rename 'user symmetric key' with 'user key'

apps/browser/src/background/nativeMessaging.background.ts

@@ -13,7 +13,7 @@ import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
 import {
   MasterKey,
   SymmetricCryptoKey,
-  UserSymKey,
+  UserKey,
 } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 
 import { BrowserApi } from "../platform/browser/browser-api";
@@ -329,19 +329,19 @@ export class NativeMessagingBackground {
             if (message.userKeyB64) {
               const userKey = new SymmetricCryptoKey(
                 Utils.fromB64ToArray(message.userKeyB64).buffer
-              ) as UserSymKey;
+              ) as UserKey;
               await this.cryptoService.setUserKey(userKey);
             } else if (message.keyB64) {
               // backwards compatibility
               let encUserKey = await this.stateService.getEncryptedCryptoSymmetricKey();
-              encUserKey ||= await this.stateService.getUserSymKeyMasterKey();
+              encUserKey ||= await this.stateService.getUserKeyMasterKey();
               if (!encUserKey) {
                 throw new Error("No encrypted user key found");
               }
               const masterKey = new SymmetricCryptoKey(
                 Utils.fromB64ToArray(message.keyB64).buffer
               ) as MasterKey;
-              const userKey = await this.cryptoService.decryptUserSymKeyWithMasterKey(
+              const userKey = await this.cryptoService.decryptUserKeyWithMasterKey(
                 masterKey,
                 new EncString(encUserKey)
               );

apps/browser/src/platform/services/browser-crypto.service.ts

@@ -2,7 +2,7 @@ import { KeySuffixOptions } from "@bitwarden/common/enums";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import {
   SymmetricCryptoKey,
-  UserSymKey,
+  UserKey,
 } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { CryptoService } from "@bitwarden/common/platform/services/crypto.service";
 
@@ -10,12 +10,12 @@ export class BrowserCryptoService extends CryptoService {
   protected override async retrieveUserKeyFromStorage(
     keySuffix: KeySuffixOptions,
     userId?: string
-  ): Promise<UserSymKey> {
+  ): Promise<UserKey> {
     if (keySuffix === KeySuffixOptions.Biometric) {
       await this.platformUtilService.authenticateBiometric();
       const userKey = await this.getUserKeyFromMemory();
       if (userKey) {
-        return new SymmetricCryptoKey(Utils.fromB64ToArray(userKey.keyB64).buffer) as UserSymKey;
+        return new SymmetricCryptoKey(Utils.fromB64ToArray(userKey.keyB64).buffer) as UserKey;
       }
     }
 

apps/cli/src/auth/commands/login.command.ts

@@ -408,7 +408,7 @@ export class LoginCommand {
     try {
       const {
         newPasswordHash,
-        newUserSymKey: newEncKey,
+        newUserKey: newEncKey,
         hint,
       } = await this.collectNewMasterPasswordDetails(
         "Your master password does not meet one or more of your organization policies. In order to access the vault, you must update your master password now."
@@ -450,7 +450,7 @@ export class LoginCommand {
     try {
       const {
         newPasswordHash,
-        newUserSymKey: newEncKey,
+        newUserKey: newEncKey,
         hint,
       } = await this.collectNewMasterPasswordDetails(
         "An organization administrator recently changed your master password. In order to access the vault, you must update your master password now."
@@ -476,7 +476,7 @@ export class LoginCommand {
   /**
    * Collect new master password and hint from the CLI. The collected password
    * is validated against any applicable master password policies, a new master
-   * key is generated, and we use it to re-encrypt the user symmetric key
+   * key is generated, and we use it to re-encrypt the user key
    * @param prompt - Message that is displayed during the initial prompt
    * @param error
    */
@@ -485,7 +485,7 @@ export class LoginCommand {
     error?: string
   ): Promise<{
     newPasswordHash: string;
-    newUserSymKey: [SymmetricCryptoKey, EncString];
+    newUserKey: [SymmetricCryptoKey, EncString];
     hint?: string;
   }> {
     if (this.email == null || this.email === "undefined") {
@@ -575,19 +575,16 @@ export class LoginCommand {
     );
     const newPasswordHash = await this.cryptoService.hashPassword(masterPassword, newMasterKey);
 
-    // Grab user's symmetric key
+    // Grab user key
-    const userSymKey = await this.cryptoService.getUserKeyFromMemory();
+    const userKey = await this.cryptoService.getUserKeyFromMemory();
-    if (!userSymKey) {
+    if (!userKey) {
       throw new Error("User key not found.");
     }
 
-    // Re-encrypt user's symmetric key with new master key
+    // Re-encrypt user key with new master key
-    const newUserSymKey = await this.cryptoService.encryptUserSymKeyWithMasterKey(
+    const newUserKey = await this.cryptoService.encryptUserKeyWithMasterKey(newMasterKey, userKey);
-      newMasterKey,
-      userSymKey
-    );
 
-    return { newPasswordHash, newUserSymKey, hint: masterPasswordHint };
+    return { newPasswordHash, newUserKey: newUserKey, hint: masterPasswordHint };
   }
 
   private async handleCaptchaRequired(

apps/cli/src/auth/commands/unlock.command.ts

@@ -76,7 +76,7 @@ export class UnlockCommand {
 
     if (passwordValid) {
       await this.cryptoService.setMasterKey(masterKey);
-      const userKey = await this.cryptoService.decryptUserSymKeyWithMasterKey(masterKey);
+      const userKey = await this.cryptoService.decryptUserKeyWithMasterKey(masterKey);
       await this.cryptoService.setUserKey(userKey);
 
       if (await this.keyConnectorService.getConvertAccountRequired()) {

apps/cli/src/vault/create.command.ts

@@ -126,8 +126,8 @@ export class CreateCommand {
       return Response.error("Premium status is required to use this feature.");
     }
 
-    const userSymKey = await this.cryptoService.getUserKeyFromMemory();
+    const userKey = await this.cryptoService.getUserKeyFromMemory();
-    if (userSymKey == null) {
+    if (userKey == null) {
       return Response.error(
         "You must update your encryption key before you can use this feature. " +
           "See https://help.bitwarden.com/article/update-encryption-key/"

apps/desktop/src/platform/services/electron-crypto.service.ts

@@ -8,7 +8,7 @@ import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
 import {
   MasterKey,
   SymmetricCryptoKey,
-  UserSymKey,
+  UserKey,
 } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { CryptoService } from "@bitwarden/common/platform/services/crypto.service";
 import { CsprngString } from "@bitwarden/common/types/csprng";
@@ -26,7 +26,7 @@ export class ElectronCryptoService extends CryptoService {
     super(cryptoFunctionService, encryptService, platformUtilsService, logService, stateService);
   }
 
-  protected override async storeAdditionalKeys(key: UserSymKey, userId?: string) {
+  protected override async storeAdditionalKeys(key: UserKey, userId?: string) {
     await super.storeAdditionalKeys(key, userId);
 
     const storeBiometricKey = await this.shouldStoreKey(KeySuffixOptions.Biometric, userId);
@@ -34,28 +34,28 @@ export class ElectronCryptoService extends CryptoService {
     if (storeBiometricKey) {
       await this.storeBiometricKey(key, userId);
     } else {
-      await this.stateService.setUserSymKeyBiometric(null, { userId: userId });
+      await this.stateService.setUserKeyBiometric(null, { userId: userId });
     }
   }
 
   protected override async retrieveUserKeyFromStorage(
     keySuffix: KeySuffixOptions,
     userId?: string
-  ): Promise<UserSymKey> {
+  ): Promise<UserKey> {
     if (keySuffix === KeySuffixOptions.Biometric) {
       await this.migrateBiometricKeyIfNeeded(userId);
-      const userKey = await this.stateService.getUserSymKeyBiometric({ userId: userId });
+      const userKey = await this.stateService.getUserKeyBiometric({ userId: userId });
-      return new SymmetricCryptoKey(Utils.fromB64ToArray(userKey).buffer) as UserSymKey;
+      return new SymmetricCryptoKey(Utils.fromB64ToArray(userKey).buffer) as UserKey;
     }
     return await super.retrieveUserKeyFromStorage(keySuffix, userId);
   }
 
-  protected async storeBiometricKey(key: UserSymKey, userId?: string): Promise<void> {
+  protected async storeBiometricKey(key: UserKey, userId?: string): Promise<void> {
     let clientEncKeyHalf: CsprngString = null;
     if (await this.stateService.getBiometricRequirePasswordOnStart({ userId })) {
       clientEncKeyHalf = await this.getBiometricEncryptionClientKeyHalf(userId);
     }
-    await this.stateService.setUserSymKeyBiometric(
+    await this.stateService.setUserKeyBiometric(
       { key: key.keyB64, clientEncKeyHalf },
       { userId: userId }
     );
@@ -87,16 +87,13 @@ export class ElectronCryptoService extends CryptoService {
       // decrypt
       const masterKey = new SymmetricCryptoKey(Utils.fromB64ToArray(oldBiometricKey)) as MasterKey;
       let encUserKey = await this.stateService.getEncryptedCryptoSymmetricKey();
-      encUserKey = encUserKey ?? (await this.stateService.getUserSymKeyMasterKey());
+      encUserKey = encUserKey ?? (await this.stateService.getUserKeyMasterKey());
       if (!encUserKey) {
         throw new Error("No user key found during biometric migration");
       }
-      const userSymKey = await this.decryptUserSymKeyWithMasterKey(
+      const userKey = await this.decryptUserKeyWithMasterKey(masterKey, new EncString(encUserKey));
-        masterKey,
-        new EncString(encUserKey)
-      );
       // migrate
-      await this.storeBiometricKey(userSymKey, userId);
+      await this.storeBiometricKey(userKey, userId);
       await this.stateService.setCryptoMasterKeyBiometric(null, { userId });
     }
   }

apps/web/src/app/admin-console/organizations/members/components/reset-password.component.ts

@@ -25,7 +25,7 @@ import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
 import {
   SymmetricCryptoKey,
-  UserSymKey,
+  UserKey,
 } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
 
@@ -176,7 +176,7 @@ export class ResetPasswordComponent implements OnInit, OnDestroy {
 
           // Decrypt User's Reset Password Key to get EncKey
           const decValue = await this.cryptoService.rsaDecrypt(resetPasswordKey, decPrivateKey);
-          const existingUserSymKey = new SymmetricCryptoKey(decValue) as UserSymKey;
+          const existingUserKey = new SymmetricCryptoKey(decValue) as UserKey;
 
           // Create new master key and hash new password
           const newMasterKey = await this.cryptoService.makeMasterKey(
@@ -190,15 +190,15 @@ export class ResetPasswordComponent implements OnInit, OnDestroy {
             newMasterKey
           );
 
-          // Create new encrypted user symmetric key for the User
+          // Create new encrypted user key for the User
-          const newUserSymKey = await this.cryptoService.encryptUserSymKeyWithMasterKey(
+          const newUserKey = await this.cryptoService.encryptUserKeyWithMasterKey(
             newMasterKey,
-            existingUserSymKey
+            existingUserKey
           );
 
           // Create request
           const request = new OrganizationUserResetPasswordRequest();
-          request.key = newUserSymKey[1].encryptedString;
+          request.key = newUserKey[1].encryptedString;
           request.newMasterPasswordHash = newPasswordHash;
 
           // Change user's password

apps/web/src/app/auth/settings/emergency-access/emergency-access-takeover.component.ts

@@ -19,7 +19,7 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import {
   SymmetricCryptoKey,
-  UserSymKey,
+  UserKey,
 } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
 
@@ -94,9 +94,9 @@ export class EmergencyAccessTakeoverComponent
     );
 
     const oldKeyBuffer = await this.cryptoService.rsaDecrypt(takeoverResponse.keyEncrypted);
-    const oldUserSymKey = new SymmetricCryptoKey(oldKeyBuffer) as UserSymKey;
+    const oldUserKey = new SymmetricCryptoKey(oldKeyBuffer) as UserKey;
 
-    if (oldUserSymKey == null) {
+    if (oldUserKey == null) {
       this.platformUtilsService.showToast(
         "error",
         this.i18nService.t("errorOccurred"),
@@ -120,10 +120,7 @@ export class EmergencyAccessTakeoverComponent
       masterKey
     );
 
-    const encKey = await this.cryptoService.encryptUserSymKeyWithMasterKey(
+    const encKey = await this.cryptoService.encryptUserKeyWithMasterKey(masterKey, oldUserKey);
-      masterKey,
-      oldUserSymKey
-    );
 
     const request = new EmergencyAccessPasswordRequest();
     request.newMasterPasswordHash = masterPasswordHash;

apps/web/src/app/settings/change-email.component.ts

@@ -77,8 +77,8 @@ export class ChangeEmailComponent implements OnInit {
         this.masterPassword,
         newMasterKey
       );
-      const newUserSymKey = await this.cryptoService.encryptUserSymKeyWithMasterKey(newMasterKey);
+      const newUserKey = await this.cryptoService.encryptUserKeyWithMasterKey(newMasterKey);
-      request.key = newUserSymKey[1].encryptedString;
+      request.key = newUserKey[1].encryptedString;
       try {
         this.formPromise = this.apiService.postEmail(request);
         await this.formPromise;

apps/web/src/app/settings/change-kdf/change-kdf-confirmation.component.ts

@@ -87,8 +87,8 @@ export class ChangeKdfConfirmationComponent {
       masterPassword,
       newMasterKey
     );
-    const newUserSymKey = await this.cryptoService.encryptUserSymKeyWithMasterKey(newMasterKey);
+    const newUserKey = await this.cryptoService.encryptUserKeyWithMasterKey(newMasterKey);
-    request.key = newUserSymKey[1].encryptedString;
+    request.key = newUserKey[1].encryptedString;
 
     await this.apiService.postAccountKdf(request);
   }

apps/web/src/app/settings/change-password.component.ts

@@ -26,7 +26,7 @@ import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
 import {
   MasterKey,
   SymmetricCryptoKey,
-  UserSymKey,
+  UserKey,
 } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
 import { SendWithIdRequest } from "@bitwarden/common/tools/send/models/request/send-with-id.request";
@@ -184,7 +184,7 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
   async performSubmitActions(
     newMasterPasswordHash: string,
     newMasterKey: MasterKey,
-    newUserKey: [UserSymKey, EncString]
+    newUserKey: [UserKey, EncString]
   ) {
     const request = new PasswordRequest();
     request.masterPasswordHash = await this.cryptoService.hashPassword(
@@ -218,15 +218,15 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
   }
 
   private async updateKey(masterKey: MasterKey, masterPasswordHash: string) {
-    const userSymKey = await this.cryptoService.makeUserSymKey(masterKey);
+    const userKey = await this.cryptoService.makeUserKey(masterKey);
     const privateKey = await this.cryptoService.getPrivateKey();
     let encPrivateKey: EncString = null;
     if (privateKey != null) {
-      encPrivateKey = await this.cryptoService.encrypt(privateKey, userSymKey[0]);
+      encPrivateKey = await this.cryptoService.encrypt(privateKey, userKey[0]);
     }
     const request = new UpdateKeyRequest();
     request.privateKey = encPrivateKey != null ? encPrivateKey.encryptedString : null;
-    request.key = userSymKey[1].encryptedString;
+    request.key = userKey[1].encryptedString;
     request.masterPasswordHash = masterPasswordHash;
 
     const folders = await firstValueFrom(this.folderService.folderViews$);
@@ -234,7 +234,7 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
       if (folders[i].id == null) {
         continue;
       }
-      const folder = await this.folderService.encrypt(folders[i], userSymKey[0]);
+      const folder = await this.folderService.encrypt(folders[i], userKey[0]);
       request.folders.push(new FolderWithIdRequest(folder));
     }
 
