bitwarden · Hinton · Aug 22, 2025 · Aug 21, 2025 · Aug 21, 2025 · Aug 21, 2025
@@ -26,6 +26,7 @@ bitwarden-cli = { path = "crates/bitwarden-cli", version = "=1.0.0" }
 bitwarden-collections = { path = "crates/bitwarden-collections", version = "=1.0.0" }
 bitwarden-core = { path = "crates/bitwarden-core", version = "=1.0.0" }
 bitwarden-crypto = { path = "crates/bitwarden-crypto", version = "=1.0.0" }
+bitwarden-encoding = { path = "crates/bitwarden-encoding", version = "=1.0.0" }
 bitwarden-error = { path = "crates/bitwarden-error", version = "=1.0.0" }
 bitwarden-error-macro = { path = "crates/bitwarden-error-macro", version = "=1.0.0" }
 bitwarden-exporters = { path = "crates/bitwarden-exporters", version = "=1.0.0" }
@@ -49,6 +50,7 @@ chrono = { version = ">=0.4.26, <0.5", features = [
     "serde",
     "std",
 ], default-features = false }
+data-encoding = ">=2.0, <3"
 js-sys = { version = ">=0.3.72, <0.4" }
 log = ">=0.4.18, <0.5"
 proc-macro2 = ">=1.0.89, <2"

@@ -34,6 +34,7 @@ base64 = ">=0.22.1, <0.23"
 bitwarden-api-api = { workspace = true }
 bitwarden-api-identity = { workspace = true }
 bitwarden-crypto = { workspace = true }
+bitwarden-encoding = { workspace = true }
 bitwarden-error = { workspace = true }
 bitwarden-state = { workspace = true }
 bitwarden-uuid = { workspace = true }

@@ -2,6 +2,8 @@
 use bitwarden_crypto::{
     CryptoError, DeviceKey, EncString, Kdf, TrustDeviceResponse, UnsignedSharedKey,
 };
+#[cfg(feature = "internal")]
+use bitwarden_encoding::B64;
 
 #[cfg(feature = "secrets")]
 use crate::auth::login::{login_access_token, AccessTokenLoginRequest, AccessTokenLoginResponse};
@@ -88,7 +90,7 @@ impl AuthClient {
     pub fn make_register_tde_keys(
         &self,
         email: String,
-        org_public_key: String,
+        org_public_key: B64,
         remember_device: bool,
     ) -> Result<RegisterTdeKeyResponse, EncryptionSettingsError> {
         make_register_tde_keys(&self.client, email, org_public_key, remember_device)

@@ -1,8 +1,8 @@
-use base64::{engine::general_purpose::STANDARD, Engine};
 use bitwarden_crypto::{
     AsymmetricPublicCryptoKey, DeviceKey, EncString, Kdf, SpkiPublicKeyBytes, SymmetricCryptoKey,
     TrustDeviceResponse, UnsignedSharedKey, UserKey,
 };
+use bitwarden_encoding::B64;
 
 use crate::{
     client::{encryption_settings::EncryptionSettingsError, internal::UserKeyState},
@@ -15,12 +15,11 @@ use crate::{
 pub(super) fn make_register_tde_keys(
     client: &Client,
     email: String,
-    org_public_key: String,
+    org_public_key: B64,
     remember_device: bool,
 ) -> Result<RegisterTdeKeyResponse, EncryptionSettingsError> {
-    let public_key = AsymmetricPublicCryptoKey::from_der(&SpkiPublicKeyBytes::from(
-        STANDARD.decode(org_public_key)?,
-    ))?;
+    let public_key =
+        AsymmetricPublicCryptoKey::from_der(&SpkiPublicKeyBytes::from(org_public_key.as_ref()))?;
 
     let user_key = UserKey::new(SymmetricCryptoKey::make_aes256_cbc_hmac_key());
     let key_pair = user_key.make_key_pair()?;

