Hello,
I’m trying to implement the decryption mechanism of Bitwarden ciphers. I managed to decrypt the cipher data but I found that MAC validation of the cipher text is failing only when cipher key exists. I’m using HMAC-SHA256 algorithm with decrypted key as input to generate the hash, updating it using the initialization vector and the encrypted data then comparing it with the MAC of the encrypted data. The described MAC validation mechanism works when decrypting user symmetric key, cipher key(if exists), and cipher data if the cipher key doesn’t exist(use user symmetric key directly) but fails otherwise.
I’m not sure if I’m missing information about MAC validation in case of the presence of the cipher key. I’m using Linux CLI as client to generate the item then I try to programmatically retrieve ciphers JSON from the corresponding API and decrypt the information within.
I would like to know if there is an issue in my approach and if there is a way to do it correctly.
Thank you very much.
Ahmad.