To conclude (for now) this extensive look at 1Password, we’ll go back a little to see how local private vaults work. Initially, local vaults were all you had (though they could be synced over Dropbox and other methods). These are documented separately from the cloud based “Teams” system. Now, local vaults are basically being discouraged in favor of the cloud system.

But you can still have a mix of local and loud vaults. So it’s worth seeing how those affect the way data is stored in 1Password.

In previous installments, we looked at the Two-Secret Key Derivation (2SKD) process, Encrypted Master Keys, and shared vaults.

Unlocking 1Password

When you have multiple cloud-based accounts set up on a client, the first account is designated as “primary.” That account’s master password is used to unlock all the other accounts on the client. On macOS, this makes use of the 2SKD system, while on Windows systems, it’s EMK. However, if your client includes local vaults, this changes a little.

As you may recall, the user’s master password is used to decrypt (eventually) the “enc_login” field in the client’s “accounts” table. On macOS, we use the 2SKD process to decrypt the first keyset, which then decrypts this item. In Windows, it’s the EMK which provides the decryption key. With private vaults, it’s yet another system, a bit closer to the Windows approach.

First, we now have (at least on macOS) two databases to look at: B5.sqlite (the cloud-based database), and OnePassword.sqlite (local vaults). In the OnePassword database is a “profiles” table with some important information for each locally configured account:

"master_key_data": "b3BkYXRhMDEAAQAAAAAAAJrZ9cB1XuVW3WQnyIT1PpUtFXItUzA3QdZZz7hM0ZXQbTn-Z640H7_A3ScP3Xic3xmqfBSnqm1Qd7BXTFttv6VUgcAakdIZ-9vvubj27qPY9vgMegjIB6S1jWGzd6gVk0NaaFu9DBcqrCW5BCJBA2T27hsQWIn6iQYvWRslBYRoZ095XNyDOasqa45Z0sM3dYoXOQiRQ5ZoI6RnIH-mzSjhXrjBnh3U3ebkoEkGxjmZI5zgSn8TbFOInxQXI3HwC_wxgj6PQGqUIG06ThU_KmRxtxAhv7-xcyXVOLpgtwBBAsNy1k0Kv2O8H9gkSl3t-8jhZPCPXUvSXDpTyWyEmIYo1XDoHWSDIbDYGxuh9x5iutDg7WnrQhOXGqt9a-oFjdkxtoFAkXhZJDfxjUcyDhUFBMs3yPTFTmlbkLlx8EDc"

"salt": "AXJZTNToCfbWGM61D5fg3w=="

"overview_key_data": "b3BkYXRhMDFAAAAAAAAAAJzboCGXnL8Llq53Jm8uFe89hyboywL-FboHXcXOiJDCLRQBKsA1sAxbZEkV57VbI3MLQ2cfYS9oA1grouKGlUWSlkCuZaW8vXRDnQXu1iHRD4C9ISYp6RgQwtauH_lMyil5iWMBH3JkTr5Wfb0aT0hLUVCIciE18erkCKEmQYO5"

"iterations": 100000

This data is combined with the user’s Master Password to decrypt an opdata-structured enc_login field, back in the B5 (cloud) database:

"enc_login": "b3BkYXRhMDHJAQAAAAAAAMPjUUROLiKTN4C0bBYXL1N2vkCAq3wmkID7pf_4MWOlTtHS8P5eYQOqn9AZ9GIxGq8cngOhTRQVXinCssNoZTw-bhtE8TSVX32ZW5vUpvZH18O_j36xHuGJe_ylP2IeNdT_bGp1w9d_QF04pDXRN79YNq7rc_26trLel16VSTE6qfeS0y6Ve9l6ngjeSFeh20xgz_aUSZ8MEGzlIjimZCcvs9bn0HxE_ZCwdBvNe9-UNnSstwUoFPRGy1Sy8pYK9RgDQyEUTmPT2ir0SK0Ov3zopx5qITZoucWPCmI-EDxdF4mA7-lpEVaQiVlDqVZqkk92DGdLZZEAZzdgm67eQHnU1b_K-YZWZ_zKHdpTrbLPgNhVaH6RJyboNFidAQvKtpOSnQBS23Xks6NwUKRCg2fE2LuZ-zTvmBL0jvabsJhgVjIQHXIZtAgXYxJXW9xkFNuOS5yb40wTfuYUSesK2MWvOgcv8FGP7iFnYwBtpbD0_SN5-5gd4qiGrETVJkfpalKKdnvOFPUMKpvvXkHwWwu1mKxJiLTRbSbhqq9fm0Rq4Dn-EMg7JmqtAMg2pYxgkEItS3-pwiJmLT4BSHdUyl5bS0l7PoiWQVG5V6NPIXVREwT_RV4kgjGZzu4AT4wmYRVLCDs58SXuZUJG0rZi6q4TEDB4bPWz7pK30GguKUDs"