@@ -244,7 +244,7 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
         continue;
       }
 
-      const cipher = await this.cipherService.encrypt(ciphers[i], userSymKey[0]);
+      const cipher = await this.cipherService.encrypt(ciphers[i], userKey[0]);
       request.ciphers.push(new CipherWithIdRequest(cipher));
     }
 
@@ -252,16 +252,16 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
     await Promise.all(
       sends.map(async (send) => {
         const sendKey = await this.cryptoService.decryptToBytes(send.key, null);
-        send.key = (await this.cryptoService.encrypt(sendKey, userSymKey[0])) ?? send.key;
+        send.key = (await this.cryptoService.encrypt(sendKey, userKey[0])) ?? send.key;
         request.sends.push(new SendWithIdRequest(send));
       })
     );
 
     await this.apiService.postAccountKey(request);
 
-    await this.updateEmergencyAccesses(userSymKey[0]);
+    await this.updateEmergencyAccesses(userKey[0]);
 
-    await this.updateAllResetPasswordKeys(userSymKey[0], masterPasswordHash);
+    await this.updateAllResetPasswordKeys(userKey[0], masterPasswordHash);
   }
 
   private async updateEmergencyAccesses(encKey: SymmetricCryptoKey) {
@@ -289,7 +289,7 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
     }
   }
 
-  private async updateAllResetPasswordKeys(userSymKey: UserSymKey, masterPasswordHash: string) {
+  private async updateAllResetPasswordKeys(userKey: UserKey, masterPasswordHash: string) {
     const orgs = await this.organizationService.getAll();
 
     for (const org of orgs) {
@@ -303,7 +303,7 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
       const publicKey = Utils.fromB64ToArray(response?.publicKey);
 
       // Re-enroll - encrypt user's encKey.key with organization public key
-      const encryptedKey = await this.cryptoService.rsaEncrypt(userSymKey.key, publicKey.buffer);
+      const encryptedKey = await this.cryptoService.rsaEncrypt(userKey.key, publicKey.buffer);
 
       // Create/Execute request
       const request = new OrganizationUserResetPasswordEnrollmentRequest();

apps/web/src/app/settings/update-key.component.ts

@@ -69,7 +69,7 @@ export class UpdateKeyComponent {
 
   private async makeRequest(): Promise<UpdateKeyRequest> {
     const masterKey = await this.cryptoService.getMasterKey();
-    const newUserKey = await this.cryptoService.makeUserSymKey(masterKey);
+    const newUserKey = await this.cryptoService.makeUserKey(masterKey);
     const privateKey = await this.cryptoService.getPrivateKey();
     let encPrivateKey: EncString = null;
     if (privateKey != null) {

bitwarden_license/bit-web/src/app/admin-console/organizations/core/services/auth-requests/admin-auth-request-update.request.ts

@@ -2,7 +2,7 @@ export class AdminAuthRequestUpdateRequest {
   /**
    *
    * @param requestApproved - Whether the request was approved/denied. If true, the key must be provided.
-   * @param encryptedUserKey The user's symmetric key that has been encrypted with a device public key if the request was approved.
+   * @param encryptedUserKey The user key that has been encrypted with a device public key if the request was approved.
    */
   constructor(public requestApproved: boolean, public encryptedUserKey?: string) {}
 }

bitwarden_license/bit-web/src/app/admin-console/organizations/manage/device-approvals/device-approvals.component.ts

@@ -65,16 +65,16 @@ export class DeviceApprovalsComponent implements OnInit, OnDestroy {
   }
 
   /**
-   * Creates a copy of the user's symmetric key that has been encrypted with the provided device's public key.
+   * Creates a copy of the user key that has been encrypted with the provided device's public key.
    * @param devicePublicKey
    * @param resetPasswordDetails
    * @private
    */
-  private async getEncryptedUserSymKey(
+  private async getEncryptedUserKey(
     devicePublicKey: string,
     resetPasswordDetails: OrganizationUserResetPasswordDetailsResponse
   ): Promise<EncString> {
-    const encryptedUserSymKey = resetPasswordDetails.resetPasswordKey;
+    const encryptedUserKey = resetPasswordDetails.resetPasswordKey;
     const encryptedOrgPrivateKey = resetPasswordDetails.encryptedPrivateKey;
     const devicePubKey = Utils.fromB64ToArray(devicePublicKey);
 
@@ -85,12 +85,12 @@ export class DeviceApprovalsComponent implements OnInit, OnDestroy {
       orgSymKey
     );
 
-    // Decrypt User's symmetric key with decrypted org private key
+    // Decrypt user key with decrypted org private key
-    const decValue = await this.cryptoService.rsaDecrypt(encryptedUserSymKey, decOrgPrivateKey);
+    const decValue = await this.cryptoService.rsaDecrypt(encryptedUserKey, decOrgPrivateKey);
-    const userSymKey = new SymmetricCryptoKey(decValue);
+    const userKey = new SymmetricCryptoKey(decValue);
 
-    // Re-encrypt User's Symmetric Key with the Device Public Key
+    // Re-encrypt user Key with the Device Public Key
-    return await this.cryptoService.rsaEncrypt(userSymKey.key, devicePubKey.buffer);
+    return await this.cryptoService.rsaEncrypt(userKey.key, devicePubKey.buffer);
   }
 
   async approveRequest(authRequest: PendingAuthRequestView) {
@@ -110,7 +110,7 @@ export class DeviceApprovalsComponent implements OnInit, OnDestroy {
         return;
       }
 
-      const encryptedKey = await this.getEncryptedUserSymKey(authRequest.publicKey, details);
+      const encryptedKey = await this.getEncryptedUserKey(authRequest.publicKey, details);
 
       await this.organizationAuthRequestService.approvePendingRequest(
         this.organizationId,

libs/angular/src/auth/components/change-password.component.ts

@@ -12,10 +12,7 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
-import {
+import { MasterKey, UserKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
-  MasterKey,
-  UserSymKey,
-} from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
 
 import { DialogServiceAbstraction, SimpleDialogType } from "../../services/dialog";
@@ -95,17 +92,15 @@ export class ChangePasswordComponent implements OnInit, OnDestroy {
       newMasterKey
     );
 
-    let newProtectedUserSymKey: [UserSymKey, EncString] = null;
+    let newProtectedUserKey: [UserKey, EncString] = null;
-    const userSymKey = await this.cryptoService.getUserKeyFromMemory();
+    const userKey = await this.cryptoService.getUserKeyFromMemory();
-    if (userSymKey == null) {
+    if (userKey == null) {
-      newProtectedUserSymKey = await this.cryptoService.makeUserSymKey(newMasterKey);
+      newProtectedUserKey = await this.cryptoService.makeUserKey(newMasterKey);
     } else {
-      newProtectedUserSymKey = await this.cryptoService.encryptUserSymKeyWithMasterKey(
+      newProtectedUserKey = await this.cryptoService.encryptUserKeyWithMasterKey(newMasterKey);
-        newMasterKey
-      );
     }
 
-    await this.performSubmitActions(newMasterPasswordHash, newMasterKey, newProtectedUserSymKey);
+    await this.performSubmitActions(newMasterPasswordHash, newMasterKey, newProtectedUserKey);
   }
 
   async setupSubmitActions(): Promise<boolean> {
@@ -117,7 +112,7 @@ export class ChangePasswordComponent implements OnInit, OnDestroy {
   async performSubmitActions(
     masterPasswordHash: string,
     masterKey: MasterKey,
-    userSymKey: [UserSymKey, EncString]
+    userKey: [UserKey, EncString]
   ) {
     // Override in sub-class
   }

libs/angular/src/auth/components/lock.component.ts

@@ -24,7 +24,7 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
-import { UserSymKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import { UserKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { PasswordStrengthServiceAbstraction } from "@bitwarden/common/tools/password-strength";
 
 import { DialogServiceAbstraction, SimpleDialogType } from "../../services/dialog";
@@ -153,41 +153,41 @@ export class LockComponent implements OnInit, OnDestroy {
     try {
       const kdf = await this.stateService.getKdfType();
       const kdfConfig = await this.stateService.getKdfConfig();
-      let userSymKeyPin: EncString;
+      let userKeyPin: EncString;
       let oldPinProtected: EncString;
       if (this.pinSet[0]) {
         // MP on restart enabled
-        userSymKeyPin = await this.stateService.getUserSymKeyPinEphemeral();
+        userKeyPin = await this.stateService.getUserKeyPinEphemeral();
         oldPinProtected = await this.stateService.getDecryptedPinProtected();
       } else {
         // MP on restart disabled
-        userSymKeyPin = await this.stateService.getUserSymKeyPin();
+        userKeyPin = await this.stateService.getUserKeyPin();
         const oldEncryptedKey = await this.stateService.getEncryptedPinProtected();
         oldPinProtected = oldEncryptedKey ? new EncString(oldEncryptedKey) : undefined;
       }
 
-      let userSymKey: UserSymKey;
+      let userKey: UserKey;
       if (oldPinProtected) {
-        userSymKey = await this.decryptAndMigrateOldPinKey(true, kdf, kdfConfig, oldPinProtected);
+        userKey = await this.decryptAndMigrateOldPinKey(true, kdf, kdfConfig, oldPinProtected);
       } else {
-        userSymKey = await this.cryptoService.decryptUserSymKeyWithPin(
+        userKey = await this.cryptoService.decryptUserKeyWithPin(
           this.pin,
           this.email,
           kdf,
           kdfConfig,
-          userSymKeyPin
+          userKeyPin
         );
       }
 
       const protectedPin = await this.stateService.getProtectedPin();
       const decryptedPin = await this.cryptoService.decryptToUtf8(
         new EncString(protectedPin),
-        userSymKey
+        userKey
       );
       failed = decryptedPin !== this.pin;
 
       if (!failed) {
-        await this.setKeyAndContinue(userSymKey);
+        await this.setKeyAndContinue(userKey);
       }
     } catch {
       failed = true;
@@ -275,22 +275,22 @@ export class LockComponent implements OnInit, OnDestroy {
       return;
     }
 
-    const userKey = await this.cryptoService.decryptUserSymKeyWithMasterKey(masterKey);
+    const userKey = await this.cryptoService.decryptUserKeyWithMasterKey(masterKey);
 
     // if MP on restart is enabled, use it to get the PIN and store the ephemeral
-    // pin protected user symmetric key
+    // pin protected user key
     if (this.pinSet[0]) {
       const protectedPin = await this.stateService.getProtectedPin();
       const pin = await this.cryptoService.decryptToUtf8(new EncString(protectedPin), userKey);
       const pinKey = await this.cryptoService.makePinKey(pin, this.email, kdf, kdfConfig);
-      await this.stateService.setUserSymKeyPinEphemeral(
+      await this.stateService.setUserKeyPinEphemeral(
         await this.cryptoService.encrypt(userKey.key, pinKey)
       );
     }
     await this.setKeyAndContinue(userKey, true);
   }
 
-  private async setKeyAndContinue(key: UserSymKey, evaluatePasswordAfterUnlock = false) {
+  private async setKeyAndContinue(key: UserKey, evaluatePasswordAfterUnlock = false) {
     await this.cryptoService.setUserKey(key);
     await this.doContinue(evaluatePasswordAfterUnlock);
   }
@@ -331,7 +331,7 @@ export class LockComponent implements OnInit, OnDestroy {
   private async load() {
     this.pinSet = await this.vaultTimeoutSettingsService.isPinLockSet();
 
-    let ephemeralPinSet = await this.stateService.getUserSymKeyPinEphemeral();
+    let ephemeralPinSet = await this.stateService.getUserKeyPinEphemeral();
     ephemeralPinSet ||= await this.stateService.getDecryptedPinProtected();
     this.pinLock = (this.pinSet[0] && !!ephemeralPinSet) || this.pinSet[1];
 
@@ -381,21 +381,21 @@ export class LockComponent implements OnInit, OnDestroy {
   }
 
   /**
-   * Creates a new Pin key that encrypts the user's symmetric key instead of the
+   * Creates a new Pin key that encrypts the user key instead of the
    * master key. Clears the old Pin key from state.
    * @param masterPasswordOnRestart True if Master Password on Restart is enabled
    * @param kdf User's KdfType
    * @param kdfConfig User's KdfConfig
    * @param oldPinProtected The old Pin key from state (retrieved from different
    * places depending on if Master Password on Restart was enabled)
-   * @returns The user's symmetric key
+   * @returns The user key
    */
   private async decryptAndMigrateOldPinKey(
     masterPasswordOnRestart: boolean,
     kdf: KdfType,
     kdfConfig: KdfConfig,
     oldPinProtected?: EncString
-  ): Promise<UserSymKey> {
+  ): Promise<UserKey> {
     // Decrypt
     const masterKey = await this.cryptoService.decryptMasterKeyWithPin(
       this.pin,
@@ -404,28 +404,28 @@ export class LockComponent implements OnInit, OnDestroy {
       kdfConfig,
       oldPinProtected
     );
-    const encUserSymKey = await this.stateService.getEncryptedCryptoSymmetricKey();
+    const encUserKey = await this.stateService.getEncryptedCryptoSymmetricKey();
-    const userSymKey = await this.cryptoService.decryptUserSymKeyWithMasterKey(
+    const userKey = await this.cryptoService.decryptUserKeyWithMasterKey(
       masterKey,
-      new EncString(encUserSymKey)
+      new EncString(encUserKey)
     );
     // Migrate
     const pinKey = await this.cryptoService.makePinKey(this.pin, this.email, kdf, kdfConfig);
-    const pinProtectedKey = await this.cryptoService.encrypt(userSymKey.key, pinKey);
+    const pinProtectedKey = await this.cryptoService.encrypt(userKey.key, pinKey);
     if (masterPasswordOnRestart) {
       await this.stateService.setDecryptedPinProtected(null);
-      await this.stateService.setUserSymKeyPinEphemeral(pinProtectedKey);
+      await this.stateService.setUserKeyPinEphemeral(pinProtectedKey);
     } else {
       await this.stateService.setEncryptedPinProtected(null);
-      await this.stateService.setUserSymKeyPin(pinProtectedKey);
+      await this.stateService.setUserKeyPin(pinProtectedKey);
       // We previously only set the protected pin if MP on Restart was enabled
       // now we set it regardless
-      const encPin = await this.cryptoService.encrypt(this.pin, userSymKey);
+      const encPin = await this.cryptoService.encrypt(this.pin, userKey);
       await this.stateService.setProtectedPin(encPin.encryptedString);
     }
     // This also clears the old Biometrics key since the new Biometrics key will
-    // be created when the user's symmetric key is set.
+    // be created when the user key is set.
     await this.stateService.setCryptoMasterKeyBiometric(null);
-    return userSymKey;
+    return userKey;
   }
 }

libs/angular/src/auth/components/update-password.component.ts

@@ -14,10 +14,7 @@ import { MessagingService } from "@bitwarden/common/platform/abstractions/messag
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
-import {
+import { MasterKey, UserKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
-  MasterKey,
-  UserSymKey,
-} from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
 import { Verification } from "@bitwarden/common/types/verification";
 
