common/enums";
+import { EventType } from "@bitwarden/common/enums";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { UriMatchStrategy } from "@bitwarden/common/models/domain/domain-service";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
@@ -208,7 +208,7 @@ export class AddEditComponent implements OnInit, OnDestroy {
     this.canUseReprompt = await this.passwordRepromptService.enabled();
 
     const sshKeysEnabled = await this.configService.getFeatureFlag(FeatureFlag.SSHKeyVaultItem);
-    if (this.platformUtilsService.getClientType() == ClientType.Desktop && sshKeysEnabled) {
+    if (sshKeysEnabled) {
       this.typeOptions.push({ name: this.i18nService.t("typeSshKey"), value: CipherType.SshKey });
     }
   }

From 74f69b6d5c1af03fac345982a36c93fef734babf Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Thu, 28 Nov 2024 14:42:39 +0100
Subject: [PATCH 04/18] Update package lock

---
 package-lock.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index a36f9766cdf..a419f2663da 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -24,7 +24,7 @@
         "@angular/platform-browser": "17.3.12",
         "@angular/platform-browser-dynamic": "17.3.12",
         "@angular/router": "17.3.12",
-        "@bitwarden/sdk-internal": "0.2.0-main.3",
+        "@bitwarden/sdk-internal": "0.2.0-main.11",
         "@electron/fuses": "1.8.0",
         "@koa/multer": "3.0.2",
         "@koa/router": "13.1.0",
@@ -4297,9 +4297,9 @@
       "link": true
     },
     "node_modules/@bitwarden/sdk-internal": {
-      "version": "0.2.0-main.3",
-      "resolved": "https://registry.npmjs.org/@bitwarden/sdk-internal/-/sdk-internal-0.2.0-main.3.tgz",
-      "integrity": "sha512-CYp98uaVMSFp6nr/QLw+Qw8ttnVtWark/bMpw59OhwMVhrCDKmpCgcR9G4oEdVO11IuFcYZieTBmtOEPhCpGaw==",
+      "version": "0.2.0-main.11",
+      "resolved": "https://registry.npmjs.org/@bitwarden/sdk-internal/-/sdk-internal-0.2.0-main.11.tgz",
+      "integrity": "sha512-JpF7c2CYrDsOEDHqIt+62kf3kI4Ia16kYFmAM2N+Vp3YvxS5k36Hmr4+EZ7+PXFoGrJs80BZdzOhYH2kpgYnaA==",
       "license": "GPL-3.0"
     },
     "node_modules/@bitwarden/vault": {

From dde943378ad53202877e18e6db19057452c0c47e Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Thu, 28 Nov 2024 14:46:04 +0100
Subject: [PATCH 05/18] Fix linting

---
 .../components/sshkey-section/sshkey-section.component.ts     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libs/vault/src/cipher-form/components/sshkey-section/sshkey-section.component.ts b/libs/vault/src/cipher-form/components/sshkey-section/sshkey-section.component.ts
index ab9257cab7d..7cb9b56ce00 100644
--- a/libs/vault/src/cipher-form/components/sshkey-section/sshkey-section.component.ts
+++ b/libs/vault/src/cipher-form/components/sshkey-section/sshkey-section.component.ts
@@ -1,10 +1,12 @@
 import { CommonModule } from "@angular/common";
 import { Component, Input, OnInit } from "@angular/core";
+import { takeUntilDestroyed } from "@angular/core/rxjs-interop";
 import { FormBuilder, ReactiveFormsModule } from "@angular/forms";
 
 import { JslibModule } from "@bitwarden/angular/jslib.module";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
+import { SshKeyView } from "@bitwarden/common/vault/models/view/ssh-key.view";
 import {
   CardComponent,
   FormFieldModule,
@@ -17,8 +19,6 @@ import {
 import { generate_ssh_key } from "@bitwarden/sdk-internal";
 
 import { CipherFormContainer } from "../../cipher-form-container";
-import { SshKeyView } from "@bitwarden/common/vault/models/view/ssh-key.view";
-import { takeUntilDestroyed } from "@angular/core/rxjs-interop";
 
 @Component({
   selector: "vault-sshkey-section",

From c417c6ef5ccc9aa43caa6b2a8e10a0f998afb47c Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Tue, 10 Dec 2024 13:52:06 +0100
Subject: [PATCH 06/18] Fix build