Decrypting Key Data

First, we need to generate a key based on the Master Password. This is much simpler than the 2SKD process, and involves only the PBKDF2 function:

keys = PBKDF2('sha512', password, salt, iterations, 64)

The password is what the user enters, the salt and iterations count come from the profiles table, the hash function used is SHA-512, and a total of 64 bytes are generated. This generates a pair of keys: a 256-bit AES key, and a 256-bit HMAC key.

These keys are then used to decrypt the “master_key_data” and “overview_key_data” items, which are both opdata formatted structures. Once you look at the decrypted output, though, you may be confused – they really look like random bytes. Which is because that’s precisely what they are. The master key data is 256 bytes of random data, and the overview key, 64 bytes.

That data is then used as the input to another SHA-512 operation, which then produces the actual master and overview keys (each being, again, an AES key plus HMAC key, for 512 bits of actual generated key data).

Local Vault Key Generation

Local Vault Key Generation

So the overall function looks like this:

# derive key-encrypting-key from Master Password
#
derived_keys = PBKDF2('sha512', password, salt, iterations, 64)
derived_aes = derived_keys[0:32]
derived_hmac = derived_keys[32:64]

# decrypt key data for Master Key and generate AES+HMAC keys using SHA-512
#
m_data = opdata_decrypt(master_key_data, derived_aes, derived_hmac)
m_keys = SHA512(m_data)
m_aes = m_keys[0:32]
m_hmac = m_keys[32:64]

# do the same for the overview key
#
o_data = opdata_decrypt(overview_key_data, derived_aes, derived_hmac)    
o_keys = SHA512(o_data)
o_aes = o_keys[0:32]
o_hmac = o_keys[32:64]

These two keys are used to decrypt the private vault data. The “overview” key is used for item metadata (name, etc.) while the “master key” decrypts the data itself. We’ll see those in a moment.

The master key also decrypts the “enc_login” data from the accounts table. So let’s see a full example of the key derivation and account data decryption (with some debug data cut out…it was getting a little long).

First, get all the data:

$ python local_keys.py 
Enter data from the 'profiles' table

Enter the iterations parameter: 100000
Enter the salt (hex or base64 encoded): AXJZTNToCfbWGM61D5fg3w==

Enter the master password:
Password: [update-clown-squid-bedpost]

Enter master_key_data (hex or base64): b3BkYXRhMDEAAQAAAAAAAJrZ9cB1XuVW3WQnyIT1PpUtFXItUzA3QdZZz7hM0ZXQbTn-Z640H7_A3ScP3Xic3xmqfBSnqm1Qd7BXTFttv6VUgcAakdIZ-9vvubj27qPY9vgMegjIB6S1jWGzd6gVk0NaaFu9DBcqrCW5BCJBA2T27hsQWIn6iQYvWRslBYRoZ095XNyDOasqa45Z0sM3dYoXOQiRQ5ZoI6RnIH-mzSjhXrjBnh3U3ebkoEkGxjmZI5zgSn8TbFOInxQXI3HwC_wxgj6PQGqUIG06ThU_KmRxtxAhv7-xcyXVOLpgtwBBAsNy1k0Kv2O8H9gkSl3t-8jhZPCPXUvSXDpTyWyEmIYo1XDoHWSDIbDYGxuh9x5iutDg7WnrQhOXGqt9a-oFjdkxtoFAkXhZJDfxjUcyDhUFBMs3yPTFTmlbkLlx8EDc