@@ -100,7 +97,7 @@ export class UpdatePasswordComponent extends BaseChangePasswordComponent {
   async performSubmitActions(
     masterPasswordHash: string,
     masterKey: MasterKey,
-    userSymKey: [UserSymKey, EncString]
+    userKey: [UserKey, EncString]
   ) {
     try {
       // Create Request
@@ -110,7 +107,7 @@ export class UpdatePasswordComponent extends BaseChangePasswordComponent {
         null
       );
       request.newMasterPasswordHash = masterPasswordHash;
-      request.key = userSymKey[1].encryptedString;
+      request.key = userKey[1].encryptedString;
 
       // Update user's password
       this.apiService.postPassword(request);

libs/angular/src/auth/components/update-temp-password.component.ts

@@ -16,10 +16,7 @@ import { MessagingService } from "@bitwarden/common/platform/abstractions/messag
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
-import {
+import { MasterKey, UserKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
-  MasterKey,
-  UserSymKey,
-} from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
 import { Verification } from "@bitwarden/common/types/verification";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
@@ -128,16 +125,16 @@ export class UpdateTempPasswordComponent extends BaseChangePasswordComponent {
         newMasterKey
       );
 
-      // Grab user's symmetric key
+      // Grab user key
       const userKey = await this.cryptoService.getUserKeyFromMemory();
 
-      // Encrypt user's symmetric key with new master key
+      // Encrypt user key with new master key
-      const newProtectedUserSymKey = await this.cryptoService.encryptUserSymKeyWithMasterKey(
+      const newProtectedUserKey = await this.cryptoService.encryptUserKeyWithMasterKey(
         newMasterKey,
         userKey
       );
 
-      await this.performSubmitActions(newPasswordHash, newMasterKey, newProtectedUserSymKey);
+      await this.performSubmitActions(newPasswordHash, newMasterKey, newProtectedUserKey);
     } catch (e) {
       this.logService.error(e);
     }
@@ -146,15 +143,15 @@ export class UpdateTempPasswordComponent extends BaseChangePasswordComponent {
   async performSubmitActions(
     masterPasswordHash: string,
     masterKey: MasterKey,
-    userSymKey: [UserSymKey, EncString]
+    userKey: [UserKey, EncString]
   ) {
     try {
       switch (this.reason) {
         case ForceResetPasswordReason.AdminForcePasswordReset:
-          this.formPromise = this.updateTempPassword(masterPasswordHash, userSymKey);
+          this.formPromise = this.updateTempPassword(masterPasswordHash, userKey);
           break;
         case ForceResetPasswordReason.WeakMasterPassword:
-          this.formPromise = this.updatePassword(masterPasswordHash, userSymKey);
+          this.formPromise = this.updatePassword(masterPasswordHash, userKey);
           break;
       }
 
@@ -176,26 +173,23 @@ export class UpdateTempPasswordComponent extends BaseChangePasswordComponent {
       this.logService.error(e);
     }
   }
-  private async updateTempPassword(
+  private async updateTempPassword(masterPasswordHash: string, userKey: [UserKey, EncString]) {
-    masterPasswordHash: string,
-    userSymKey: [UserSymKey, EncString]
-  ) {
     const request = new UpdateTempPasswordRequest();
-    request.key = userSymKey[1].encryptedString;
+    request.key = userKey[1].encryptedString;
     request.newMasterPasswordHash = masterPasswordHash;
     request.masterPasswordHint = this.hint;
 
     return this.apiService.putUpdateTempPassword(request);
   }
 
-  private async updatePassword(newMasterPasswordHash: string, userSymKey: [UserSymKey, EncString]) {
+  private async updatePassword(newMasterPasswordHash: string, userKey: [UserKey, EncString]) {
     const request = await this.userVerificationService.buildRequest(
       this.verification,
       PasswordRequest
     );
     request.masterPasswordHint = this.hint;
     request.newMasterPasswordHash = newMasterPasswordHash;
-    request.key = userSymKey[1].encryptedString;
+    request.key = userKey[1].encryptedString;
 
     return this.apiService.postPassword(request);
   }

libs/angular/src/components/register.component.ts

@@ -272,15 +272,15 @@ export class RegisterComponent extends CaptchaProtectedComponent implements OnIn
     const kdf = DEFAULT_KDF_TYPE;
     const kdfConfig = DEFAULT_KDF_CONFIG;
     const key = await this.cryptoService.makeMasterKey(masterPassword, email, kdf, kdfConfig);
-    const newUserSymKey = await this.cryptoService.makeUserSymKey(key);
+    const newUserKey = await this.cryptoService.makeUserKey(key);
     const hashedPassword = await this.cryptoService.hashPassword(masterPassword, key);
-    const keys = await this.cryptoService.makeKeyPair(newUserSymKey[0]);
+    const keys = await this.cryptoService.makeKeyPair(newUserKey[0]);
     const request = new RegisterRequest(
       email,
       name,
       hashedPassword,
       hint,
-      newUserSymKey[1].encryptedString,
+      newUserKey[1].encryptedString,
       this.referenceData,
       this.captchaToken,
       kdf,

libs/angular/src/components/set-password.component.ts

@@ -18,10 +18,7 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
-import {
+import { MasterKey, UserKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
-  MasterKey,
-  UserSymKey,
-} from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 
@@ -105,7 +102,7 @@ export class SetPasswordComponent extends BaseChangePasswordComponent {
   async performSubmitActions(
     masterPasswordHash: string,
     masterKey: MasterKey,
-    userKey: [UserSymKey, EncString]
+    userKey: [UserKey, EncString]
   ) {
     const newKeyPair = await this.cryptoService.makeKeyPair(userKey[0]);
     const request = new SetPasswordRequest(
@@ -134,7 +131,7 @@ export class SetPasswordComponent extends BaseChangePasswordComponent {
             const userId = await this.stateService.getUserId();
             const publicKey = Utils.fromB64ToArray(response.publicKey);
 
-            // RSA Encrypt user's symmetric key with organization public key
+            // RSA Encrypt user key with organization public key
             const userKey = await this.cryptoService.getUserKeyFromMemory();
             const encryptedUserKey = await this.cryptoService.rsaEncrypt(
               userKey.key,
@@ -176,7 +173,7 @@ export class SetPasswordComponent extends BaseChangePasswordComponent {
 
   private async onSetPasswordSuccess(
     masterKey: MasterKey,
-    userKey: [UserSymKey, EncString],
+    userKey: [UserKey, EncString],
     keyPair: [string, EncString]
   ) {
     await this.stateService.setKdfType(this.kdf);

libs/angular/src/components/set-pin.component.ts

@@ -46,9 +46,9 @@ export class SetPinComponent implements OnInit {
     const encPin = await this.cryptoService.encrypt(this.pin, userKey);
     await this.stateService.setProtectedPin(encPin.encryptedString);
     if (this.masterPassOnRestart) {
-      await this.stateService.setUserSymKeyPinEphemeral(pinProtectedKey);
+      await this.stateService.setUserKeyPinEphemeral(pinProtectedKey);
     } else {
-      await this.stateService.setUserSymKeyPin(pinProtectedKey);
+      await this.stateService.setUserKeyPin(pinProtectedKey);
     }
     await this.cryptoService.clearOldPinKeys();
 

libs/common/src/abstractions/devices/devices-api.service.abstraction.ts

@@ -7,8 +7,8 @@ export abstract class DevicesApiServiceAbstraction {
 
   updateTrustedDeviceKeys: (
     deviceIdentifier: string,
-    devicePublicKeyEncryptedUserSymKey: string,
+    devicePublicKeyEncryptedUserKey: string,
-    userSymKeyEncryptedDevicePublicKey: string,
+    userKeyEncryptedDevicePublicKey: string,
     deviceKeyEncryptedDevicePrivateKey: string
   ) => Promise<DeviceResponse>;
 }

libs/common/src/auth/login-strategies/login.strategy.spec.ts

@@ -14,7 +14,7 @@ import { EncString } from "../../platform/models/domain/enc-string";
 import {
   MasterKey,
   SymmetricCryptoKey,
-  UserSymKey,
+  UserKey,
 } from "../../platform/models/domain/symmetric-crypto-key";
 import {
   PasswordStrengthService,
@@ -43,7 +43,7 @@ const masterPassword = "password";
 const deviceId = Utils.newGuid();
 const accessToken = "ACCESS_TOKEN";
 const refreshToken = "REFRESH_TOKEN";
-const userSymKey = "USER_SYM_KEY";
+const userKey = "USER_KEY";
 const privateKey = "PRIVATE_KEY";
 const captchaSiteKey = "CAPTCHA_SITE_KEY";
 const kdf = 0;
@@ -70,7 +70,7 @@ export function identityTokenResponseFactory(
     ForcePasswordReset: false,
     Kdf: kdf,
     KdfIterations: kdfIterations,
-    Key: userSymKey,
+    Key: userKey,
     PrivateKey: privateKey,
     ResetMasterPassword: false,
     access_token: accessToken,
@@ -135,15 +135,15 @@ describe("LogInStrategy", () => {
   });
 
   describe("base class", () => {
-    const userSymKeyBytesLength = 64;
+    const userKeyBytesLength = 64;
     const masterKeyBytesLength = 64;
-    let userSymKey: UserSymKey;
+    let userKey: UserKey;
     let masterKey: MasterKey;
 
     beforeEach(() => {
-      userSymKey = new SymmetricCryptoKey(
+      userKey = new SymmetricCryptoKey(
-        new Uint8Array(userSymKeyBytesLength).buffer as CsprngArray
+        new Uint8Array(userKeyBytesLength).buffer as CsprngArray
-      ) as UserSymKey;
+      ) as UserKey;
       masterKey = new SymmetricCryptoKey(
         new Uint8Array(masterKeyBytesLength).buffer as CsprngArray
       ) as MasterKey;
@@ -206,7 +206,7 @@ describe("LogInStrategy", () => {
 
       apiService.postIdentityToken.mockResolvedValue(tokenResponse);
       cryptoService.getMasterKey.mockResolvedValue(masterKey);
-      cryptoService.decryptUserSymKeyWithMasterKey.mockResolvedValue(userSymKey);
+      cryptoService.decryptUserKeyWithMasterKey.mockResolvedValue(userKey);
 
       const result = await passwordLogInStrategy.logIn(credentials);
 
@@ -225,7 +225,7 @@ describe("LogInStrategy", () => {
 
       apiService.postIdentityToken.mockResolvedValue(tokenResponse);
       cryptoService.getMasterKey.mockResolvedValue(masterKey);
-      cryptoService.decryptUserSymKeyWithMasterKey.mockResolvedValue(userSymKey);
+      cryptoService.decryptUserKeyWithMasterKey.mockResolvedValue(userKey);
 
       await passwordLogInStrategy.logIn(credentials);
 

libs/common/src/auth/login-strategies/password-login.strategy.spec.ts

@@ -13,7 +13,7 @@ import { Utils } from "../../platform/misc/utils";
 import {
   MasterKey,
   SymmetricCryptoKey,
-  UserSymKey,
+  UserKey,
 } from "../../platform/models/domain/symmetric-crypto-key";
 import {
   PasswordStrengthService,
@@ -134,19 +134,17 @@ describe("PasswordLogInStrategy", () => {
   });
 
   it("sets keys after a successful authentication", async () => {
-    const userSymKey = new SymmetricCryptoKey(
+    const userKey = new SymmetricCryptoKey(new Uint8Array(64).buffer as CsprngArray) as UserKey;
-      new Uint8Array(64).buffer as CsprngArray
-    ) as UserSymKey;
 
     cryptoService.getMasterKey.mockResolvedValue(masterKey);
-    cryptoService.decryptUserSymKeyWithMasterKey.mockResolvedValue(userSymKey);
+    cryptoService.decryptUserKeyWithMasterKey.mockResolvedValue(userKey);
 
     await passwordLogInStrategy.logIn(credentials);
 
     expect(cryptoService.setMasterKey).toHaveBeenCalledWith(masterKey);
     expect(cryptoService.setKeyHash).toHaveBeenCalledWith(localHashedPassword);
-    expect(cryptoService.setUserSymKeyMasterKey).toHaveBeenCalledWith(tokenResponse.key);
+    expect(cryptoService.setUserKeyMasterKey).toHaveBeenCalledWith(tokenResponse.key);
-    expect(cryptoService.setUserKey).toHaveBeenCalledWith(userSymKey);
+    expect(cryptoService.setUserKey).toHaveBeenCalledWith(userKey);
     expect(cryptoService.setPrivateKey).toHaveBeenCalledWith(tokenResponse.privateKey);
   });
 

libs/common/src/auth/login-strategies/password-login.strategy.ts

@@ -147,11 +147,11 @@ export class PasswordLogInStrategy extends LogInStrategy {
   }
 
   protected override async setUserKey(response: IdentityTokenResponse): Promise<void> {
-    await this.cryptoService.setUserSymKeyMasterKey(response.key);
+    await this.cryptoService.setUserKeyMasterKey(response.key);
 
     const masterKey = await this.cryptoService.getMasterKey();
     if (masterKey) {
-      const userKey = await this.cryptoService.decryptUserSymKeyWithMasterKey(masterKey);
+      const userKey = await this.cryptoService.decryptUserKeyWithMasterKey(masterKey);
       await this.cryptoService.setUserKey(userKey);
     }
   }

libs/common/src/auth/login-strategies/passwordless-login.strategy.spec.ts

@@ -11,7 +11,7 @@ import { Utils } from "../../platform/misc/utils";
 import {
   MasterKey,
   SymmetricCryptoKey,
-  UserSymKey,
+  UserKey,
 } from "../../platform/models/domain/symmetric-crypto-key";
 import { CsprngArray } from "../../types/csprng";
 import { TokenService } from "../abstractions/token.service";
@@ -85,19 +85,17 @@ describe("SsoLogInStrategy", () => {
 