---
 .../new-item-dropdown/new-item-dropdown-v2.component.ts         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/browser/src/vault/popup/components/vault-v2/new-item-dropdown/new-item-dropdown-v2.component.ts b/apps/browser/src/vault/popup/components/vault-v2/new-item-dropdown/new-item-dropdown-v2.component.ts
index f5956e32d3b..be30b29fb18 100644
--- a/apps/browser/src/vault/popup/components/vault-v2/new-item-dropdown/new-item-dropdown-v2.component.ts
+++ b/apps/browser/src/vault/popup/components/vault-v2/new-item-dropdown/new-item-dropdown-v2.component.ts
@@ -50,7 +50,7 @@ export class NewItemDropdownV2Component implements OnInit {
     this.tab = await BrowserApi.getTabFromCurrentWindow();
   }
 
-  private async buildQueryParams(type: CipherType): Promise<AddEditQueryParams> {
+  async buildQueryParams(type: CipherType): Promise<AddEditQueryParams> {
     const poppedOut = BrowserPopupUtils.inPopout(window);
 
     const loginDetails: { uri?: string; name?: string } = {};

From d9091c0e857f8c485b63a6db86137bf62d6f6c7a Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Tue, 10 Dec 2024 15:52:52 +0100
Subject: [PATCH 07/18] Fix build

---
 .../new-item-dropdown/new-item-dropdown-v2.component.html  | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/apps/browser/src/vault/popup/components/vault-v2/new-item-dropdown/new-item-dropdown-v2.component.html b/apps/browser/src/vault/popup/components/vault-v2/new-item-dropdown/new-item-dropdown-v2.component.html
index 8c4698b11ba..4d617ff7786 100644
--- a/apps/browser/src/vault/popup/components/vault-v2/new-item-dropdown/new-item-dropdown-v2.component.html
+++ b/apps/browser/src/vault/popup/components/vault-v2/new-item-dropdown/new-item-dropdown-v2.component.html
@@ -27,7 +27,12 @@
     <i class="bwi bwi-sticky-note" slot="start" aria-hidden="true"></i>
     {{ "note" | i18n }}
   </a>
-  <a bitMenuItem (click)="newItemNavigate(cipherType.SshKey)" *ngIf="sshKeysEnabled">
+  <a
+    bitMenuItem
+    [routerLink]="['/add-cipher']"
+    [queryParams]="buildQueryParams(cipherType.SshKey)"
+    *ngIf="sshKeysEnabled"
+  >
     <i class="bwi bwi-key" slot="start" aria-hidden="true"></i>
     {{ "typeSshKey" | i18n }}
   </a>

From d4bdff81e8eb9888e17fd7ccbed35ddd3da96115 Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Mon, 16 Dec 2024 13:08:43 +0100
Subject: [PATCH 08/18] Remove rand_chacha

---
 apps/desktop/desktop_native/Cargo.lock      | 1 -
 apps/desktop/desktop_native/core/Cargo.toml | 1 -
 2 files changed, 2 deletions(-)

diff --git a/apps/desktop/desktop_native/Cargo.lock b/apps/desktop/desktop_native/Cargo.lock
index 1cf8b24c265..8895dd27a4c 100644
--- a/apps/desktop/desktop_native/Cargo.lock
+++ b/apps/desktop/desktop_native/Cargo.lock
@@ -763,7 +763,6 @@ dependencies = [
  "pin-project",
  "pkcs8",
  "rand",
- "rand_chacha",
  "retry",
  "rsa",
  "russh-cryptovec",
diff --git a/apps/desktop/desktop_native/core/Cargo.toml b/apps/desktop/desktop_native/core/Cargo.toml
index adfdd818a17..360aa85c255 100644
--- a/apps/desktop/desktop_native/core/Cargo.toml
+++ b/apps/desktop/desktop_native/core/Cargo.toml
@@ -55,7 +55,6 @@ tokio-stream = { version = "=0.1.15", features = ["net"] }
 tokio-util = { version = "=0.7.12", features = ["codec"] }
 thiserror = "=1.0.69"
 typenum = "=1.17.0"
-rand_chacha = "=0.3.1"
 pkcs8 = { version = "=0.10.2", features = ["alloc", "encryption", "pem"] }
 rsa = "=0.9.6"
 ed25519 = { version = "=2.2.3", features = ["pkcs8"] }

