Is there a way to read the encrypted export?

I was wondering if there is some offline tool to decrypt the encrypted export, provided it was given my master password?

Or is the only way to decrypt it by importing into the account it was exported from?

Thanks

Welcome, @Henoboy! Great question.

The current implementation is for importing back into the same Bitwarden Vault, as it is encrypted with that Vault’s encryption key.

If you rotate keys, you’ll need to make new backups also.

1 Like

Thanks for the quick response!

Are there any plans to implement a local decryption sometime in the future?

There’s always the option where I can export a plaintext version and encrypt it myself but it’s nice if Bitwarden could do this automatically.

Thanks.

1 Like

The idea of having a local decryption tool that @Henoboy mentioned would make it a true backup of a vault.

What is the current utility of having an encrypted export if it can only be imported to the same vault with the same master password? Versioned backups of vault entries in case something has been deleted and the trash emptied?

Additional export/backup options will be evaluated in the future for sure. The goal for this is to be able to support a non-plaintext backup.

Note: changing your master password doesn’t affect the backup, only your encryption key. Your account’s encryption key is what is protected by your MP + Email + Salt, so an import will still work until you rotate encryption keys.

So, correct me if I’m wrong, I just want to be sure :

For now, if my account has a problem and I need to delete it and create another one (even with the same email), I won’t be able to import my encrypted export in the new account ? All my passwords are lost ?

That is correct. The current implementation of encrypted export does not serve as a secure offline backup. It requires you maintain your Bitwarden account AND do you rotate your encryption key.

If you rotate your key, you lose the ability to decrypt the export.
Bitwarden goes offline (temporarily or permanently) you lose the ability to decrypt the export.

So what is the use case for the current encrypted backup when it can only be imported to the same vault with the same encryption keys?

4 Likes

Yes, this seems like something that really misses its own point. If the backup can not be used with a different account or, more importantly, outside of Bitwarden, then there’s not much use in backing up at all, since, if the scenario comes about where you would have to restore the backup, e.g. if your account is compromised or Bitwarden goes down as a whole, the backup could not be opened. So the backup does not help in an actual restore scenario.

I disagree. Last month I was stupid enough to delete my vault, though not reading something properly. I was able to restore the encrypted backup (after I had finished laughing at my stupidity) and I breathed a sigh of relief.

There are plenty of scenarios where this will not work, which is why for those I have other backups too.

According to posts here the current encrypted backup is the first stage of further encrypted backups. I’m happy for this to be done and tested thoroughly before it is released. With software like this the half-baked software of certain other developers is not a good idea.

2 Likes

If the backup can not be used with a different account or, more importantly, outside of Bitwarden, then there’s not much use in backing up at all, since, if the scenario comes about where you would have to restore the backup, e.g. if your account is compromised or Bitwarden goes down as a whole, the backup could not be opened.

The encrypted backup was very useful to me when I stupidly deleted my vault. After I cursed myself for my stupidity I restored and all was back to normal.

Like anything else one has to understand what a feature does and what it does not do. I also have “unencrypted” backups, stored on heavily encrypted drives, which are there to guard against a number of other potential failures.

1 Like