   it("sets keys after a successful authentication", async () => {
     const masterKey = new SymmetricCryptoKey(new Uint8Array(64).buffer as CsprngArray) as MasterKey;
-    const userSymKey = new SymmetricCryptoKey(
+    const userKey = new SymmetricCryptoKey(new Uint8Array(64).buffer as CsprngArray) as UserKey;
-      new Uint8Array(64).buffer as CsprngArray
-    ) as UserSymKey;
 
     cryptoService.getMasterKey.mockResolvedValue(masterKey);
-    cryptoService.decryptUserSymKeyWithMasterKey.mockResolvedValue(userSymKey);
+    cryptoService.decryptUserKeyWithMasterKey.mockResolvedValue(userKey);
 
     await passwordlessLoginStrategy.logIn(credentials);
 
     expect(cryptoService.setMasterKey).toHaveBeenCalledWith(masterKey);
     expect(cryptoService.setKeyHash).toHaveBeenCalledWith(localPasswordHash);
-    expect(cryptoService.setUserSymKeyMasterKey).toHaveBeenCalledWith(tokenResponse.key);
+    expect(cryptoService.setUserKeyMasterKey).toHaveBeenCalledWith(tokenResponse.key);
-    expect(cryptoService.setUserKey).toHaveBeenCalledWith(userSymKey);
+    expect(cryptoService.setUserKey).toHaveBeenCalledWith(userKey);
     expect(cryptoService.setPrivateKey).toHaveBeenCalledWith(tokenResponse.privateKey);
   });
 });

libs/common/src/auth/login-strategies/passwordless-login.strategy.ts

@@ -85,11 +85,11 @@ export class PasswordlessLogInStrategy extends LogInStrategy {
   }
 
   protected override async setUserKey(response: IdentityTokenResponse): Promise<void> {
-    await this.cryptoService.setUserSymKeyMasterKey(response.key);
+    await this.cryptoService.setUserKeyMasterKey(response.key);
 
     const masterKey = await this.cryptoService.getMasterKey();
     if (masterKey) {
-      const userKey = await this.cryptoService.decryptUserSymKeyWithMasterKey(masterKey);
+      const userKey = await this.cryptoService.decryptUserKeyWithMasterKey(masterKey);
       await this.cryptoService.setUserKey(userKey);
     }
   }

libs/common/src/auth/login-strategies/sso-login.strategy.spec.ts

@@ -11,7 +11,7 @@ import { Utils } from "../../platform/misc/utils";
 import {
   MasterKey,
   SymmetricCryptoKey,
-  UserSymKey,
+  UserKey,
 } from "../../platform/models/domain/symmetric-crypto-key";
 import { CsprngArray } from "../../types/csprng";
 import { KeyConnectorService } from "../abstractions/key-connector.service";
@@ -143,22 +143,20 @@ describe("SsoLogInStrategy", () => {
       );
     });
 
-    it("decrypts and sets the user symmetric key if Key Connector is enabled", async () => {
+    it("decrypts and sets the user key if Key Connector is enabled", async () => {
-      const userSymKey = new SymmetricCryptoKey(
+      const userKey = new SymmetricCryptoKey(new Uint8Array(64).buffer as CsprngArray) as UserKey;
-        new Uint8Array(64).buffer as CsprngArray
-      ) as UserSymKey;
       const masterKey = new SymmetricCryptoKey(
         new Uint8Array(64).buffer as CsprngArray
       ) as MasterKey;
 
       apiService.postIdentityToken.mockResolvedValue(tokenResponse);
       cryptoService.getMasterKey.mockResolvedValue(masterKey);
-      cryptoService.decryptUserSymKeyWithMasterKey.mockResolvedValue(userSymKey);
+      cryptoService.decryptUserKeyWithMasterKey.mockResolvedValue(userKey);
 
       await ssoLogInStrategy.logIn(credentials);
 
-      expect(cryptoService.decryptUserSymKeyWithMasterKey).toHaveBeenCalledWith(masterKey);
+      expect(cryptoService.decryptUserKeyWithMasterKey).toHaveBeenCalledWith(masterKey);
-      expect(cryptoService.setUserKey).toHaveBeenCalledWith(userSymKey);
+      expect(cryptoService.setUserKey).toHaveBeenCalledWith(userKey);
     });
   });
 });

libs/common/src/auth/login-strategies/sso-login.strategy.ts

@@ -83,14 +83,14 @@ export class SsoLogInStrategy extends LogInStrategy {
     const newSsoUser = tokenResponse.key == null;
 
     if (!newSsoUser) {
-      await this.cryptoService.setUserSymKeyMasterKey(tokenResponse.key);
+      await this.cryptoService.setUserKeyMasterKey(tokenResponse.key);
 
       if (tokenResponse.keyConnectorUrl != null) {
         const masterKey = await this.cryptoService.getMasterKey();
         if (!masterKey) {
           throw new Error("Master key not found");
         }
-        const userKey = await this.cryptoService.decryptUserSymKeyWithMasterKey(masterKey);
+        const userKey = await this.cryptoService.decryptUserKeyWithMasterKey(masterKey);
         await this.cryptoService.setUserKey(userKey);
       }
     }

libs/common/src/auth/login-strategies/user-api-login.strategy.spec.ts

@@ -12,7 +12,7 @@ import { Utils } from "../../platform/misc/utils";
 import {
   MasterKey,
   SymmetricCryptoKey,
-  UserSymKey,
+  UserKey,
 } from "../../platform/models/domain/symmetric-crypto-key";
 import { CsprngArray } from "../../types/csprng";
 import { KeyConnectorService } from "../abstractions/key-connector.service";
@@ -107,14 +107,14 @@ describe("UserApiLogInStrategy", () => {
     expect(stateService.addAccount).toHaveBeenCalled();
   });
 
-  it("sets the encrypted user symmetric key and private key from the identity token response", async () => {
+  it("sets the encrypted user key and private key from the identity token response", async () => {
     const tokenResponse = identityTokenResponseFactory();
 
     apiService.postIdentityToken.mockResolvedValue(tokenResponse);
 
     await apiLogInStrategy.logIn(credentials);
 
-    expect(cryptoService.setUserSymKeyMasterKey).toHaveBeenCalledWith(tokenResponse.key);
+    expect(cryptoService.setUserKeyMasterKey).toHaveBeenCalledWith(tokenResponse.key);
     expect(cryptoService.setPrivateKey).toHaveBeenCalledWith(tokenResponse.privateKey);
   });
 
@@ -130,10 +130,8 @@ describe("UserApiLogInStrategy", () => {
     expect(keyConnectorService.getAndSetMasterKey).toHaveBeenCalledWith(keyConnectorUrl);
   });
 
-  it("decrypts and sets the user symmetric key if Key Connector is enabled", async () => {
+  it("decrypts and sets the user key if Key Connector is enabled", async () => {
-    const userSymKey = new SymmetricCryptoKey(
+    const userKey = new SymmetricCryptoKey(new Uint8Array(64).buffer as CsprngArray) as UserKey;
-      new Uint8Array(64).buffer as CsprngArray
-    ) as UserSymKey;
     const masterKey = new SymmetricCryptoKey(new Uint8Array(64).buffer as CsprngArray) as MasterKey;
 
     const tokenResponse = identityTokenResponseFactory();
@@ -142,11 +140,11 @@ describe("UserApiLogInStrategy", () => {
     apiService.postIdentityToken.mockResolvedValue(tokenResponse);
     environmentService.getKeyConnectorUrl.mockReturnValue(keyConnectorUrl);
     cryptoService.getMasterKey.mockResolvedValue(masterKey);
-    cryptoService.decryptUserSymKeyWithMasterKey.mockResolvedValue(userSymKey);
+    cryptoService.decryptUserKeyWithMasterKey.mockResolvedValue(userKey);
 
     await apiLogInStrategy.logIn(credentials);
 
-    expect(cryptoService.decryptUserSymKeyWithMasterKey).toHaveBeenCalledWith(masterKey);
+    expect(cryptoService.decryptUserKeyWithMasterKey).toHaveBeenCalledWith(masterKey);
-    expect(cryptoService.setUserKey).toHaveBeenCalledWith(userSymKey);
+    expect(cryptoService.setUserKey).toHaveBeenCalledWith(userKey);
   });
 });

libs/common/src/auth/login-strategies/user-api-login.strategy.ts

@@ -64,12 +64,12 @@ export class UserApiLogInStrategy extends LogInStrategy {
   }
 
   protected override async setUserKey(response: IdentityTokenResponse): Promise<void> {
-    await this.cryptoService.setUserSymKeyMasterKey(response.key);
+    await this.cryptoService.setUserKeyMasterKey(response.key);
 
     if (response.apiUseKeyConnector) {
       const masterKey = await this.cryptoService.getMasterKey();
       if (masterKey) {
-        const userKey = await this.cryptoService.decryptUserSymKeyWithMasterKey(masterKey);
+        const userKey = await this.cryptoService.decryptUserKeyWithMasterKey(masterKey);
         await this.cryptoService.setUserKey(userKey);
       }
     }

libs/common/src/auth/services/auth.service.ts

@@ -297,7 +297,7 @@ export class AuthService implements AuthServiceAbstraction {
     requestApproved: boolean
   ): Promise<AuthRequestResponse> {
     // TODO: This currently depends on always having the Master Key and MP Hash
-    // We need to change this to using a different method (possibly server auth code + user sym key)
+    // We need to change this to using a different method (possibly server auth code + user key)
     const pubKey = Utils.fromB64ToArray(key);
     const masterKey = await this.cryptoService.getMasterKey();
     if (!masterKey) {

libs/common/src/auth/services/key-connector.service.ts

@@ -97,9 +97,9 @@ export class KeyConnectorService implements KeyConnectorServiceAbstraction {
     const keyConnectorRequest = new KeyConnectorUserKeyRequest(masterKey.encKeyB64);
     await this.cryptoService.setMasterKey(masterKey);
 
-    const userKey = await this.cryptoService.makeUserSymKey(masterKey);
+    const userKey = await this.cryptoService.makeUserKey(masterKey);
     await this.cryptoService.setUserKey(userKey[0]);
-    await this.cryptoService.setUserSymKeyMasterKey(userKey[1].encryptedString);
+    await this.cryptoService.setUserKeyMasterKey(userKey[1].encryptedString);
 
     const [pubKey, privKey] = await this.cryptoService.makeKeyPair();
 

libs/common/src/platform/abstractions/crypto.service.ts

@@ -10,90 +10,90 @@ import {
   OrgKey,
   PinKey,
   SymmetricCryptoKey,
-  UserSymKey,
+  UserKey,
 } from "../models/domain/symmetric-crypto-key";
 
 export abstract class CryptoService {
   /**
    * Use for encryption/decryption of data in order to support legacy
-   * encryption models. It will return the user symmetric key if available,
+   * encryption models. It will return the user key if available,
    * if not it will return the master key.
    */
   getKeyForUserEncryption: (key?: SymmetricCryptoKey) => Promise<SymmetricCryptoKey>;
 
   /**
-   * Sets the provided user symmetric key and stores
+   * Sets the provided user key and stores
    * any other necessary versions, such as biometrics
-   * @param key The user symmetric key to set
+   * @param key The user key to set
    * @param userId The desired user
    */
-  setUserKey: (key: UserSymKey) => Promise<void>;
+  setUserKey: (key: UserKey) => Promise<void>;
   /**
    * Gets the user key from memory and sets it again,
    * kicking off a refresh of any additional keys that are needed.
    */
   toggleKey: () => Promise<void>;
   /**
-   * Retrieves the user's symmetric key
+   * Retrieves the user key
    * @param keySuffix The desired version of the user's key to retrieve
    * from storage if it is not available in memory
    * @param userId The desired user
-   * @returns The user's symmetric key
+   * @returns The user key
    */
-  getUserKeyFromMemory: (userId?: string) => Promise<UserSymKey>;
+  getUserKeyFromMemory: (userId?: string) => Promise<UserKey>;
   /**
-   * Retrieves the user's symmetric key from storage
+   * Retrieves the user key from storage
    * @param keySuffix The desired version of the user's key to retrieve
    * @param userId The desired user
-   * @returns The user's symmetric key
+   * @returns The user key
    */
   getUserKeyFromStorage: (
     keySuffix: KeySuffixOptions.Auto | KeySuffixOptions.Biometric,
     userId?: string
-  ) => Promise<UserSymKey>;
+  ) => Promise<UserKey>;
   /**
-   * @returns True if any version of the user symmetric key is available
+   * @returns True if any version of the user key is available
    */
   hasUserKey: () => Promise<boolean>;
   /**
    * @param userId The desired user
-   * @returns True if the user symmetric key is set in memory
+   * @returns True if the user key is set in memory
    */
   hasUserKeyInMemory: (userId?: string) => Promise<boolean>;
   /**
    * @param keySuffix The desired version of the user's key to check
    * @param userId The desired user
-   * @returns True if the provided version of the user symmetric key is stored
+   * @returns True if the provided version of the user key is stored
    */
   hasUserKeyStored: (
     keySuffix?: KeySuffixOptions.Auto | KeySuffixOptions.Biometric,
     userId?: string
   ) => Promise<boolean>;
   /**
-   * Generates a new user symmetric key
+   * Generates a new user key
    * @param masterKey The user's master key
-   * @returns A new user symmetric key and the master key protected version of it
+   * @returns A new user key and the master key protected version of it
    */
-  makeUserSymKey: (key: MasterKey) => Promise<[UserSymKey, EncString]>;
+  makeUserKey: (key: MasterKey) => Promise<[UserKey, EncString]>;
   /**
-   * Clears the user's symmetric key
+   * Clears the user key
    * @param clearStoredKeys Clears all stored versions of the user keys as well,
    * such as the biometrics key
    * @param userId The desired user
    */
   clearUserKey: (clearSecretStorage?: boolean, userId?: string) => Promise<void>;
   /**
-   * Clears the user's stored version of the user symmetric key
+   * Clears the user's stored version of the user key
    * @param keySuffix The desired version of the key to clear
    * @param userId The desired user
    */
   clearStoredUserKey: (keySuffix: KeySuffixOptions, userId?: string) => Promise<void>;
   /**
-   * Stores the master key encrypted user symmetric key
+   * Stores the master key encrypted user key
-   * @param userSymKeyMasterKey The master key encrypted user symmetric key to set
+   * @param userKeyMasterKey The master key encrypted user key to set
    * @param userId The desired user
    */
-  setUserSymKeyMasterKey: (UserSymKeyMasterKey: string, userId?: string) => Promise<void>;
+  setUserKeyMasterKey: (UserKeyMasterKey: string, userId?: string) => Promise<void>;
   /**
    * Sets the user's master key
    * @param key The user's master key to set
@@ -125,28 +125,28 @@ export abstract class CryptoService {
    */
   clearMasterKey: (userId?: string) => Promise<void>;
   /**
-   * Encrypts the existing (or provided) user symmetric key with the
+   * Encrypts the existing (or provided) user key with the
    * provided master key
    * @param masterKey The user's master key
-   * @param userSymKey The user's symmetric key
+   * @param userKey The user key
-   * @returns The user's symmetric key and the master key protected version of it
+   * @returns The user key and the master key protected version of it
    */
-  encryptUserSymKeyWithMasterKey: (
+  encryptUserKeyWithMasterKey: (
     masterKey: MasterKey,
-    userSymKey?: UserSymKey
+    userKey?: UserKey
-  ) => Promise<[UserSymKey, EncString]>;
+  ) => Promise<[UserKey, EncString]>;
   /**
-   * Decrypts the user symmetric key with the provided master key
+   * Decrypts the user key with the provided master key
    * @param masterKey The user's master key
-   * @param userSymKey The user's encrypted symmetric key
+   * @param userKey The user's encrypted symmetric key
    * @param userId The desired user
-   * @returns The user's symmetric key
+   * @returns The user key
    */
-  decryptUserSymKeyWithMasterKey: (
+  decryptUserKeyWithMasterKey: (
     masterKey: MasterKey,
-    userSymKey?: EncString,
+    userKey?: EncString,
     userId?: string
-  ) => Promise<UserSymKey>;
+  ) => Promise<UserKey>;
   /**
    * Creates a master password hash from the user's master password. Can
    * be used for local authentication or for server authentication depending
@@ -265,7 +265,7 @@ export abstract class CryptoService {
   /**
    * Generates a new keypair
    * @param key A key to encrypt the private key with. If not provided,
-   * defaults to the user's symmetric key
+   * defaults to the user key
    * @returns A new keypair: [publicKey in Base64, encrypted privateKey]
    */
   makeKeyPair: (key?: SymmetricCryptoKey) => Promise<[string, EncString]>;
@@ -284,7 +284,7 @@ export abstract class CryptoService {
    */
   makePinKey: (pin: string, salt: string, kdf: KdfType, kdfConfig: KdfConfig) => Promise<PinKey>;
   /**
-   * Clears the user's pin protected user symmetric key
+   * Clears the user's pin protected user key
    * @param userId The desired user
    */
   clearPinProtectedKey: (userId?: string) => Promise<void>;
@@ -294,22 +294,22 @@ export abstract class CryptoService {
    */
   clearOldPinKeys: (userId?: string) => Promise<void>;
   /**
-   * Decrypts the user's symmetric key with their pin
+   * Decrypts the user key with their pin
    * @param pin The user's PIN
    * @param salt The user's salt
    * @param kdf The user's KDF
    * @param kdfConfig The user's KDF config
-   * @param pinProtectedUserSymKey The user's PIN protected symmetric key, if not provided
+   * @param pinProtectedUserKey The user's PIN protected symmetric key, if not provided
    * it will be retrieved from storage
-   * @returns The decrypted user's symmetric key
+   * @returns The decrypted user key
    */
-  decryptUserSymKeyWithPin: (
+  decryptUserKeyWithPin: (
     pin: string,
     salt: string,
     kdf: KdfType,
     kdfConfig: KdfConfig,
     protectedKeyCs?: EncString
-  ) => Promise<UserSymKey>;
+  ) => Promise<UserKey>;
   /**
    * @param keyMaterial The key material to derive the send key from
    * @returns A new send key
@@ -337,7 +337,7 @@ export abstract class CryptoService {
   randomNumber: (min: number, max: number) => Promise<number>;
 