From 5626afc888ae5e843a820e6dbc285ff65bda097b Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Mon, 16 Dec 2024 15:32:51 +0100
Subject: [PATCH 09/18] Move libc to linux-only target

---
 apps/desktop/desktop_native/core/Cargo.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/desktop/desktop_native/core/Cargo.toml b/apps/desktop/desktop_native/core/Cargo.toml
index bdf5b1ed5c4..07975dc0511 100644
--- a/apps/desktop/desktop_native/core/Cargo.toml
+++ b/apps/desktop/desktop_native/core/Cargo.toml
@@ -31,7 +31,6 @@ base64 = "=0.22.1"
 byteorder = "=1.5.0"
 cbc = { version = "=0.1.2", features = ["alloc"] }
 homedir = "=0.3.4"
-libc = "=0.2.162"
 pin-project = "=1.1.7"
 dirs = "=5.0.1"
 futures = "=0.3.31"
@@ -86,6 +85,7 @@ desktop_objc = { path = "../objc" }
 
 [target.'cfg(target_os = "linux")'.dependencies]
 oo7 = "=0.3.3"
+libc = "=0.2.162"
 
 zbus = { version = "=4.4.0", optional = true }
 zbus_polkit = { version = "=4.0.0", optional = true }

From d89200214acf91ed568210777acd051f235b570f Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Mon, 16 Dec 2024 15:38:50 +0100
Subject: [PATCH 10/18] Remove async-streams dep

---
 apps/desktop/desktop_native/Cargo.lock      | 23 ---------------------
 apps/desktop/desktop_native/core/Cargo.toml |  1 -
 2 files changed, 24 deletions(-)

diff --git a/apps/desktop/desktop_native/Cargo.lock b/apps/desktop/desktop_native/Cargo.lock
index c59c6b8967e..4e258c23c1d 100644
--- a/apps/desktop/desktop_native/Cargo.lock
+++ b/apps/desktop/desktop_native/Cargo.lock
@@ -240,28 +240,6 @@ dependencies = [
  "windows-sys 0.59.0",
 ]
 
-[[package]]
-name = "async-stream"
-version = "0.3.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0b5a71a6f37880a80d1d7f19efd781e4b5de42c88f0722cc13bcb6cc2cfe8476"
-dependencies = [
- "async-stream-impl",
- "futures-core",
- "pin-project-lite",
-]
-
-[[package]]
-name = "async-stream-impl"
-version = "0.3.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c7c24de15d275a1ecfd47a380fb4d5ec9bfe0933f309ed5e705b775596a3574d"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
 [[package]]
 name = "async-task"
 version = "4.7.1"
@@ -763,7 +741,6 @@ dependencies = [
  "anyhow",
  "arboard",
  "argon2",
- "async-stream",
  "base64",
  "bitwarden-russh",
  "byteorder",
diff --git a/apps/desktop/desktop_native/core/Cargo.toml b/apps/desktop/desktop_native/core/Cargo.toml
index 07975dc0511..dd6ef3d4618 100644
--- a/apps/desktop/desktop_native/core/Cargo.toml
+++ b/apps/desktop/desktop_native/core/Cargo.toml
@@ -26,7 +26,6 @@ arboard = { version = "=3.4.1", default-features = false, features = [
   "wayland-data-control",
 ] }
 argon2 = { version = "=0.5.3", features = ["zeroize"] }
-async-stream = "=0.3.6"
 base64 = "=0.22.1"
 byteorder = "=1.5.0"
 cbc = { version = "=0.1.2", features = ["alloc"] }

From 9ed95727f90c262711b92ba938c1f9c9cc76ad88 Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Mon, 6 Jan 2025 11:46:16 +0100
Subject: [PATCH 11/18] Make generateSshKey private

---
 libs/angular/src/vault/components/add-edit.component.ts         | 2 +-
 .../components/sshkey-section/sshkey-section.component.ts       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/libs/angular/src/vault/components/add-edit.component.ts b/libs/angular/src/vault/components/add-edit.component.ts
index 82b2e588cbd..47036f1753e 100644
--- a/libs/angular/src/vault/components/add-edit.component.ts
+++ b/libs/angular/src/vault/components/add-edit.component.ts
@@ -800,7 +800,7 @@ export class AddEditComponent implements OnInit, OnDestroy {
     return true;
   }
 