Enter overview_key_data (hex or base64): b3BkYXRhMDFAAAAAAAAAAJzboCGXnL8Llq53Jm8uFe89hyboywL-FboHXcXOiJDCLRQBKsA1sAxbZEkV57VbI3MLQ2cfYS9oA1grouKGlUWSlkCuZaW8vXRDnQXu1iHRD4C9ISYp6RgQwtauH_lMyil5iWMBH3JkTr5Wfb0aT0hLUVCIciE18erkCKEmQYO5

Enter encrypted login data (from accounts table) (hex / base64): b3BkYXRhMDHJAQAAAAAAAMPjUUROLiKTN4C0bBYXL1N2vkCAq3wmkID7pf_4MWOlTtHS8P5eYQOqn9AZ9GIxGq8cngOhTRQVXinCssNoZTw-bhtE8TSVX32ZW5vUpvZH18O_j36xHuGJe_ylP2IeNdT_bGp1w9d_QF04pDXRN79YNq7rc_26trLel16VSTE6qfeS0y6Ve9l6ngjeSFeh20xgz_aUSZ8MEGzlIjimZCcvs9bn0HxE_ZCwdBvNe9-UNnSstwUoFPRGy1Sy8pYK9RgDQyEUTmPT2ir0SK0Ov3zopx5qITZoucWPCmI-EDxdF4mA7-lpEVaQiVlDqVZqkk92DGdLZZEAZzdgm67eQHnU1b_K-YZWZ_zKHdpTrbLPgNhVaH6RJyboNFidAQvKtpOSnQBS23Xks6NwUKRCg2fE2LuZ-zTvmBL0jvabsJhgVjIQHXIZtAgXYxJXW9xkFNuOS5yb40wTfuYUSesK2MWvOgcv8FGP7iFnYwBtpbD0_SN5-5gd4qiGrETVJkfpalKKdnvOFPUMKpvvXkHwWwu1mKxJiLTRbSbhqq9fm0Rq4Dn-EMg7JmqtAMg2pYxgkEItS3-pwiJmLT4BSHdUyl5bS0l7PoiWQVG5V6NPIXVREwT_RV4kgjGZzu4AT4wmYRVLCDs58SXuZUJG0rZi6q4TEDB4bPWz7pK30GguKUDs

Now, derive the key to decrypt the random key data, using PBKDF2, salt, password, and 100,000 iterations:

Salt                 0172 594c d4e8 09f6 d618 ceb5 0f97 e0df   

Derived key          3288 3880 c6fe fc8f 5bf1 83a8 ed02 b80e  
                     9076 1b6e 44ae 7a62 2e92 a049 1ca6 6ff9  

Derived HMAC key     52cc c9f8 f8e5 34f3 1abb f64e 2135 75a5  
                     bb81 9bd1 4511 b7f9 fe68 c888 0644 8e24  

Next, we decrypt the master_key_data field:

** Decrypting OPDATA structure

Header               6f70 6461 7461 3031                      

PT length            0001 0000 0000 0000                      

IV                   9ad9 f5c0 755e e556 dd64 27c8 84f5 3e95  

CT                   2d15 722d 5330 3741 d659 cfb8 4cd1 95d0  
                     6d39 fe67 ae34 1fbf c0dd 270f dd78 9cdf  
                     19aa 7c14 a7aa 6d50 77b0 574c 5b6d bfa5  
                     5481 c01a 91d2 19fb dbef b9b8 f6ee a3d8  
                     f6f8 0c7a 08c8 07a4 b58d 61b3 77a8 1593  
                     435a 685b bd0c 172a ac25 b904 2241 0364  
                     f6ee 1b10 5889 fa89 062f 591b 2505 8468  
                     674f 795c dc83 39ab 2a6b 8e59 d2c3 3775  
                     8a17 3908 9143 9668 23a4 6720 7fa6 cd28  
                     e15e b8c1 9e1d d4dd e6e4 a049 06c6 3999  
                     239c e04a 7f13 6c53 889f 1417 2371 f00b  
                     fc31 823e 8f40 6a94 206d 3a4e 153f 2a64  
                     71b7 1021 bfbf b173 25d5 38ba 60b7 0041  
                     02c3 72d6 4d0a bf63 bc1f d824 4a5d edfb  
                     c8e1 64f0 8f5d 4bd2 5c3a 53c9 6c84 9886  
                     28d5 70e8 1d64 8321 b0d8 1b1b a1f7 1e62  
                     bad0 e0ed 69eb 4213 971a ab7d 6bea 058d  

