How do I decrypt values from data.json

BrianWalczak · July 4, 2024, 10:47pm

Hey! So, I’m trying to learn more on how the Bitwarden algorithm works, and I’m trying to find out how I can decrypt the synced vault in data.json. I noticed that whenever you open Bitwarden, regardless if you enter your master password, the data.json file is updated with the encrypted vault data (the username, password, and other sensitive information is an encrypted string).

How am I able to decrypt any encrypted string in the file? I know that whenever you signin to Bitwarden, it returns with the following values:

{
    "access_token": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "expires_in": 3600,
    "token_type": "Bearer",
    "refresh_token": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-1",
    "scope": "api offline_access",
    "PrivateKey": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "Key": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "MasterPasswordPolicy": null,
    "ForcePasswordReset": false,
    "ResetMasterPassword": false,
    "Kdf": 0,
    "KdfIterations": 600000,
    "KdfMemory": null,
    "KdfParallelism": null,
    "UserDecryptionOptions": {
        "HasMasterPassword": true,
        "Object": "userDecryptionOptions"
    }
}

According to this graph by Bitwarden, the server returns a Protected Symmetric Key which is paired with the Stretched Master Key to unlock the vault.

In Javascript, how am I able to use crypto and these security keys to decrypt the value? Thanks :))

grb · July 4, 2024, 11:30pm

@BrianWalczak Welcome to the forum!

If you’re just trying to learn how things work, you may want to check out Bitwarden’s interactive cryptography tool. If you actually need to decrypt one of your data.json files, you can try a tool like BitwardenDecrypt — however, please note that this tool has not been updated since 2022, and may no longer work correctly; nonetheless, you may be able to write your own data.json decryption tool by following that example.

BrianWalczak · July 4, 2024, 11:36pm

Hey thanks for the response! I’ve been taking a look on the cryptography tool, and I was wondering, how am I able to decrypt the protected symmetric key that Bitwarden provides to a symmetric key that I can use to decrypt items in the vault?

grb · July 5, 2024, 12:17am

How far have you gotten? Are you able to create your stretched master key based on your master password?

BrianWalczak · July 5, 2024, 2:48am

I’ve been able to derive my master key and my master hash, and then stretch my master key. I’m a bit stuck on decrypting the symmetric key. According to Bitwarden I need the encrypted symmetric key and the stretched master key to decrypt it. Do you know where I can find a reference to decrypting that in the source code?

I appreciate your help!
Cheers.

grb · July 5, 2024, 1:57pm

You’ll have an easier time examining the source code of the interactive cryptography page. The protected symmetric key is decrypted by the stretched master key on Line 562, using the function aesDecrypt, which is defined starting on Line 311.

BrianWalczak · July 5, 2024, 2:28pm

I’ve been looking at that and I believe that’s what I’m looking for, thanks