-  async generateSshKey(showNotification: boolean = true) {
+  private async generateSshKey(showNotification: boolean = true) {
     const sshKey = generate_ssh_key("Ed25519");
     this.cipher.sshKey.privateKey = sshKey.private_key;
     this.cipher.sshKey.publicKey = sshKey.public_key;
diff --git a/libs/vault/src/cipher-form/components/sshkey-section/sshkey-section.component.ts b/libs/vault/src/cipher-form/components/sshkey-section/sshkey-section.component.ts
index dcac62a936d..4139564a393 100644
--- a/libs/vault/src/cipher-form/components/sshkey-section/sshkey-section.component.ts
+++ b/libs/vault/src/cipher-form/components/sshkey-section/sshkey-section.component.ts
@@ -97,7 +97,7 @@ export class SshKeySectionComponent implements OnInit {
     });
   }
 
-  generateSshKey() {
+  private generateSshKey() {
     const sshKey = generate_ssh_key("Ed25519");
     this.sshKeyForm.setValue({
       privateKey: sshKey.private_key,

From 753f76f8a1e3cda786802d40132cce7c6d022653 Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Mon, 6 Jan 2025 11:48:07 +0100
Subject: [PATCH 12/18] Remove async from generate ssh key

---
 libs/angular/src/vault/components/add-edit.component.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libs/angular/src/vault/components/add-edit.component.ts b/libs/angular/src/vault/components/add-edit.component.ts
index 47036f1753e..6414b404ebf 100644
--- a/libs/angular/src/vault/components/add-edit.component.ts
+++ b/libs/angular/src/vault/components/add-edit.component.ts
@@ -349,7 +349,7 @@ export class AddEditComponent implements OnInit, OnDestroy {
         this.cipher.type === CipherType.SshKey &&
         (this.cipher.sshKey.privateKey == null || this.cipher.sshKey.privateKey === "")
       ) {
-        await this.generateSshKey(false);
+        this.generateSshKey(false);
       }
     }
   }
@@ -800,7 +800,7 @@ export class AddEditComponent implements OnInit, OnDestroy {
     return true;
   }
 
-  private async generateSshKey(showNotification: boolean = true) {
+  private generateSshKey(showNotification: boolean = true) {
     const sshKey = generate_ssh_key("Ed25519");
     this.cipher.sshKey.privateKey = sshKey.private_key;
     this.cipher.sshKey.publicKey = sshKey.public_key;
@@ -817,7 +817,7 @@ export class AddEditComponent implements OnInit, OnDestroy {
 
   async typeChange() {
     if (this.cipher.type === CipherType.SshKey) {
-      await this.generateSshKey();
+      this.generateSshKey();
     }
   }
 }

From 4794ee613f7ecbcfd0574a12d7784bf5aec5eff1 Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Mon, 6 Jan 2025 13:38:39 +0100
Subject: [PATCH 13/18] Update cargo lock

---
 apps/desktop/desktop_native/Cargo.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/desktop/desktop_native/Cargo.lock b/apps/desktop/desktop_native/Cargo.lock
index 918f50590ef..1a60c13effb 100644
--- a/apps/desktop/desktop_native/Cargo.lock
+++ b/apps/desktop/desktop_native/Cargo.lock
@@ -1484,9 +1484,9 @@ dependencies = [
 
 [[package]]
 name = "libc"
-version = "0.2.169"
+version = "0.2.162"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b5aba8db14291edd000dfcc4d620c7ebfb122c613afb886ca8803fa4e128a20a"
+checksum = "18d287de67fe55fd7e1581fe933d965a5a9477b38e949cfa9f8574ef01506398"
 
 [[package]]
 name = "libloading"

From 0d4f29d093d31ab7717bc5511da1e1ac1856e299 Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Mon, 6 Jan 2025 13:48:22 +0100
Subject: [PATCH 14/18] Fix sdk init for ssh key generation