HMAC digest          d931 b681 4091 7859 2437 f18d 4732 0e15  
                     0504 cb37 c8f4 c54e 695b 90b9 71f0 40dc  

*** decrypted opdata

Plaintext            1dd6 41be aec2 1fa7 146a ed6a b438 60a9  
                     0a89 4567 8e7d c07a a253 22e8 51cc ca88  
                     c50e 350a 5718 f76d 2812 c318 dbdd 4035  
                     23d3 dd5d 4c37 1c8d d2b5 03ef 197b eb41  
                     4021 e458 0067 ad5f 313a be41 e276 1032  
                     9b09 0fbd eb2d cd47 a6ec 2e8e dcad 1579  
                     5ed3 92a7 d66b fd68 733c 0d60 273e b43b  
                     a761 a49f 3f36 6610 7ba3 b962 02c0 7551  
                     a3ad 26c7 7fa8 3d9a 273f 3dee cfe6 a619  
                     209a dd94 9d47 8dc7 b8e5 650d e92b 7bb2  
                     d443 8200 de09 7e37 f1bf c852 bcdf b131  
                     0145 597e fa05 9d43 88ad 89fe c699 dc0c  
                     7475 693c 374b c7ab ab35 2285 4016 d05d  
                     0c57 43b8 07d4 dc20 aac5 d31e 2743 78a7  
                     a0ea a68d f7d6 b28a e062 b8ea 9c63 45f5  
                     c9e9 87ce e300 b8dd 6bc5 ab9b 5560 742c  

Then pass that data through SHA-512 to get the master AES and HMAC keys:

Priv vault MK        89f4 e31e 16c2 6e0a 0a94 d384 6e98 b990  
                     9d54 0f53 a8a9 16c8 104d 41fe bbdd f7b4  

Priv vault MK HMAC   d1c2 eaef 22e7 c7be 5b6c 8b00 633d 0b89  
                     b6cf d6a9 bff4 d306 d90e f74d ca5d 0ec2  

Now, we do it again, with the overview_key_data:

raw opdata           6f70 6461 7461 3031 4000 0000 0000 0000  
                     9cdb a021 979c bf0b 96ae 7726 6f2e 15ef  
                     3d87 26e8 cb02 fe15 ba07 5dc5 ce88 90c2  
                     2d14 012a c035 b00c 5b64 4915 e7b5 5b23  
                     730b 4367 1f61 2f68 0358 2ba2 e286 9545  
                     9296 40ae 65a5 bcbd 7443 9d05 eed6 21d1  
                     0f80 bd21 2629 e918 10c2 d6ae 1ff9 4cca  
                     2979 8963 011f 7264 4ebe 567d bd1a 4f48  
                     4b51 5088 7221 35f1 eae4 08a1 2641 83b9  

 *** decrypted opdata

Plaintext            f5ac e064 9c41 2807 9077 1754 de08 d4e9  
                     c33b 2cfd 8ac7 f0a1 f4fc 1fab 8d51 c6b7  
                     b227 05ef f36d 2807 9963 1653 3512 fbd8  
                     d924 9fc1 df81 fc98 22d3 b693 4a93 b0ed  

Priv vault OK        c1b2 2cef 7d57 9e4f 74c0 b5bb 4ab3 cb54  
                     1464 e06b daf0 369e 1bd4 945c 1253 e513  

