BitwardenDecrypt VS vaultwarden

GitHub - GurpreetKang/BitwardenDecrypt: Decrypts an encrypted Bitwarden data.json file.

Although this claim does apply to the legacy "account-restricted" export, it is definitely not true for the password-protected export (e.g., these can be decryoted using the third-party utility BitwardenDecrypt).

To import the encrypted JSON directly into Keepass, someone in the Keepass community would have to code an import utility; it is technically possible, but I have no idea if anybody has done the work. Alternatively, you would have to use a third-party tool like BitwardenDecrypt to create an decrypted JSON from your encrypted backup, and then condition the file as needed for import into another password manager.

These files can be decrypted using the BitwardenDecrypt utility. In addition, the data.json file can be opened using a copy of the .exe for Bitwarden portable.

Download and archive a copy of the third-party utility BitwardenDecrypt, version 1.6 or higher. This tool can decrypt password-protected JSON exports. The source code is a 5-KB Python file, which you can store on your backup media.

In contrast, the local data.json files contain a cryptoSymmetricKey field, which is the protected symmetric key. Therefore, it is possible to decrypt the data.json files using third-party utilities such as BitwardenDecrypt developed by /u/GurpreetKang, simply by supplying the master password (there is no need to fetch the protected symmetric key from the cloud servers, because it is already packaged with the data file. When it comes to the new password-protected JSON exports, this file format contains a field named encKeyValidation_DO_NOT_EDIT, which appears serve a purpose similar to the cryptoSymmetricKey. However, I admit that I haven't delved into the code details sufficiently to say definitively whether the account encryption key is used to encrypt the password-protected export or not. On closer look, the structure of the of password-protected JSON is significantly different from the data.json, so it is possible I was wrong when I assumed that the encryption process in the password-protected JSON export followed the same scheme as the one used to encrypt the data.json files.

github.com/GurpreetKang/BitwardenDecrypt/tree/Password_Protected_Encrypted_JSON_Export

Someone here, I already did: BitwardenDecrypt

To people who want to self-host this, look at Vaultwarden which is a fully compatible alternate server with even more features:

https://github.com/dani-garcia/vaultwarden

Been running it for a year with 0 issues.

For passwords and 2FA I use Bitwarden in combination with a self-hosted Vaultwarden service (for imcreased security and use of pro features for free).

Vaultwarden as Password-Safe

For this I self-host vaultwarden (https://github.com/dani-garcia/vaultwarden), an implementation of the bitwarden server, on my raspberry pi at home (and back up the DB frequently). It works well enough for me, and doesn't have my stuff stored in a single company's cloud.

Self hosting is incredibly easy with vaultwarden (https://github.com/dani-garcia/vaultwarden)

I have now switched to using the BitWarden app with the self-hosted VaultWarden server. I have set it up, so my passwords are only accessible when connected to my home network either physically or with a VPN (I am using tailscale for this).

There are solutions external to the browsers that work pretty well and where you have control on your data :

Floccus for bookmarks (https://floccus.org/) : it works also on mobile devices : a great plus ! You need only a webdav server (or a Nextcloud account), I use Dave (https://github.com/micromata/dave)

Vaultwarden for the passwords (https://github.com/dani-garcia/vaultwarden)

A huge advantage of this solution is that you can have synchronization also between different browsers and on mobile devices.

And it also seems like vaultwarden has no interest in implementing the functionality?

I don't get why they don't do a clean-room implementation if they're so worried about licenses..

https://github.com/dani-garcia/vaultwarden/discussions/3368

Vaultwarden does not implement the secrets manager. It does implement the password manager.

Vaultwarden does not have 100% of all the features that Bitwarden has. To name an example, SSO is missing: https://github.com/dani-garcia/vaultwarden/pull/3154