---
 apps/desktop/src/vault/app/vault/add-edit.component.ts |  3 +++
 .../angular/src/vault/components/add-edit.component.ts |  9 ++++++---
 .../sshkey-section/sshkey-section.component.ts         | 10 +++++++---
 3 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/apps/desktop/src/vault/app/vault/add-edit.component.ts b/apps/desktop/src/vault/app/vault/add-edit.component.ts
index 05a96b92fb1..02fa8076086 100644
--- a/apps/desktop/src/vault/app/vault/add-edit.component.ts
+++ b/apps/desktop/src/vault/app/vault/add-edit.component.ts
@@ -19,6 +19,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { SdkService } from "@bitwarden/common/platform/abstractions/sdk/sdk.service";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
 import { CipherAuthorizationService } from "@bitwarden/common/vault/services/cipher-authorization.service";
@@ -57,6 +58,7 @@ export class AddEditComponent extends BaseAddEditComponent implements OnInit, On
     configService: ConfigService,
     toastService: ToastService,
     cipherAuthorizationService: CipherAuthorizationService,
+    sdkService: SdkService,
   ) {
     super(
       cipherService,
@@ -78,6 +80,7 @@ export class AddEditComponent extends BaseAddEditComponent implements OnInit, On
       configService,
       cipherAuthorizationService,
       toastService,
+      sdkService,
     );
   }
 
diff --git a/libs/angular/src/vault/components/add-edit.component.ts b/libs/angular/src/vault/components/add-edit.component.ts
index 5ca94e33cea..8d286e0a3f9 100644
--- a/libs/angular/src/vault/components/add-edit.component.ts
+++ b/libs/angular/src/vault/components/add-edit.component.ts
@@ -24,6 +24,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { SdkService } from "@bitwarden/common/platform/abstractions/sdk/sdk.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { CollectionId, UserId } from "@bitwarden/common/types/guid";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
@@ -134,6 +135,7 @@ export class AddEditComponent implements OnInit, OnDestroy {
     protected configService: ConfigService,
     protected cipherAuthorizationService: CipherAuthorizationService,
     protected toastService: ToastService,
+    private sdkService: SdkService,
   ) {
     this.typeOptions = [
       { name: i18nService.t("typeLogin"), value: CipherType.Login },
@@ -349,7 +351,7 @@ export class AddEditComponent implements OnInit, OnDestroy {
         this.cipher.type === CipherType.SshKey &&
         (this.cipher.sshKey.privateKey == null || this.cipher.sshKey.privateKey === "")
       ) {
-        this.generateSshKey(false);
+        await this.generateSshKey(false);
       }
     }
   }
@@ -800,7 +802,8 @@ export class AddEditComponent implements OnInit, OnDestroy {
     return true;
   }
 
-  private generateSshKey(showNotification: boolean = true) {
+  private async generateSshKey(showNotification: boolean = true) {
+    await firstValueFrom(this.sdkService.client$);
     const sshKey = generate_ssh_key("Ed25519");
     this.cipher.sshKey.privateKey = sshKey.private_key;
     this.cipher.sshKey.publicKey = sshKey.public_key;
@@ -817,7 +820,7 @@ export class AddEditComponent implements OnInit, OnDestroy {
 
   async typeChange() {
     if (this.cipher.type === CipherType.SshKey) {
-      this.generateSshKey();
+      await this.generateSshKey();
     }
   }
 }
diff --git a/libs/vault/src/cipher-form/components/sshkey-section/sshkey-section.component.ts b/libs/vault/src/cipher-form/components/sshkey-section/sshkey-section.component.ts
index 4139564a393..134897c9356 100644
--- a/libs/vault/src/cipher-form/components/sshkey-section/sshkey-section.component.ts
+++ b/libs/vault/src/cipher-form/components/sshkey-section/sshkey-section.component.ts
@@ -4,9 +4,11 @@ import { CommonModule } from "@angular/common";
 import { Component, Input, OnInit } from "@angular/core";
 import { takeUntilDestroyed } from "@angular/core/rxjs-interop";
 import { FormBuilder, ReactiveFormsModule } from "@angular/forms";
+import { firstValueFrom } from "rxjs";
 
 import { JslibModule } from "@bitwarden/angular/jslib.module";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
+import { SdkService } from "@bitwarden/common/platform/abstractions/sdk/sdk.service";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
 import { SshKeyView } from "@bitwarden/common/vault/models/view/ssh-key.view";
 import {
@@ -62,6 +64,7 @@ export class SshKeySectionComponent implements OnInit {
     private cipherFormContainer: CipherFormContainer,
     private formBuilder: FormBuilder,
     private i18nService: I18nService,
+    private sdkService: SdkService,
   ) {
     this.cipherFormContainer.registerChildForm("sshKeyDetails", this.sshKeyForm);
     this.sshKeyForm.valueChanges.pipe(takeUntilDestroyed()).subscribe((value) => {
@@ -76,11 +79,11 @@ export class SshKeySectionComponent implements OnInit {
     });
   }
 
