I’m trying to implement the decryption mechanism of Bitwarden ciphers. I managed to decrypt the cipher data but I found that MAC validation of the cipher text is failing only when cipher key exists. I’m using HMAC-SHA256 algorithm with decrypted key as input to generate the hash, updating it using the initialization vector and the encrypted data then comparing it with the MAC of the encrypted data. The described MAC validation mechanism works when decrypting user symmetric key, cipher key(if exists), and cipher data if the cipher key doesn’t exist(use user symmetric key directly) but fails otherwise.
I’m not sure if I’m missing information about MAC validation in case of the presence of the cipher key. I’m using Linux CLI as client to generate the item then I try to programmatically retrieve ciphers JSON from the corresponding API and decrypt the information within.
I would like to know if there is an issue in my approach and if there is a way to do it correctly.
This is an update on the previous inquiry. It seems that I was not applying the PKCS#7 unpadding on the cipher key after decrypting it. This was affecting the Expected MAC output.
If anyone is interested in bitwarden encryption, padding is extremely important!
Sorry I must have missed your question when you first posted it. Perhaps I could have provided some pointers, although I doubt I would have been able to identify the root cause of your problem. Nonetheless, I’m glad you figured it out!
From time to time, we get users who wish to experiment with Bitwarden’s encryption and decryption algorithms, so I’m sure that your post will be helpful to somebody in the future — thank you for posting the follow-up.