   /**
-   * @deprecated Left for migration purposes. Use decryptUserSymKeyWithPin instead.
+   * @deprecated Left for migration purposes. Use decryptUserKeyWithPin instead.
    */
   decryptMasterKeyWithPin: (
     pin: string,

libs/common/src/platform/abstractions/state.service.ts

@@ -30,7 +30,7 @@ import {
   DeviceKey,
   MasterKey,
   SymmetricCryptoKey,
-  UserSymKey,
+  UserKey,
 } from "../models/domain/symmetric-crypto-key";
 
 export abstract class StateService<T extends Account = Account> {
@@ -78,13 +78,13 @@ export abstract class StateService<T extends Account = Account> {
   getConvertAccountToKeyConnector: (options?: StorageOptions) => Promise<boolean>;
   setConvertAccountToKeyConnector: (value: boolean, options?: StorageOptions) => Promise<void>;
   /**
-   * gets the user's symmetric key
+   * gets the user key
    */
-  getUserSymKey: (options?: StorageOptions) => Promise<UserSymKey>;
+  getUserKey: (options?: StorageOptions) => Promise<UserKey>;
   /**
-   * Sets the user's symmetric key
+   * Sets the user key
    */
-  setUserSymKey: (value: UserSymKey, options?: StorageOptions) => Promise<void>;
+  setUserKey: (value: UserKey, options?: StorageOptions) => Promise<void>;
   /**
    * Gets the user's master key
    */
@@ -94,59 +94,59 @@ export abstract class StateService<T extends Account = Account> {
    */
   setMasterKey: (value: MasterKey, options?: StorageOptions) => Promise<void>;
   /**
-   * Gets the user's symmetric key encrypted by the master key
+   * Gets the user key encrypted by the master key
    */
-  getUserSymKeyMasterKey: (options?: StorageOptions) => Promise<string>;
+  getUserKeyMasterKey: (options?: StorageOptions) => Promise<string>;
   /**
-   * Sets the user's symmetric key encrypted by the master key
+   * Sets the user key encrypted by the master key
    */
-  setUserSymKeyMasterKey: (value: string, options?: StorageOptions) => Promise<void>;
+  setUserKeyMasterKey: (value: string, options?: StorageOptions) => Promise<void>;
   /**
    * Gets the user's auto key
    */
-  getUserSymKeyAuto: (options?: StorageOptions) => Promise<string>;
+  getUserKeyAuto: (options?: StorageOptions) => Promise<string>;
   /**
    * Sets the user's auto key
    */
-  setUserSymKeyAuto: (value: string, options?: StorageOptions) => Promise<void>;
+  setUserKeyAuto: (value: string, options?: StorageOptions) => Promise<void>;
   /**
    * Gets the user's biometric key
    */
-  getUserSymKeyBiometric: (options?: StorageOptions) => Promise<string>;
+  getUserKeyBiometric: (options?: StorageOptions) => Promise<string>;
   /**
    * Checks if the user has a biometric key available
    */
-  hasUserSymKeyBiometric: (options?: StorageOptions) => Promise<boolean>;
+  hasUserKeyBiometric: (options?: StorageOptions) => Promise<boolean>;
   /**
    * Sets the user's biometric key
    */
-  setUserSymKeyBiometric: (value: BiometricKey, options?: StorageOptions) => Promise<void>;
+  setUserKeyBiometric: (value: BiometricKey, options?: StorageOptions) => Promise<void>;
   /**
-   * Gets the user's symmetric key encrypted by the Pin key.
+   * Gets the user key encrypted by the Pin key.
    * Used when Master Password on Reset is disabled
    */
-  getUserSymKeyPin: (options?: StorageOptions) => Promise<EncString>;
+  getUserKeyPin: (options?: StorageOptions) => Promise<EncString>;
   /**
-   * Sets the user's symmetric key encrypted by the Pin key.
+   * Sets the user key encrypted by the Pin key.
    * Used when Master Password on Reset is disabled
    */
-  setUserSymKeyPin: (value: EncString, options?: StorageOptions) => Promise<void>;
+  setUserKeyPin: (value: EncString, options?: StorageOptions) => Promise<void>;
   /**
-   * Gets the ephemeral version of the user's symmetric key encrypted by the Pin key.
+   * Gets the ephemeral version of the user key encrypted by the Pin key.
    * Used when Master Password on Reset is enabled
    */
-  getUserSymKeyPinEphemeral: (options?: StorageOptions) => Promise<EncString>;
+  getUserKeyPinEphemeral: (options?: StorageOptions) => Promise<EncString>;
   /**
-   * Sets the ephemeral version of the user's symmetric key encrypted by the Pin key.
+   * Sets the ephemeral version of the user key encrypted by the Pin key.
    * Used when Master Password on Reset is enabled
    */
-  setUserSymKeyPinEphemeral: (value: EncString, options?: StorageOptions) => Promise<void>;
+  setUserKeyPinEphemeral: (value: EncString, options?: StorageOptions) => Promise<void>;
   /**
-   * @deprecated For migration purposes only, use getUserSymKeyMasterKey instead
+   * @deprecated For migration purposes only, use getUserKeyMasterKey instead
    */
   getEncryptedCryptoSymmetricKey: (options?: StorageOptions) => Promise<string>;
   /**
-   * @deprecated For migration purposes only, use setUserSymKeyMasterKey instead
+   * @deprecated For migration purposes only, use setUserKeyMasterKey instead
    */
   setEncryptedCryptoSymmetricKey: (value: string, options?: StorageOptions) => Promise<void>;
   /**
@@ -154,23 +154,23 @@ export abstract class StateService<T extends Account = Account> {
    */
   getCryptoMasterKey: (options?: StorageOptions) => Promise<SymmetricCryptoKey>;
   /**
-   * @deprecated For migration purposes only, use getUserSymKeyAuto instead
+   * @deprecated For migration purposes only, use getUserKeyAuto instead
    */
   getCryptoMasterKeyAuto: (options?: StorageOptions) => Promise<string>;
   /**
-   * @deprecated For migration purposes only, use setUserSymKeyAuto instead
+   * @deprecated For migration purposes only, use setUserKeyAuto instead
    */
   setCryptoMasterKeyAuto: (value: string, options?: StorageOptions) => Promise<void>;
   /**
-   * @deprecated For migration purposes only, use getUserSymKeyBiometric instead
+   * @deprecated For migration purposes only, use getUserKeyBiometric instead
    */
   getCryptoMasterKeyBiometric: (options?: StorageOptions) => Promise<string>;
   /**
-   * @deprecated For migration purposes only, use hasUserSymKeyBiometric instead
+   * @deprecated For migration purposes only, use hasUserKeyBiometric instead
    */
   hasCryptoMasterKeyBiometric: (options?: StorageOptions) => Promise<boolean>;
   /**
-   * @deprecated For migration purposes only, use setUserSymKeyBiometric instead
+   * @deprecated For migration purposes only, use setUserKeyBiometric instead
    */
   setCryptoMasterKeyBiometric: (value: BiometricKey, options?: StorageOptions) => Promise<void>;
   getDecryptedCiphers: (options?: StorageOptions) => Promise<CipherView[]>;
@@ -192,11 +192,11 @@ export abstract class StateService<T extends Account = Account> {
     options?: StorageOptions
   ) => Promise<void>;
   /**
-   * @deprecated For migration purposes only, use getDecryptedUserSymKeyPin instead
+   * @deprecated For migration purposes only, use getDecryptedUserKeyPin instead
    */
   getDecryptedPinProtected: (options?: StorageOptions) => Promise<EncString>;
   /**
-   * @deprecated For migration purposes only, use setDecryptedUserSymKeyPin instead
+   * @deprecated For migration purposes only, use setDecryptedUserKeyPin instead
    */
   setDecryptedPinProtected: (value: EncString, options?: StorageOptions) => Promise<void>;
   /**
@@ -325,11 +325,11 @@ export abstract class StateService<T extends Account = Account> {
     options?: StorageOptions
   ) => Promise<void>;
   /**
-   * @deprecated For migration purposes only, use getEncryptedUserSymKeyPin instead
+   * @deprecated For migration purposes only, use getEncryptedUserKeyPin instead
    */
   getEncryptedPinProtected: (options?: StorageOptions) => Promise<string>;
   /**
-   * @deprecated For migration purposes only, use setEncryptedUserSymKeyPin instead
+   * @deprecated For migration purposes only, use setEncryptedUserKeyPin instead
    */
   setEncryptedPinProtected: (value: string, options?: StorageOptions) => Promise<void>;
   /**
@@ -426,11 +426,11 @@ export abstract class StateService<T extends Account = Account> {
   getGeneratorOptions: (options?: StorageOptions) => Promise<any>;
   setGeneratorOptions: (value: any, options?: StorageOptions) => Promise<void>;
   /**
-   * Gets the user's Pin, encrypted by the user symmetric key
+   * Gets the user's Pin, encrypted by the user key
    */
   getProtectedPin: (options?: StorageOptions) => Promise<string>;
   /**
-   * Sets the user's Pin, encrypted by the user symmetric key
+   * Sets the user's Pin, encrypted by the user key
    */
   setProtectedPin: (value: string, options?: StorageOptions) => Promise<void>;
   getProviders: (options?: StorageOptions) => Promise<{ [id: string]: ProviderData }>;

libs/common/src/platform/models/domain/account.ts

@@ -23,7 +23,7 @@ import { Utils } from "../../misc/utils";
 import { ServerConfigData } from "../../models/data/server-config.data";
 
 import { EncryptedString, EncString } from "./enc-string";
-import { DeviceKey, MasterKey, SymmetricCryptoKey, UserSymKey } from "./symmetric-crypto-key";
+import { DeviceKey, MasterKey, SymmetricCryptoKey, UserKey } from "./symmetric-crypto-key";
 
 export class EncryptionPair<TEncrypted, TDecrypted> {
   encrypted?: TEncrypted;
@@ -99,11 +99,11 @@ export class AccountData {
 }
 
 export class AccountKeys {
-  userSymKey?: UserSymKey;
+  userKey?: UserKey;
   masterKey?: MasterKey;
-  userSymKeyMasterKey?: string;
+  userKeyMasterKey?: string;
-  userSymKeyAuto?: string;
+  userKeyAuto?: string;
-  userSymKeyBiometric?: string;
+  userKeyBiometric?: string;
   // deprecated keys
   cryptoMasterKey?: SymmetricCryptoKey;
   cryptoMasterKeyAuto?: string;
@@ -141,7 +141,7 @@ export class AccountKeys {
     }
 
     return Object.assign(new AccountKeys(), {
-      userSymKey: SymmetricCryptoKey.fromJSON(obj?.userSymKey),
+      userKey: SymmetricCryptoKey.fromJSON(obj?.userKey),
       masterKey: SymmetricCryptoKey.fromJSON(obj?.masterKey),
       cryptoMasterKey: SymmetricCryptoKey.fromJSON(obj?.cryptoMasterKey),
       cryptoSymmetricKey: EncryptionPair.fromJSON(
@@ -232,8 +232,8 @@ export class AccountSettings {
   passwordGenerationOptions?: any;
   usernameGenerationOptions?: any;
   generatorOptions?: any;
-  userSymKeyPin?: EncryptedString;
+  userKeyPin?: EncryptedString;
-  userSymKeyPinEphemeral?: EncryptedString;
+  userKeyPinEphemeral?: EncryptedString;
   protectedPin?: string;
   pinProtected?: EncryptionPair<string, EncString> = new EncryptionPair<string, EncString>(); // Deprecated
   settings?: AccountSettingsSettings; // TODO: Merge whatever is going on here into the AccountSettings model properly

libs/common/src/platform/models/domain/symmetric-crypto-key.ts

@@ -78,7 +78,7 @@ export class SymmetricCryptoKey {
 
 // Setup all separate key types as opaque types
 export type DeviceKey = Opaque<SymmetricCryptoKey, "DeviceKey">;
-export type UserSymKey = Opaque<SymmetricCryptoKey, "UserSymKey">;
+export type UserKey = Opaque<SymmetricCryptoKey, "UserKey">;
 export type MasterKey = Opaque<SymmetricCryptoKey, "MasterKey">;
 export type PinKey = Opaque<SymmetricCryptoKey, "PinKey">;
 export type OrgKey = Opaque<SymmetricCryptoKey, "OrgKey">;

libs/common/src/platform/services/crypto.service.spec.ts

@@ -10,7 +10,7 @@ import {
   MasterKey,
   PinKey,
   SymmetricCryptoKey,
-  UserSymKey,
+  UserKey,
 } from "../models/domain/symmetric-crypto-key";
 import { CryptoService } from "../services/crypto.service";
 