-  ngOnInit() {
+  async ngOnInit() {
     if (this.originalCipherView?.sshKey) {
       this.setInitialValues();
     } else {
-      this.generateSshKey();
+      await this.generateSshKey();
     }
 
     this.sshKeyForm.disable();
@@ -97,7 +100,8 @@ export class SshKeySectionComponent implements OnInit {
     });
   }
 
-  private generateSshKey() {
+  private async generateSshKey() {
+    await firstValueFrom(this.sdkService.client$);
     const sshKey = generate_ssh_key("Ed25519");
     this.sshKeyForm.setValue({
       privateKey: sshKey.private_key,

From 1b3b2e8d2c9582d9931df4a0628d42f5440f56cf Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Mon, 6 Jan 2025 13:48:41 +0100
Subject: [PATCH 15/18] Update index.d.ts

---
 apps/desktop/desktop_native/napi/index.d.ts | 1 -
 1 file changed, 1 deletion(-)

diff --git a/apps/desktop/desktop_native/napi/index.d.ts b/apps/desktop/desktop_native/napi/index.d.ts
index 1f37563e4fe..997e951c89e 100644
--- a/apps/desktop/desktop_native/napi/index.d.ts
+++ b/apps/desktop/desktop_native/napi/index.d.ts
@@ -74,7 +74,6 @@ export declare namespace sshagent {
   export function lock(agentState: SshAgentState): void
   export function importKey(encodedKey: string, password: string): SshKeyImportResult
   export function clearKeys(agentState: SshAgentState): void
-  export function generateKeypair(keyAlgorithm: string): Promise<SshKey>
   export class SshAgentState {   }
 }
 export declare namespace processisolations {

From 3a56b906ca0979823b775bec4d5ce0df9a854744 Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Mon, 6 Jan 2025 13:56:53 +0100
Subject: [PATCH 16/18] Fix build on browser

---
 .../src/vault/popup/components/vault/add-edit.component.ts     | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/apps/browser/src/vault/popup/components/vault/add-edit.component.ts b/apps/browser/src/vault/popup/components/vault/add-edit.component.ts
index 2110cc77e87..d573868f1f5 100644
--- a/apps/browser/src/vault/popup/components/vault/add-edit.component.ts
+++ b/apps/browser/src/vault/popup/components/vault/add-edit.component.ts
@@ -21,6 +21,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { SdkService } from "@bitwarden/common/platform/abstractions/sdk/sdk.service";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
 import { CipherType } from "@bitwarden/common/vault/enums";
@@ -75,6 +76,7 @@ export class AddEditComponent extends BaseAddEditComponent implements OnInit {
     private fido2UserVerificationService: Fido2UserVerificationService,
     cipherAuthorizationService: CipherAuthorizationService,
     toastService: ToastService,
+    sdkService: SdkService,
   ) {
     super(
       cipherService,
@@ -96,6 +98,7 @@ export class AddEditComponent extends BaseAddEditComponent implements OnInit {
       configService,
       cipherAuthorizationService,
       toastService,
+      sdkService,
     );
   }
 

From 331438763e118fd5e0ab9f2e0d0e7a005aa57939 Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Mon, 6 Jan 2025 14:07:59 +0100
Subject: [PATCH 17/18] Fix build

---
 .../view/emergency-add-edit-cipher.component.ts                | 3 +++
 apps/web/src/app/vault/individual-vault/add-edit.component.ts  | 3 +++
 apps/web/src/app/vault/org-vault/add-edit.component.ts         | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/apps/web/src/app/auth/settings/emergency-access/view/emergency-add-edit-cipher.component.ts b/apps/web/src/app/auth/settings/emergency-access/view/emergency-add-edit-cipher.component.ts
index ced1e180995..78e3b805eb8 100644
--- a/apps/web/src/app/auth/settings/emergency-access/view/emergency-add-edit-cipher.component.ts
+++ b/apps/web/src/app/auth/settings/emergency-access/view/emergency-add-edit-cipher.component.ts
@@ -15,6 +15,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { SdkService } from "@bitwarden/common/platform/abstractions/sdk/sdk.service";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
 import { TotpService } from "@bitwarden/common/vault/abstractions/totp.service";
@@ -57,6 +58,7 @@ export class EmergencyAddEditCipherComponent extends BaseAddEditComponent implem
     billingAccountProfileStateService: BillingAccountProfileStateService,
     cipherAuthorizationService: CipherAuthorizationService,
     toastService: ToastService,
+    sdkService: SdkService,
   ) {
     super(
       cipherService,
@@ -80,6 +82,7 @@ export class EmergencyAddEditCipherComponent extends BaseAddEditComponent implem
       billingAccountProfileStateService,
       cipherAuthorizationService,
       toastService,
+      sdkService,
     );
   }
 
