Implement cipher key encryption #1397

New Issue

MrUnknownDE · 2026-04-06T01:53:03+02:00

MrUnknownDE commented

2026-04-06 01:53:03 +02:00

Originally created by @dani-garcia on 10/21/2023

New versions of the bitwarden clients will very soon start using separate encryption keys for each cipher, so we need to handle those.

At the same time, I've noticed that the clients have started depending on the version value of the /config endpoint to do backwards compatibility checks, so I think the simplest solution for everyone would be for us to return the server version that most closely matches the features we support.

They are doing the semver checks here:
3e495ab082/libs/common/src/platform/services/config/config.service.ts (L116-L127)

For now the only check they are doing is for version 2023.9.1 for the cipher key encryption feature that this PR implements, so we report that we support that version:
3e495ab082/libs/common/src/vault/services/cipher.service.ts (L56)

Also added the section for feature flags in the config, the current ones reported on the official vault are:

"display-eu-environment": true,
"display-kdf-iteration-warning": true,
"trusted-device-encryption": true,
"sm-ga-billing": true,
"autofill-v2": true

For now as a test I've enabled autofill-v2 as that is an entirely client side change, so it won't affect us

*Originally created by @dani-garcia on 10/21/2023* New versions of the bitwarden clients will very soon start using separate encryption keys for each cipher, so we need to handle those. At the same time, I've noticed that the clients have started depending on the version value of the `/config` endpoint to do backwards compatibility checks, so I think the simplest solution for everyone would be for us to return the server version that most closely matches the features we support. They are doing the semver checks here: https://github.com/bitwarden/clients/blob/3e495ab082e2152284a36bb5d2b2fb7a4060cfb3/libs/common/src/platform/services/config/config.service.ts#L116-L127 For now the only check they are doing is for version 2023.9.1 for the cipher key encryption feature that this PR implements, so we report that we support that version: https://github.com/bitwarden/clients/blob/3e495ab082e2152284a36bb5d2b2fb7a4060cfb3/libs/common/src/vault/services/cipher.service.ts#L56 Also added the section for feature flags in the config, the current ones reported on the official vault are: ``` "display-eu-environment": true, "display-kdf-iteration-warning": true, "trusted-device-encryption": true, "sm-ga-billing": true, "autofill-v2": true ``` For now as a test I've enabled autofill-v2 as that is an entirely client side change, so it won't affect us

MrUnknownDE closed this issue

2026-04-06 01:53:03 +02:00

Sign in to join this conversation.

No Label

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#1397