@@ -44,33 +44,33 @@ describe("cryptoService", () => {
   });
 
   describe("getKeyForUserDecryption", () => {
-    let mockUserSymKey: UserSymKey;
+    let mockUserKey: UserKey;
     let mockMasterKey: MasterKey;
-    let stateSvcGetUserSymKey: jest.SpyInstance;
+    let stateSvcGetUserKey: jest.SpyInstance;
     let stateSvcGetMasterKey: jest.SpyInstance;
 
     beforeEach(() => {
       const mockRandomBytes = new Uint8Array(64).buffer as CsprngArray;
-      mockUserSymKey = new SymmetricCryptoKey(mockRandomBytes) as UserSymKey;
+      mockUserKey = new SymmetricCryptoKey(mockRandomBytes) as UserKey;
       mockMasterKey = new SymmetricCryptoKey(new Uint8Array(64).buffer as CsprngArray) as MasterKey;
 
-      stateSvcGetUserSymKey = jest.spyOn(stateService, "getUserSymKey");
+      stateSvcGetUserKey = jest.spyOn(stateService, "getUserKey");
       stateSvcGetMasterKey = jest.spyOn(stateService, "getMasterKey");
     });
 
-    it("returns the user's symmetric key if available", async () => {
+    it("returns the user key if available", async () => {
-      stateSvcGetUserSymKey.mockResolvedValue(mockUserSymKey);
+      stateSvcGetUserKey.mockResolvedValue(mockUserKey);
 
       const encryptionKey = await cryptoService.getKeyForUserEncryption();
 
-      expect(stateSvcGetUserSymKey).toHaveBeenCalled();
+      expect(stateSvcGetUserKey).toHaveBeenCalled();
       expect(stateSvcGetMasterKey).not.toHaveBeenCalled();
 
-      expect(encryptionKey).toEqual(mockUserSymKey);
+      expect(encryptionKey).toEqual(mockUserKey);
     });
 
     it("returns the user's master key when symmetric key is not available", async () => {
-      stateSvcGetUserSymKey.mockResolvedValue(null);
+      stateSvcGetUserKey.mockResolvedValue(null);
       stateSvcGetMasterKey.mockResolvedValue(mockMasterKey);
 
       const encryptionKey = await cryptoService.getKeyForUserEncryption();
@@ -82,32 +82,32 @@ describe("cryptoService", () => {
 
   describe("setUserKey", () => {
     const mockUserId = "example user id";
-    let mockUserSymKey: UserSymKey;
+    let mockUserKey: UserKey;
 
     beforeEach(() => {
       const mockRandomBytes = new Uint8Array(64).buffer as CsprngArray;
-      mockUserSymKey = new SymmetricCryptoKey(mockRandomBytes) as UserSymKey;
+      mockUserKey = new SymmetricCryptoKey(mockRandomBytes) as UserKey;
     });
 
     it("saves an Auto key if needed", async () => {
       stateService.getVaultTimeout.mockResolvedValue(null);
 
-      await cryptoService.setUserKey(mockUserSymKey, mockUserId);
+      await cryptoService.setUserKey(mockUserKey, mockUserId);
 
-      expect(stateService.setUserSymKeyAuto).toHaveBeenCalled();
+      expect(stateService.setUserKeyAuto).toHaveBeenCalled();
-      expect(stateService.setUserSymKeyAuto).not.toHaveBeenCalledWith(null, { userId: mockUserId });
+      expect(stateService.setUserKeyAuto).not.toHaveBeenCalledWith(null, { userId: mockUserId });
     });
 
     it("saves a Pin key if needed", async () => {
-      stateService.getUserSymKeyPinEphemeral.mockResolvedValue(null);
+      stateService.getUserKeyPinEphemeral.mockResolvedValue(null);
       const cryptoSvcMakePinKey = jest.spyOn(cryptoService, "makePinKey");
       cryptoSvcMakePinKey.mockResolvedValue(
         new SymmetricCryptoKey(new Uint8Array(64).buffer) as PinKey
       );
 
-      await cryptoService.setUserKey(mockUserSymKey, mockUserId);
+      await cryptoService.setUserKey(mockUserKey, mockUserId);
 
-      expect(stateService.setUserSymKeyPin).toHaveBeenCalled();
+      expect(stateService.setUserKeyPin).toHaveBeenCalled();
     });
   });
 });

libs/common/src/platform/services/crypto.service.ts

@@ -31,7 +31,7 @@ import {
   OrgKey,
   PinKey,
   SymmetricCryptoKey,
-  UserSymKey,
+  UserKey,
 } from "../models/domain/symmetric-crypto-key";
 
 export class CryptoService implements CryptoServiceAbstraction {
@@ -54,8 +54,8 @@ export class CryptoService implements CryptoServiceAbstraction {
     return await this.getMasterKey();
   }
 
-  async setUserKey(key: UserSymKey, userId?: string): Promise<void> {
+  async setUserKey(key: UserKey, userId?: string): Promise<void> {
-    await this.stateService.setUserSymKey(key, { userId: userId });
+    await this.stateService.setUserKey(key, { userId: userId });
     await this.storeAdditionalKeys(key, userId);
   }
 
@@ -64,14 +64,14 @@ export class CryptoService implements CryptoServiceAbstraction {
     await this.setUserKey(key);
   }
 
-  async getUserKeyFromMemory(userId?: string): Promise<UserSymKey> {
+  async getUserKeyFromMemory(userId?: string): Promise<UserKey> {
-    return await this.stateService.getUserSymKey({ userId: userId });
+    return await this.stateService.getUserKey({ userId: userId });
   }
 
   async getUserKeyFromStorage(
     keySuffix: KeySuffixOptions.Auto | KeySuffixOptions.Biometric,
     userId?: string
-  ): Promise<UserSymKey> {
+  ): Promise<UserKey> {
     const userKey = await this.retrieveUserKeyFromStorage(keySuffix, userId);
     if (userKey != null) {
       if (!(await this.validateUserKey(userKey))) {
@@ -94,7 +94,7 @@ export class CryptoService implements CryptoServiceAbstraction {
   }
 
   async hasUserKeyInMemory(userId?: string): Promise<boolean> {
-    return (await this.stateService.getUserSymKey({ userId: userId })) != null;
+    return (await this.stateService.getUserKey({ userId: userId })) != null;
   }
 
   async hasUserKeyStored(
@@ -103,23 +103,23 @@ export class CryptoService implements CryptoServiceAbstraction {
   ): Promise<boolean> {
     if (keySuffix === KeySuffixOptions.Biometric) {
       const oldKey = await this.stateService.hasCryptoMasterKeyBiometric({ userId: userId });
-      return oldKey || (await this.stateService.hasUserSymKeyBiometric({ userId: userId }));
+      return oldKey || (await this.stateService.hasUserKeyBiometric({ userId: userId }));
     }
     return (await this.retrieveUserKeyFromStorage(keySuffix, userId)) != null;
   }
 
-  async makeUserSymKey(masterKey: MasterKey): Promise<[UserSymKey, EncString]> {
+  async makeUserKey(masterKey: MasterKey): Promise<[UserKey, EncString]> {
     masterKey ||= await this.getMasterKey();
     if (masterKey == null) {
       throw new Error("No Master Key found.");
     }
 
-    const newUserSymKey = await this.cryptoFunctionService.randomBytes(64);
+    const newUserKey = await this.cryptoFunctionService.randomBytes(64);
-    return this.buildProtectedSymmetricKey(masterKey, newUserSymKey);
+    return this.buildProtectedSymmetricKey(masterKey, newUserKey);
   }
 
   async clearUserKey(clearStoredKeys = true, userId?: string): Promise<void> {
-    await this.stateService.setUserSymKey(null, { userId: userId });
+    await this.stateService.setUserKey(null, { userId: userId });
     if (clearStoredKeys) {
       await this.clearAllStoredUserKeys(userId);
     }
@@ -128,19 +128,19 @@ export class CryptoService implements CryptoServiceAbstraction {
   async clearStoredUserKey(keySuffix: KeySuffixOptions, userId?: string): Promise<void> {
     switch (keySuffix) {
       case KeySuffixOptions.Auto:
-        this.stateService.setUserSymKeyAuto(null, { userId: userId });
+        this.stateService.setUserKeyAuto(null, { userId: userId });
         break;
       case KeySuffixOptions.Biometric:
-        this.stateService.setUserSymKeyBiometric(null, { userId: userId });
+        this.stateService.setUserKeyBiometric(null, { userId: userId });
         break;
       case KeySuffixOptions.Pin:
-        this.stateService.setUserSymKeyPinEphemeral(null, { userId: userId });
+        this.stateService.setUserKeyPinEphemeral(null, { userId: userId });
         break;
     }
   }
 
-  async setUserSymKeyMasterKey(userSymKeyMasterKey: string, userId?: string): Promise<void> {
+  async setUserKeyMasterKey(userKeyMasterKey: string, userId?: string): Promise<void> {
-    await this.stateService.setUserSymKeyMasterKey(userSymKeyMasterKey, { userId: userId });
+    await this.stateService.setUserKeyMasterKey(userKeyMasterKey, { userId: userId });
   }
 
   async setMasterKey(key: MasterKey, userId?: string): Promise<void> {
@@ -166,40 +166,40 @@ export class CryptoService implements CryptoServiceAbstraction {
     await this.stateService.setMasterKey(null, { userId: userId });
   }
 
-  async encryptUserSymKeyWithMasterKey(
+  async encryptUserKeyWithMasterKey(
     masterKey: MasterKey,
-    userSymKey?: UserSymKey
+    userKey?: UserKey
-  ): Promise<[UserSymKey, EncString]> {
+  ): Promise<[UserKey, EncString]> {
-    userSymKey ||= await this.getUserKeyFromMemory();
+    userKey ||= await this.getUserKeyFromMemory();
-    return this.buildProtectedSymmetricKey(masterKey, userSymKey.key);
+    return this.buildProtectedSymmetricKey(masterKey, userKey.key);
   }
 
-  async decryptUserSymKeyWithMasterKey(
+  async decryptUserKeyWithMasterKey(
     masterKey: MasterKey,
-    userSymKey?: EncString,
+    userKey?: EncString,
     userId?: string
-  ): Promise<UserSymKey> {
+  ): Promise<UserKey> {
     masterKey ||= await this.getMasterKey();
     if (masterKey == null) {
       throw new Error("No master key found.");
     }
 
-    if (!userSymKey) {
+    if (!userKey) {
-      const userSymKeyMasterKey = await this.stateService.getUserSymKeyMasterKey({
+      const userKeyMasterKey = await this.stateService.getUserKeyMasterKey({
         userId: userId,
       });
-      if (userSymKeyMasterKey == null) {
+      if (userKeyMasterKey == null) {
         throw new Error("No encrypted user key found.");
       }
-      userSymKey = new EncString(userSymKeyMasterKey);
+      userKey = new EncString(userKeyMasterKey);
     }
 
     let decUserKey: ArrayBuffer;
-    if (userSymKey.encryptionType === EncryptionType.AesCbc256_B64) {
+    if (userKey.encryptionType === EncryptionType.AesCbc256_B64) {
-      decUserKey = await this.decryptToBytes(userSymKey, masterKey);
+      decUserKey = await this.decryptToBytes(userKey, masterKey);
-    } else if (userSymKey.encryptionType === EncryptionType.AesCbc256_HmacSha256_B64) {
+    } else if (userKey.encryptionType === EncryptionType.AesCbc256_HmacSha256_B64) {
       const newKey = await this.stretchKey(masterKey);
-      decUserKey = await this.decryptToBytes(userSymKey, newKey);
+      decUserKey = await this.decryptToBytes(userKey, newKey);
     } else {
       throw new Error("Unsupported encryption type.");
     }
@@ -207,7 +207,7 @@ export class CryptoService implements CryptoServiceAbstraction {
       return null;
     }
 
-    return new SymmetricCryptoKey(decUserKey) as UserSymKey;
+    return new SymmetricCryptoKey(decUserKey) as UserKey;
   }
 
   async hashPassword(password: string, key: MasterKey, hashPurpose?: HashPurpose): Promise<string> {
@@ -503,7 +503,7 @@ export class CryptoService implements CryptoServiceAbstraction {
   }
 
   async clearPinProtectedKey(userId?: string): Promise<void> {
-    await this.stateService.setUserSymKeyPin(null, { userId: userId });
+    await this.stateService.setUserKeyPin(null, { userId: userId });
     await this.clearOldPinKeys(userId);
   }
 
@@ -512,20 +512,20 @@ export class CryptoService implements CryptoServiceAbstraction {
     await this.stateService.setDecryptedPinProtected(null, { userId: userId });
   }
 
-  async decryptUserSymKeyWithPin(
+  async decryptUserKeyWithPin(
     pin: string,
     salt: string,
     kdf: KdfType,
     kdfConfig: KdfConfig,
-    pinProtectedUserSymKey?: EncString
+    pinProtectedUserKey?: EncString
-  ): Promise<UserSymKey> {
+  ): Promise<UserKey> {
-    pinProtectedUserSymKey ||= await this.stateService.getUserSymKeyPin();
+    pinProtectedUserKey ||= await this.stateService.getUserKeyPin();
-    if (!pinProtectedUserSymKey) {
+    if (!pinProtectedUserKey) {
       throw new Error("No PIN protected key found.");
     }
     const pinKey = await this.makePinKey(pin, salt, kdf, kdfConfig);
-    const userSymKey = await this.decryptToBytes(pinProtectedUserSymKey, pinKey);
+    const userKey = await this.decryptToBytes(pinProtectedUserKey, pinKey);
-    return new SymmetricCryptoKey(userSymKey) as UserSymKey;
+    return new SymmetricCryptoKey(userKey) as UserKey;
   }
 
   async decryptMasterKeyWithPin(
@@ -669,7 +669,7 @@ export class CryptoService implements CryptoServiceAbstraction {
 
   // ---HELPERS---
 
-  protected async validateUserKey(key?: UserSymKey): Promise<boolean> {
+  protected async validateUserKey(key?: UserKey): Promise<boolean> {
     key ||= await this.getUserKeyFromMemory();
     if (key == null) {
       return false;
@@ -692,27 +692,27 @@ export class CryptoService implements CryptoServiceAbstraction {
 