@@ -24,9 +24,10 @@ use std::str::FromStr;
 
 use base64::{engine::general_purpose::STANDARD, Engine};
 use bitwarden_crypto::{
-    CoseSerializable, CoseSign1Bytes, CryptoError, EncodingError, FromStrVisitor, KeyIds,
-    KeyStoreContext, SignedObject, SigningNamespace, VerifyingKey,
+    CoseSerializable, CoseSign1Bytes, CryptoError, EncodingError, KeyIds, KeyStoreContext,
+    SignedObject, SigningNamespace, VerifyingKey,
 };
+use bitwarden_encoding::FromStrVisitor;
 use serde::{Deserialize, Serialize};
 use uuid::Uuid;
 

@@ -28,6 +28,7 @@ argon2 = { version = ">=0.5.0, <0.6", features = [
     "zeroize",
 ], default-features = false }
 base64 = ">=0.22.1, <0.23"
+bitwarden-encoding = { workspace = true }
 bitwarden-error = { workspace = true }
 cbc = { version = ">=0.1.2, <0.2", features = ["alloc", "zeroize"] }
 chacha20poly1305 = { version = "0.10.1" }
@@ -46,7 +47,7 @@ rayon = ">=1.8.1, <2.0"
 rsa = ">=0.9.2, <0.10"
 schemars = { workspace = true }
 serde = { workspace = true }
-serde_bytes = { workspace = true } 
+serde_bytes = { workspace = true }
 serde_repr.workspace = true
 sha1 = ">=0.10.5, <0.11"
 sha2 = ">=0.10.6, <0.11"

@@ -1,6 +1,7 @@
 use std::{borrow::Cow, fmt::Display, str::FromStr};
 
 use base64::{engine::general_purpose::STANDARD, Engine};
+use bitwarden_encoding::FromStrVisitor;
 pub use internal::UnsignedSharedKey;
 use rsa::Oaep;
 use serde::Deserialize;
@@ -9,7 +10,6 @@ use super::{from_b64_vec, split_enc_string};
 use crate::{
     error::{CryptoError, EncStringParseError, Result},
     rsa::encrypt_rsa2048_oaep_sha1,
-    util::FromStrVisitor,
     AsymmetricCryptoKey, AsymmetricPublicCryptoKey, BitwardenLegacyKeyBytes, RawPrivateKey,
     RawPublicKey, SymmetricCryptoKey,
 };

@@ -1,13 +1,13 @@
 use std::{borrow::Cow, str::FromStr};
 
 use base64::{engine::general_purpose::STANDARD, Engine};
+use bitwarden_encoding::FromStrVisitor;
 use coset::CborSerializable;
 use serde::Deserialize;
 
 use super::{check_length, from_b64, from_b64_vec, split_enc_string};
 use crate::{
     error::{CryptoError, EncStringParseError, Result, UnsupportedOperation},
-    util::FromStrVisitor,
     Aes256CbcHmacKey, ContentFormat, KeyDecryptable, KeyEncryptable, KeyEncryptableWithContentType,
     SymmetricCryptoKey, Utf8Bytes, XChaCha20Poly1305Key,
 };

@@ -5,15 +5,16 @@
 use std::{borrow::Cow, str::FromStr};
 
 use base64::{engine::general_purpose::STANDARD, Engine};
+use bitwarden_encoding::FromStrVisitor;
 use serde::{Deserialize, Serialize};
 use serde_bytes::ByteBuf;
 use serde_repr::{Deserialize_repr, Serialize_repr};
 
 use super::AsymmetricPublicCryptoKey;
 use crate::{
-    cose::CoseSerializable, error::EncodingError, util::FromStrVisitor, CoseSign1Bytes,
-    CryptoError, PublicKeyEncryptionAlgorithm, RawPublicKey, SignedObject, SigningKey,
-    SigningNamespace, SpkiPublicKeyBytes, VerifyingKey,
+    cose::CoseSerializable, error::EncodingError, CoseSign1Bytes, CryptoError,
+    PublicKeyEncryptionAlgorithm, RawPublicKey, SignedObject, SigningKey, SigningNamespace,
+    SpkiPublicKeyBytes, VerifyingKey,
 };
 
 #[cfg(feature = "wasm")]

@@ -27,7 +27,7 @@ pub use keys::*;
 mod rsa;
 pub use crate::rsa::RsaKeyPair;
 mod util;
-pub use util::{generate_random_alphanumeric, generate_random_bytes, pbkdf2, FromStrVisitor};
+pub use util::{generate_random_alphanumeric, generate_random_bytes, pbkdf2};
 mod wordlist;
 pub use wordlist::EFF_LONG_WORD_LIST;
 mod store;