diff --git a/apps/web/src/app/vault/individual-vault/add-edit.component.ts b/apps/web/src/app/vault/individual-vault/add-edit.component.ts
index 7655044c8f7..f6ca16541f3 100644
--- a/apps/web/src/app/vault/individual-vault/add-edit.component.ts
+++ b/apps/web/src/app/vault/individual-vault/add-edit.component.ts
@@ -21,6 +21,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { SdkService } from "@bitwarden/common/platform/abstractions/sdk/sdk.service";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
 import { TotpService } from "@bitwarden/common/vault/abstractions/totp.service";
@@ -74,6 +75,7 @@ export class AddEditComponent extends BaseAddEditComponent implements OnInit, On
     private billingAccountProfileStateService: BillingAccountProfileStateService,
     cipherAuthorizationService: CipherAuthorizationService,
     toastService: ToastService,
+    sdkService: SdkService,
   ) {
     super(
       cipherService,
@@ -95,6 +97,7 @@ export class AddEditComponent extends BaseAddEditComponent implements OnInit, On
       configService,
       cipherAuthorizationService,
       toastService,
+      sdkService,
     );
   }
 
diff --git a/apps/web/src/app/vault/org-vault/add-edit.component.ts b/apps/web/src/app/vault/org-vault/add-edit.component.ts
index 57521be198e..75042a63e91 100644
--- a/apps/web/src/app/vault/org-vault/add-edit.component.ts
+++ b/apps/web/src/app/vault/org-vault/add-edit.component.ts
@@ -16,6 +16,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { SdkService } from "@bitwarden/common/platform/abstractions/sdk/sdk.service";
 import { UserId } from "@bitwarden/common/types/guid";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
@@ -60,6 +61,7 @@ export class AddEditComponent extends BaseAddEditComponent {
     billingAccountProfileStateService: BillingAccountProfileStateService,
     cipherAuthorizationService: CipherAuthorizationService,
     toastService: ToastService,
+    sdkService: SdkService,
   ) {
     super(
       cipherService,
@@ -83,6 +85,7 @@ export class AddEditComponent extends BaseAddEditComponent {
       billingAccountProfileStateService,
       cipherAuthorizationService,
       toastService,
+      sdkService,
     );
   }
 

From c909147ab76934a49d538624a55c5bf71727e501 Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Wed, 8 Jan 2025 11:11:34 +0100
Subject: [PATCH 18/18] Fix build by updating libc dependency

---
 apps/desktop/desktop_native/Cargo.lock      | 4 ++--
 apps/desktop/desktop_native/core/Cargo.toml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/apps/desktop/desktop_native/Cargo.lock b/apps/desktop/desktop_native/Cargo.lock
index 07f5e571afd..8affdca7768 100644
--- a/apps/desktop/desktop_native/Cargo.lock
+++ b/apps/desktop/desktop_native/Cargo.lock
@@ -1484,9 +1484,9 @@ dependencies = [
 
 [[package]]
 name = "libc"
-version = "0.2.162"
+version = "0.2.169"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "18d287de67fe55fd7e1581fe933d965a5a9477b38e949cfa9f8574ef01506398"
+checksum = "b5aba8db14291edd000dfcc4d620c7ebfb122c613afb886ca8803fa4e128a20a"
 
 [[package]]
 name = "libloading"
diff --git a/apps/desktop/desktop_native/core/Cargo.toml b/apps/desktop/desktop_native/core/Cargo.toml
index 64d04ddc010..dde5a3b1c88 100644
--- a/apps/desktop/desktop_native/core/Cargo.toml
+++ b/apps/desktop/desktop_native/core/Cargo.toml
@@ -84,7 +84,7 @@ desktop_objc = { path = "../objc" }
 
 [target.'cfg(target_os = "linux")'.dependencies]
 oo7 = "=0.3.3"
-libc = "=0.2.162"
+libc = "=0.2.169"
 
 zbus = { version = "=4.4.0", optional = true }
 zbus_polkit = { version = "=4.0.0", optional = true }