   /**
    * Regenerates any additional keys if needed. Useful to make sure
-   * other keys stay in sync when the user's symmetric key has been rotated.
+   * other keys stay in sync when the user key has been rotated.
-   * @param key The user's symmetric key
+   * @param key The user key
    * @param userId The desired user
    */
-  protected async storeAdditionalKeys(key: UserSymKey, userId?: string) {
+  protected async storeAdditionalKeys(key: UserKey, userId?: string) {
     const storeAuto = await this.shouldStoreKey(KeySuffixOptions.Auto, userId);
     if (storeAuto) {
-      await this.stateService.setUserSymKeyAuto(key.keyB64, { userId: userId });
+      await this.stateService.setUserKeyAuto(key.keyB64, { userId: userId });
     } else {
-      await this.stateService.setUserSymKeyAuto(null, { userId: userId });
+      await this.stateService.setUserKeyAuto(null, { userId: userId });
     }
 
     const storePin = await this.shouldStoreKey(KeySuffixOptions.Pin, userId);
     if (storePin) {
       await this.storePinKey(key);
     } else {
-      await this.stateService.setUserSymKeyPin(null, { userId: userId });
+      await this.stateService.setUserKeyPin(null, { userId: userId });
     }
   }
 
-  protected async storePinKey(key: UserSymKey) {
+  protected async storePinKey(key: UserKey) {
     const email = await this.stateService.getEmail();
     const kdf = await this.stateService.getKdfType();
     const kdfConfig = await this.stateService.getKdfConfig();
@@ -721,7 +721,7 @@ export class CryptoService implements CryptoServiceAbstraction {
       key
     );
     const pinKey = await this.makePinKey(pin, email, kdf, kdfConfig);
-    await this.stateService.setUserSymKeyPin(await this.encrypt(key.key, pinKey));
+    await this.stateService.setUserKeyPin(await this.encrypt(key.key, pinKey));
   }
 
   protected async shouldStoreKey(keySuffix: KeySuffixOptions, userId?: string) {
@@ -741,10 +741,10 @@ export class CryptoService implements CryptoServiceAbstraction {
         const protectedPin = await this.stateService.getProtectedPin({ userId: userId });
         // This could cause a possible timing issue. Need to make sure the ephemeral key is set before
         // we set our user key
-        const userSymKeyPinEphemeral = await this.stateService.getUserSymKeyPinEphemeral({
+        const userKeyPinEphemeral = await this.stateService.getUserKeyPinEphemeral({
           userId: userId,
         });
-        shouldStoreKey = !!protectedPin && !userSymKeyPinEphemeral;
+        shouldStoreKey = !!protectedPin && !userKeyPinEphemeral;
         break;
       }
     }
@@ -754,12 +754,12 @@ export class CryptoService implements CryptoServiceAbstraction {
   protected async retrieveUserKeyFromStorage(
     keySuffix: KeySuffixOptions,
     userId?: string
-  ): Promise<UserSymKey> {
+  ): Promise<UserKey> {
     if (keySuffix === KeySuffixOptions.Auto) {
       await this.migrateAutoKeyIfNeeded(userId);
-      const userKey = await this.stateService.getUserSymKeyAuto({ userId: userId });
+      const userKey = await this.stateService.getUserKeyAuto({ userId: userId });
       if (userKey) {
-        return new SymmetricCryptoKey(Utils.fromB64ToArray(userKey).buffer) as UserSymKey;
+        return new SymmetricCryptoKey(Utils.fromB64ToArray(userKey).buffer) as UserKey;
       }
     }
     return null;
@@ -772,12 +772,12 @@ export class CryptoService implements CryptoServiceAbstraction {
       const masterKey = new SymmetricCryptoKey(
         Utils.fromB64ToArray(oldAutoKey).buffer
       ) as MasterKey;
-      const userSymKey = await this.decryptUserSymKeyWithMasterKey(
+      const userKey = await this.decryptUserKeyWithMasterKey(
         masterKey,
         new EncString(await this.stateService.getEncryptedCryptoSymmetricKey())
       );
       // migrate
-      await this.stateService.setUserSymKeyAuto(userSymKey.keyB64, { userId: userId });
+      await this.stateService.setUserKeyAuto(userKey.keyB64, { userId: userId });
       await this.stateService.setCryptoMasterKeyAuto(null, { userId: userId });
     }
   }
@@ -828,9 +828,9 @@ export class CryptoService implements CryptoServiceAbstraction {
   }
 
   private async clearAllStoredUserKeys(userId?: string): Promise<void> {
-    await this.stateService.setUserSymKeyAuto(null, { userId: userId });
+    await this.stateService.setUserKeyAuto(null, { userId: userId });
-    await this.stateService.setUserSymKeyBiometric(null, { userId: userId });
+    await this.stateService.setUserKeyBiometric(null, { userId: userId });
-    await this.stateService.setUserSymKeyPinEphemeral(null, { userId: userId });
+    await this.stateService.setUserKeyPinEphemeral(null, { userId: userId });
   }
 
   async makeKey(

libs/common/src/platform/services/state.service.ts

@@ -54,7 +54,7 @@ import {
   DeviceKey,
   MasterKey,
   SymmetricCryptoKey,
-  UserSymKey,
+  UserKey,
 } from "../models/domain/symmetric-crypto-key";
 
 const keys = {
@@ -69,7 +69,7 @@ const keys = {
 const partialKeys = {
   userAutoKey: "_user_auto",
   userBiometricKey: "_user_biometric",
-  userSymKey: "_user_sym",
+  userKey: "_user_key",
 
   autoKey: "_masterkey_auto",
   biometricKey: "_masterkey_biometric",
@@ -122,7 +122,7 @@ export class StateService<
           // FIXME: This should be refactored into AuthService or a similar service,
           //  as checking for the existence of the crypto key is a low level
           //  implementation detail.
-          this.activeAccountUnlockedSubject.next((await this.getUserSymKey()) != null);
+          this.activeAccountUnlockedSubject.next((await this.getUserKey()) != null);
         })
       )
       .subscribe();
@@ -559,23 +559,23 @@ export class StateService<
   }
 
   /**
-   * User's symmetric key used to encrypt/decrypt data
+   * user key used to encrypt/decrypt data
    */
-  async getUserSymKey(options?: StorageOptions): Promise<UserSymKey> {
+  async getUserKey(options?: StorageOptions): Promise<UserKey> {
     const account = await this.getAccount(
       this.reconcileOptions(options, await this.defaultInMemoryOptions())
     );
-    return account?.keys?.userSymKey as UserSymKey;
+    return account?.keys?.userKey as UserKey;
   }
 
   /**
-   * User's symmetric key used to encrypt/decrypt data
+   * user key used to encrypt/decrypt data
    */
-  async setUserSymKey(value: UserSymKey, options?: StorageOptions): Promise<void> {
+  async setUserKey(value: UserKey, options?: StorageOptions): Promise<void> {
     const account = await this.getAccount(
       this.reconcileOptions(options, await this.defaultInMemoryOptions())
     );
-    account.keys.userSymKey = value;
+    account.keys.userKey = value;
     await this.saveAccount(
       account,
       this.reconcileOptions(options, await this.defaultInMemoryOptions())
@@ -619,21 +619,21 @@ export class StateService<
    * The master key encrypted User symmetric key, saved on every auth
    * so we can unlock with MP offline
    */
-  async getUserSymKeyMasterKey(options?: StorageOptions): Promise<string> {
+  async getUserKeyMasterKey(options?: StorageOptions): Promise<string> {
     return (
       await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskOptions()))
-    )?.keys.userSymKeyMasterKey;
+    )?.keys.userKeyMasterKey;
   }
 
   /**
    * The master key encrypted User symmetric key, saved on every auth
    * so we can unlock with MP offline
    */
-  async setUserSymKeyMasterKey(value: string, options?: StorageOptions): Promise<void> {
+  async setUserKeyMasterKey(value: string, options?: StorageOptions): Promise<void> {
     const account = await this.getAccount(
       this.reconcileOptions(options, await this.defaultOnDiskOptions())
     );
-    account.keys.userSymKeyMasterKey = value;
+    account.keys.userKeyMasterKey = value;
     await this.saveAccount(
       account,
       this.reconcileOptions(options, await this.defaultOnDiskOptions())
@@ -641,9 +641,9 @@ export class StateService<
   }
 
   /**
-   * User's symmetric key when using the "never" option of vault timeout
+   * user key when using the "never" option of vault timeout
    */
-  async getUserSymKeyAuto(options?: StorageOptions): Promise<string> {
+  async getUserKeyAuto(options?: StorageOptions): Promise<string> {
     options = this.reconcileOptions(
       this.reconcileOptions(options, { keySuffix: "auto" }),
       await this.defaultSecureStorageOptions()
@@ -658,9 +658,9 @@ export class StateService<
   }
 
   /**
-   * User's symmetric key when using the "never" option of vault timeout
+   * user key when using the "never" option of vault timeout
    */
-  async setUserSymKeyAuto(value: string, options?: StorageOptions): Promise<void> {
+  async setUserKeyAuto(value: string, options?: StorageOptions): Promise<void> {
     options = this.reconcileOptions(
       this.reconcileOptions(options, { keySuffix: "auto" }),
       await this.defaultSecureStorageOptions()
@@ -674,7 +674,7 @@ export class StateService<
   /**
    * User's encrypted symmetric key when using biometrics
    */
-  async getUserSymKeyBiometric(options?: StorageOptions): Promise<string> {
+  async getUserKeyBiometric(options?: StorageOptions): Promise<string> {
     options = this.reconcileOptions(
       this.reconcileOptions(options, { keySuffix: "biometric" }),
       await this.defaultSecureStorageOptions()
@@ -688,7 +688,7 @@ export class StateService<
     );
   }
 
-  async hasUserSymKeyBiometric(options?: StorageOptions): Promise<boolean> {
+  async hasUserKeyBiometric(options?: StorageOptions): Promise<boolean> {
     options = this.reconcileOptions(
       this.reconcileOptions(options, { keySuffix: "biometric" }),
       await this.defaultSecureStorageOptions()
@@ -702,7 +702,7 @@ export class StateService<
     );
   }
 
-  async setUserSymKeyBiometric(value: BiometricKey, options?: StorageOptions): Promise<void> {
+  async setUserKeyBiometric(value: BiometricKey, options?: StorageOptions): Promise<void> {
     options = this.reconcileOptions(
       this.reconcileOptions(options, { keySuffix: "biometric" }),
       await this.defaultSecureStorageOptions()
@@ -713,36 +713,36 @@ export class StateService<
     await this.saveSecureStorageKey(partialKeys.userBiometricKey, value, options);
   }
 
-  async getUserSymKeyPin(options?: StorageOptions): Promise<EncString> {
+  async getUserKeyPin(options?: StorageOptions): Promise<EncString> {
     return EncString.fromJSON(
       (await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskOptions())))
-        ?.settings?.userSymKeyPin
+        ?.settings?.userKeyPin
     );
   }
 
-  async setUserSymKeyPin(value: EncString, options?: StorageOptions): Promise<void> {
+  async setUserKeyPin(value: EncString, options?: StorageOptions): Promise<void> {
     const account = await this.getAccount(
       this.reconcileOptions(options, await this.defaultOnDiskOptions())
     );
-    account.settings.userSymKeyPin = value?.encryptedString;
+    account.settings.userKeyPin = value?.encryptedString;
     await this.saveAccount(
       account,
       this.reconcileOptions(options, await this.defaultOnDiskOptions())
     );
   }
 
-  async getUserSymKeyPinEphemeral(options?: StorageOptions): Promise<EncString> {
+  async getUserKeyPinEphemeral(options?: StorageOptions): Promise<EncString> {
     return EncString.fromJSON(
       (await this.getAccount(this.reconcileOptions(options, await this.defaultInMemoryOptions())))
-        ?.settings?.userSymKeyPinEphemeral
+        ?.settings?.userKeyPinEphemeral
     );
   }
 
-  async setUserSymKeyPinEphemeral(value: EncString, options?: StorageOptions): Promise<void> {
+  async setUserKeyPinEphemeral(value: EncString, options?: StorageOptions): Promise<void> {
     const account = await this.getAccount(
       this.reconcileOptions(options, await this.defaultInMemoryOptions())
     );
-    account.settings.userSymKeyPinEphemeral = value?.encryptedString;
+    account.settings.userKeyPinEphemeral = value?.encryptedString;
     await this.saveAccount(
       account,
       this.reconcileOptions(options, await this.defaultInMemoryOptions())
@@ -750,7 +750,7 @@ export class StateService<
   }
 
   /**
-   * @deprecated Use UserSymKeyAuto instead
+   * @deprecated Use UserKeyAuto instead
    */
   async getCryptoMasterKeyAuto(options?: StorageOptions): Promise<string> {
     options = this.reconcileOptions(
@@ -767,7 +767,7 @@ export class StateService<
   }
 
   /**
-   * @deprecated Use UserSymKeyAuto instead
+   * @deprecated Use UserKeyAuto instead
    */
   async setCryptoMasterKeyAuto(value: string, options?: StorageOptions): Promise<void> {
     options = this.reconcileOptions(
@@ -806,7 +806,7 @@ export class StateService<
   }
 
   /**
-   * @deprecated Use UserSymKeyBiometric instead
+   * @deprecated Use UserKeyBiometric instead
    */
   async getCryptoMasterKeyBiometric(options?: StorageOptions): Promise<string> {
     options = this.reconcileOptions(
@@ -823,7 +823,7 @@ export class StateService<
   }
 
   /**
-   * @deprecated Use UserSymKeyBiometric instead
+   * @deprecated Use UserKeyBiometric instead
    */
   async hasCryptoMasterKeyBiometric(options?: StorageOptions): Promise<boolean> {
     options = this.reconcileOptions(
@@ -840,7 +840,7 @@ export class StateService<
   }
 
   /**
-   * @deprecated Use UserSymKeyBiometric instead
+   * @deprecated Use UserKeyBiometric instead
    */
   async setCryptoMasterKeyBiometric(value: BiometricKey, options?: StorageOptions): Promise<void> {
     options = this.reconcileOptions(
@@ -890,7 +890,7 @@ export class StateService<
   }
 
   /**
-   * @deprecated Use UserSymKey instead
+   * @deprecated Use UserKey instead
    */
   async getDecryptedCryptoSymmetricKey(options?: StorageOptions): Promise<SymmetricCryptoKey> {
     const account = await this.getAccount(
@@ -900,7 +900,7 @@ export class StateService<
   }
 
   /**
-   * @deprecated Use UserSymKey instead
+   * @deprecated Use UserKey instead
    */
   async setDecryptedCryptoSymmetricKey(
     value: SymmetricCryptoKey,
@@ -1601,7 +1601,7 @@ export class StateService<
   }
 
