bitw: Error during sync: could not sync: invalid cipher string
Hi, thanks for building this. An implementation with a Dbus secret service sounds like a great idea!
I am having some trouble with my (fairly huge) dataset from bitwarden.
Doing bitw sync fails with:
could not sync: invalid cipher string <<<REDACTED>>>
Should this happen, and is there a way I should go about debugging this?
About this issue
- Original URL
- State: open
- Created 4 years ago
- Comments: 15 (10 by maintainers)
Commits related to this issue
- decouple the crypto code and its globals into a struct This allows the state for deriving keys and decoding data to be controlled separately from direct globals, allowing us to start having table-bas... — committed to mvdan/bitw by mvdan 4 years ago
- support encrypting to cipher strings The new encrypt method is the opposite of decrypt. TestCipherString now ensures that we're able to roundtrip a cipher string, encrypting and decrypting it to stil... — committed to mvdan/bitw by mvdan 4 years ago
Thanks for checking. I’m a bit confused, because supposedly the AesCbc256_B64 cipher does not use a mac/hmac at all, so we should not be validating any mac either. The code would have also errored out earlier if the mac key or cipher mac component were empty. Perhaps your issue is unrelated to the different cipher type.
Anything else you can tell me about your setup or issue? For example, what the format of your cipher strings looks like. I can’t debug further without having access to input to reproduce the problem, but I also assume you don’t want to give me your encrypted secrets and password. Perhaps you could debug the code yourself, too, since you can reproduce the issue.
@esiqveland were you able to try your setup again? You definitely did have AesCbc256_B64 ciphers, so it would be useful to know if the issue was indeed fixed for you or not 😃
Indeed, it’s a bit of a chicken and egg situation 😃 It’s hard to properly support all of bitwarden’s API and features when they don’t document any of it.
Thanks for pointing out the js/ts code, though, that sounds straightforward enough. I’ll push a branch for @kryptt to try.