@@ -17,6 +17,7 @@ use std::{marker::PhantomData, num::TryFromIntError, str::FromStr};
 
 use argon2::Params;
 use base64::{engine::general_purpose::STANDARD, Engine};
+use bitwarden_encoding::FromStrVisitor;
 use ciborium::{value::Integer, Value};
 use coset::{CborSerializable, CoseError, Header, HeaderBuilder};
 use rand::RngCore;
@@ -28,8 +29,8 @@ use crate::{
         extract_bytes, extract_integer, CoseExtractError, ALG_ARGON2ID13, ARGON2_ITERATIONS,
         ARGON2_MEMORY, ARGON2_PARALLELISM, ARGON2_SALT,
     },
-    xchacha20, BitwardenLegacyKeyBytes, ContentFormat, CoseKeyBytes, EncodedSymmetricKey,
-    FromStrVisitor, KeyIds, KeyStoreContext, SymmetricCryptoKey,
+    xchacha20, BitwardenLegacyKeyBytes, ContentFormat, CoseKeyBytes, EncodedSymmetricKey, KeyIds,
+    KeyStoreContext, SymmetricCryptoKey,
 };
 
 /// 16 is the RECOMMENDED salt size for all applications:

@@ -1,4 +1,4 @@
-use std::{pin::Pin, str::FromStr};
+use std::pin::Pin;
 
 use ::aes::cipher::{ArrayLength, Unsigned};
 use generic_array::GenericArray;
@@ -53,37 +53,6 @@ pub fn pbkdf2(password: &[u8], salt: &[u8], rounds: u32) -> [u8; PBKDF_SHA256_HM
         .expect("hash is a valid fixed size")
 }
 
-/// A serde visitor that converts a string to a type that implements `FromStr`.
-pub struct FromStrVisitor<T>(std::marker::PhantomData<T>);
-impl<T> FromStrVisitor<T> {
-    /// Create a new `FromStrVisitor` for the given type.
-    pub fn new() -> Self {
-        Self::default()
-    }
-}
-impl<T> Default for FromStrVisitor<T> {
-    fn default() -> Self {
-        Self(Default::default())
-    }
-}
-impl<T: FromStr> serde::de::Visitor<'_> for FromStrVisitor<T>
-where
-    T::Err: std::fmt::Debug,
-{
-    type Value = T;
-
-    fn expecting(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
-        write!(f, "a valid string")
-    }
-
-    fn visit_str<E>(self, v: &str) -> Result<Self::Value, E>
-    where
-        E: serde::de::Error,
-    {
-        T::from_str(v).map_err(|e| E::custom(format!("{e:?}")))
-    }
-}
-
 #[cfg(test)]
 mod tests {
     use typenum::U64;

@@ -0,0 +1,36 @@
+[package]
+name = "bitwarden-encoding"
+description = """
+Internal crate for the bitwarden crate. Do not use.
+"""
+
+version.workspace = true
+authors.workspace = true
+edition.workspace = true
+rust-version.workspace = true
+readme.workspace = true
+homepage.workspace = true
+repository.workspace = true
+license-file.workspace = true
+keywords.workspace = true
+
+[features]
+uniffi = ["dep:uniffi"]
+wasm = ["dep:tsify", "dep:wasm-bindgen"]
+
+[dependencies]
+data-encoding = { workspace = true }
+data-encoding-macro = "0.1.18"
+serde = { workspace = true }
+thiserror.workspace = true
+tsify = { workspace = true, optional = true }
+uniffi = { workspace = true, optional = true }
+wasm-bindgen = { workspace = true, optional = true }
+
+[dev-dependencies]
+serde-wasm-bindgen = { workspace = true }
+serde_json = { workspace = true }
+wasm-bindgen-test = { workspace = true }
+
+[lints]
+workspace = true
@@ -0,0 +1,3 @@
+# Bitwarden Encoding
+
+Provides Base64 and Base64Url encoding and decoding utilities for working with Bitwarden data.
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		# Bitwarden Encoding

		Provides Base64 and Base64Url encoding and decoding utilities for working with Bitwarden data.