   /**
-   * @deprecated Use UserSymKey instead
+   * @deprecated Use UserKey instead
    */
   async getEncryptedCryptoSymmetricKey(options?: StorageOptions): Promise<string> {
     return (
@@ -1610,7 +1610,7 @@ export class StateService<
   }
 
   /**
-   * @deprecated Use UserSymKey instead
+   * @deprecated Use UserKey instead
    */
   async setEncryptedCryptoSymmetricKey(value: string, options?: StorageOptions): Promise<void> {
     const account = await this.getAccount(
@@ -3018,8 +3018,8 @@ export class StateService<
 
   protected async removeAccountFromSecureStorage(userId: string = null): Promise<void> {
     userId = userId ?? (await this.state())?.activeUserId;
-    await this.setUserSymKeyAuto(null, { userId: userId });
+    await this.setUserKeyAuto(null, { userId: userId });
-    await this.setUserSymKeyBiometric(null, { userId: userId });
+    await this.setUserKeyBiometric(null, { userId: userId });
     await this.setCryptoMasterKeyAuto(null, { userId: userId });
     await this.setCryptoMasterKeyBiometric(null, { userId: userId });
     await this.setCryptoMasterKeyB64(null, { userId: userId });

libs/common/src/platform/services/system.service.ts

@@ -39,7 +39,7 @@ export class SystemService implements SystemServiceAbstraction {
     }
 
     // User has set a PIN, with ask for master password on restart, to protect their vault
-    const ephemeralPin = await this.stateService.getUserSymKeyPinEphemeral();
+    const ephemeralPin = await this.stateService.getUserKeyPinEphemeral();
     if (ephemeralPin != null) {
       return;
     }

libs/common/src/services/device-crypto.service.implementation.ts

@@ -9,7 +9,7 @@ import { StateService } from "../platform/abstractions/state.service";
 import {
   SymmetricCryptoKey,
   DeviceKey,
-  UserSymKey,
+  UserKey,
 } from "../platform/models/domain/symmetric-crypto-key";
 import { CsprngArray } from "../types/csprng";
 
@@ -24,11 +24,11 @@ export class DeviceCryptoService implements DeviceCryptoServiceAbstraction {
   ) {}
 
   async trustDevice(): Promise<DeviceResponse> {
-    // Attempt to get user symmetric key
+    // Attempt to get user key
-    const userSymKey: UserSymKey = await this.cryptoService.getUserKeyFromMemory();
+    const userKey: UserKey = await this.cryptoService.getUserKeyFromMemory();
 
-    // If user symmetric key is not found, throw error
+    // If user key is not found, throw error
-    if (!userSymKey) {
+    if (!userKey) {
       throw new Error("User symmetric key not found");
     }
 
@@ -41,15 +41,15 @@ export class DeviceCryptoService implements DeviceCryptoServiceAbstraction {
     );
 
     const [
-      devicePublicKeyEncryptedUserSymKey,
+      devicePublicKeyEncryptedUserKey,
-      userSymKeyEncryptedDevicePublicKey,
+      userKeyEncryptedDevicePublicKey,
       deviceKeyEncryptedDevicePrivateKey,
     ] = await Promise.all([
-      // Encrypt user symmetric key with the DevicePublicKey
+      // Encrypt user key with the DevicePublicKey
-      this.cryptoService.rsaEncrypt(userSymKey.encKey, devicePublicKey),
+      this.cryptoService.rsaEncrypt(userKey.encKey, devicePublicKey),
 
-      // Encrypt devicePublicKey with user symmetric key
+      // Encrypt devicePublicKey with user key
-      this.encryptService.encrypt(devicePublicKey, userSymKey),
+      this.encryptService.encrypt(devicePublicKey, userKey),
 
       // Encrypt devicePrivateKey with deviceKey
       this.encryptService.encrypt(devicePrivateKey, deviceKey),
@@ -59,8 +59,8 @@ export class DeviceCryptoService implements DeviceCryptoServiceAbstraction {
     const deviceIdentifier = await this.appIdService.getAppId();
     return this.devicesApiService.updateTrustedDeviceKeys(
       deviceIdentifier,
-      devicePublicKeyEncryptedUserSymKey.encryptedString,
+      devicePublicKeyEncryptedUserKey.encryptedString,
-      userSymKeyEncryptedDevicePublicKey.encryptedString,
+      userKeyEncryptedDevicePublicKey.encryptedString,
       deviceKeyEncryptedDevicePrivateKey.encryptedString
     );
   }

libs/common/src/services/device-crypto.service.spec.ts

@@ -11,7 +11,7 @@ import { EncString } from "../platform/models/domain/enc-string";
 import {
   SymmetricCryptoKey,
   DeviceKey,
-  UserSymKey,
+  UserKey,
 } from "../platform/models/domain/symmetric-crypto-key";
 import { CryptoService } from "../platform/services/crypto.service";
 import { CsprngArray } from "../types/csprng";
@@ -51,7 +51,7 @@ describe("deviceCryptoService", () => {
 
   describe("Trusted Device Encryption", () => {
     const deviceKeyBytesLength = 64;
-    const userSymKeyBytesLength = 64;
+    const userKeyBytesLength = 64;
 
     describe("getDeviceKey", () => {
       let mockRandomBytes: CsprngArray;
@@ -128,15 +128,15 @@ describe("deviceCryptoService", () => {
       let mockDeviceKeyRandomBytes: CsprngArray;
       let mockDeviceKey: DeviceKey;
 
-      let mockUserSymKeyRandomBytes: CsprngArray;
+      let mockUserKeyRandomBytes: CsprngArray;
-      let mockUserSymKey: UserSymKey;
+      let mockUserKey: UserKey;
 
       const deviceRsaKeyLength = 2048;
       let mockDeviceRsaKeyPair: [ArrayBuffer, ArrayBuffer];
       let mockDevicePrivateKey: ArrayBuffer;
       let mockDevicePublicKey: ArrayBuffer;
-      let mockDevicePublicKeyEncryptedUserSymKey: EncString;
+      let mockDevicePublicKeyEncryptedUserKey: EncString;
-      let mockUserSymKeyEncryptedDevicePublicKey: EncString;
+      let mockUserKeyEncryptedDevicePublicKey: EncString;
       let mockDeviceKeyEncryptedDevicePrivateKey: EncString;
 
       const mockDeviceResponse: DeviceResponse = new DeviceResponse({
@@ -163,8 +163,8 @@ describe("deviceCryptoService", () => {
         mockDeviceKeyRandomBytes = new Uint8Array(deviceKeyBytesLength).buffer as CsprngArray;
         mockDeviceKey = new SymmetricCryptoKey(mockDeviceKeyRandomBytes) as DeviceKey;
 
-        mockUserSymKeyRandomBytes = new Uint8Array(userSymKeyBytesLength).buffer as CsprngArray;
+        mockUserKeyRandomBytes = new Uint8Array(userKeyBytesLength).buffer as CsprngArray;
-        mockUserSymKey = new SymmetricCryptoKey(mockUserSymKeyRandomBytes) as UserSymKey;
+        mockUserKey = new SymmetricCryptoKey(mockUserKeyRandomBytes) as UserKey;
 
         mockDeviceRsaKeyPair = [
           new ArrayBuffer(deviceRsaKeyLength),
@@ -174,14 +174,14 @@ describe("deviceCryptoService", () => {
         mockDevicePublicKey = mockDeviceRsaKeyPair[0];
         mockDevicePrivateKey = mockDeviceRsaKeyPair[1];
 
-        mockDevicePublicKeyEncryptedUserSymKey = new EncString(
+        mockDevicePublicKeyEncryptedUserKey = new EncString(
           EncryptionType.Rsa2048_OaepSha1_B64,
-          "mockDevicePublicKeyEncryptedUserSymKey"
+          "mockDevicePublicKeyEncryptedUserKey"
         );
 
-        mockUserSymKeyEncryptedDevicePublicKey = new EncString(
+        mockUserKeyEncryptedDevicePublicKey = new EncString(
           EncryptionType.AesCbc256_HmacSha256_B64,
-          "mockUserSymKeyEncryptedDevicePublicKey"
+          "mockUserKeyEncryptedDevicePublicKey"
         );
 
         mockDeviceKeyEncryptedDevicePrivateKey = new EncString(
@@ -200,17 +200,17 @@ describe("deviceCryptoService", () => {
 
         cryptoSvcGetUserKeyFromMemorySpy = jest
           .spyOn(cryptoService, "getUserKeyFromMemory")
-          .mockResolvedValue(mockUserSymKey);
+          .mockResolvedValue(mockUserKey);
 
         cryptoSvcRsaEncryptSpy = jest
           .spyOn(cryptoService, "rsaEncrypt")
-          .mockResolvedValue(mockDevicePublicKeyEncryptedUserSymKey);
+          .mockResolvedValue(mockDevicePublicKeyEncryptedUserKey);
 
         encryptServiceEncryptSpy = jest
           .spyOn(encryptService, "encrypt")
           .mockImplementation((plainValue, key) => {
-            if (plainValue === mockDevicePublicKey && key === mockUserSymKey) {
+            if (plainValue === mockDevicePublicKey && key === mockUserKey) {
-              return Promise.resolve(mockUserSymKeyEncryptedDevicePublicKey);
+              return Promise.resolve(mockUserKeyEncryptedDevicePublicKey);
             }
             if (plainValue === mockDevicePrivateKey && key === mockDeviceKey) {
               return Promise.resolve(mockDeviceKeyEncryptedDevicePrivateKey);
@@ -240,8 +240,8 @@ describe("deviceCryptoService", () => {
         expect(devicesApiServiceUpdateTrustedDeviceKeysSpy).toHaveBeenCalledTimes(1);
         expect(devicesApiServiceUpdateTrustedDeviceKeysSpy).toHaveBeenCalledWith(
           mockDeviceId,
-          mockDevicePublicKeyEncryptedUserSymKey.encryptedString,
+          mockDevicePublicKeyEncryptedUserKey.encryptedString,
-          mockUserSymKeyEncryptedDevicePublicKey.encryptedString,
+          mockUserKeyEncryptedDevicePublicKey.encryptedString,
           mockDeviceKeyEncryptedDevicePrivateKey.encryptedString
         );
 
@@ -249,7 +249,7 @@ describe("deviceCryptoService", () => {
         expect(response).toEqual(mockDeviceResponse);
       });
 
-      it("throws specific error if user symmetric key is not found", async () => {
+      it("throws specific error if user key is not found", async () => {
         // setup the spy to return null
         cryptoSvcGetUserKeyFromMemorySpy.mockResolvedValue(null);
         // check if the expected error is thrown

libs/common/src/services/devices/devices-api.service.implementation.ts

@@ -41,13 +41,13 @@ export class DevicesApiServiceImplementation implements DevicesApiServiceAbstrac
 
   async updateTrustedDeviceKeys(
     deviceIdentifier: string,
-    devicePublicKeyEncryptedUserSymKey: string,
+    devicePublicKeyEncryptedUserKey: string,
-    userSymKeyEncryptedDevicePublicKey: string,
+    userKeyEncryptedDevicePublicKey: string,
     deviceKeyEncryptedDevicePrivateKey: string
   ): Promise<DeviceResponse> {
     const request = new TrustedDeviceKeysRequest(
-      devicePublicKeyEncryptedUserSymKey,
+      devicePublicKeyEncryptedUserKey,
-      userSymKeyEncryptedDevicePublicKey,
+      userKeyEncryptedDevicePublicKey,
       deviceKeyEncryptedDevicePrivateKey
     );
 

libs/common/src/services/vaultTimeout/vaultTimeout.service.ts

@@ -72,7 +72,7 @@ export class VaultTimeoutService implements VaultTimeoutServiceAbstraction {
     if (await this.keyConnectorService.getUsesKeyConnector()) {
       const pinSet = await this.vaultTimeoutSettingsService.isPinLockSet();
 
-      let ephemeralPinSet = await this.stateService.getUserSymKeyPinEphemeral();
+      let ephemeralPinSet = await this.stateService.getUserKeyPinEphemeral();
       ephemeralPinSet ||= await this.stateService.getDecryptedPinProtected();
       const pinLock = (pinSet[0] && ephemeralPinSet != null) || pinSet[1];
 
@@ -87,7 +87,7 @@ export class VaultTimeoutService implements VaultTimeoutServiceAbstraction {
     }
 
     await this.stateService.setEverBeenUnlocked(true, { userId: userId });
-    await this.stateService.setUserSymKeyAuto(null, { userId: userId });
+    await this.stateService.setUserKeyAuto(null, { userId: userId });
     await this.stateService.setCryptoMasterKeyAuto(null, { userId: userId });
 
     await this.cryptoService.clearUserKey(false, userId);

libs/common/src/services/vaultTimeout/vaultTimeoutSettings.service.ts

@@ -48,12 +48,12 @@ export class VaultTimeoutSettingsService implements VaultTimeoutSettingsServiceA
     // we can't check the protected pin for both because old accounts only
     // used it for MP on Restart
     const pinIsEnabled = !!(await this.stateService.getProtectedPin());
-    const aUserSymKeyPinIsSet = !!(await this.stateService.getUserSymKeyPin());
+    const aUserKeyPinIsSet = !!(await this.stateService.getUserKeyPin());
-    const anOldUserSymKeyPinIsSet = !!(await this.stateService.getEncryptedPinProtected());
+    const anOldUserKeyPinIsSet = !!(await this.stateService.getEncryptedPinProtected());
 
     return [
-      pinIsEnabled && !aUserSymKeyPinIsSet && !anOldUserSymKeyPinIsSet,
+      pinIsEnabled && !aUserKeyPinIsSet && !anOldUserKeyPinIsSet,
-      aUserSymKeyPinIsSet || anOldUserSymKeyPinIsSet,
+      aUserKeyPinIsSet || anOldUserKeyPinIsSet,
     ];
   }
 
@@ -111,7 +111,7 @@ export class VaultTimeoutSettingsService implements VaultTimeoutSettingsServiceA
 
   async clear(userId?: string): Promise<void> {
     await this.stateService.setEverBeenUnlocked(false, { userId: userId });
-    await this.stateService.setUserSymKeyPinEphemeral(null, { userId: userId });
+    await this.stateService.setUserKeyPinEphemeral(null, { userId: userId });
     await this.stateService.setProtectedPin(null, { userId: userId });
     await this.cryptoService.clearOldPinKeys(userId);
   }

libs/common/src/vault/services/sync/sync.service.ts

@@ -303,7 +303,7 @@ export class SyncService implements SyncServiceAbstraction {
       throw new Error("Stamp has changed");
     }
 
-    await this.cryptoService.setUserSymKeyMasterKey(response.key);
+    await this.cryptoService.setUserKeyMasterKey(response.key);
     await this.cryptoService.setPrivateKey(response.privateKey);
     await this.cryptoService.setProviderKeys(response.providers);
     await this.cryptoService.setOrgKeys(response.organizations, response.providerOrganizations);