passwords Cant decrypt cipher 5bc9ae26-b873-4261-8d7e-a739088b39f4, broken ? (client.py:1710)

[commonism]

Recently I noticed I got some credentials in vaultwarden which were not accessible using bitwardentools.

bitwardentools been logging

 passwords    Cant decrypt cipher 5bc9ae26-b873-4261-8d7e-a739088b39f4, broken ? (client.py:1710)

I've tracked it down to:

bitwardentools/src/bitwardentools/crypto.py

Lines 213 to 217 in cd8748c

	def decrypt_sym(dct, key, div, dmac, *a, **kw):
	enc, mac = get_sym_enc_mac(key)
	hdmac = hmac_new(mac, div + dct, sha256).digest()
	if hdmac != dmac:
	raise DecryptError(f"Symetric hmac verification failed {hdmac} / {dmac}")

The "Symetric hmac verification failed" is swallowed on the way.

The credentiala are part of a collection, other credentials of the same collection work fine.

New credentials created using the bitwarden browser plugin or vaultwardenweb are unreadable by bitwardentools, fine to use in browser plugin.

[commonism]

vaultwarden-web is not affected (yet?), but recent versions of the bitwarden browser plugin use the key field on the item to store a key to use instead of the org/user key.
bitwarden-tools do not honor the items key and use the org/user key instead, failing the hmac.

possible fix is:
da98abd

[kiorky]

fixed in latest release.