Priv vault OK HMAC   8d6e d2c4 17e2 5549 eb80 95db 3150 86c7  
                     9c52 402a 3c41 da44 0ef4 2ffd c575 b703  

And finally, use the master key to decrypt enc_login:

Header               6f70 6461 7461 3031                      

PT length            c901 0000 0000 0000                      

IV                   c3e3 5144 4e2e 2293 3780 b46c 1617 2f53  

CT                   76be 4080 ab7c 2690 80fb a5ff f831 63a5  
                     4ed1 d2f0 fe5e 6103 aa9f d019 f462 311a  
                     af1c 9e03 a14d 1415 5e29 c2b2 c368 653c  
                     3e6e 1b44 f134 955f 7d99 5b9b d4a6 f647  
                     d7c3 bf8f 7eb1 1ee1 897b fca5 3f62 1e35  
                     d4ff 6c6a 75c3 d77f 405d 38a4 35d1 37bf  
                     5836 aeeb 73fd bab6 b2de 975e 9549 313a  
                     a9f7 92d3 2e95 7bd9 7a9e 08de 4857 a1db  
                     4c60 cff6 9449 9f0c 106c e522 38a6 6427  
                     2fb3 d6e7 d07c 44fd 90b0 741b cd7b df94  
                     3674 acb7 0528 14f4 46cb 54b2 f296 0af5  
                     1803 4321 144e 63d3 da2a f448 ad0e bf7c  
                     e8a7 1e6a 2136 68b9 c58f 0a62 3e10 3c5d  
                     1789 80ef e969 1156 9089 5943 a956 6a92  
                     4f76 0c67 4b65 9100 6737 609b aede 4079  
                     d4d5 bfca f986 5667 fcca 1dda 53ad b2cf  
                     80d8 5568 7e91 2726 e834 589d 010b cab6  
                     9392 9d00 52db 75e4 b3a3 7050 a442 8367  
                     c4d8 bb99 fb34 ef98 12f4 8ef6 9bb0 9860  
                     5632 101d 7219 b408 1763 1257 5bdc 6414  
                     db8e 4b9c 9be3 4c13 7ee6 1449 eb0a d8c5  
                     af3a 072f f051 8fee 2167 6300 6da5 b0f4  
                     fd23 79fb 981d e2a8 86ac 44d5 2647 e96a  
                     528a 767b ce14 f50c 2a9b ef5e 41f0 5b0b  
                     b598 ac49 88b4 d16d 26e1 aaaf 5f9b 446a  
                     e039 fe10 c83b 266a ad00 c836 a58c 6090  
                     422d 4b7f a9c2 2266 2d3e 0148 7754 ca5e  
                     5b4b 497b 3e88 9641 51b9 57a3 4f21 7551  
                     1304 ff45 5e24 8231 99ce ee00 4f8c 2661  
CT length (padded): 464

HMAC digest          154b 083b 39f1 25ee 6542 46d2 b662 eaae  
                     1310 3078 6cf5 b3ee 92b7 d068 2e29 40ec  

*** decrypted opdata           

{
    "SRPComputedXDictionary": {
        "hexX": "QGvcdHIg4TifTEkps07s8wtbahetgMe2SkChdtfTaKA=",
        "params": {
            "alg": "PBES2g-HS256",
            "iterations": 100000,
            "method": "SRPg-4096",
            "salt": "OtQiDn4YnrTMoYXponFtfA=="
        }
    },
    "email": "nobody@example.com",
    "masterUnlockKey": {
        "alg": "A256GCM",
        "ext": true,
        "k": "6VIFjzKXaHctk44NXr8hOenpgwxWgZebtOlGkPwGK-Y=",
        "key": "oct",
        "key_ops": [
            "encrypt",
            "decrypt"
        ],
        "kid": "mp"
    },
    "personalKey": "A3-ASWWYB-798JRY-LJVD4-23DC2-86TVM-H43EB"
}

This looks very similar to what’s stored here for cloud-based accounts – for the primary account, we have the SRP-X password and salt, the master unlock key, and the Secret Key (here called “Personal Key”). The MUK then unlocks the AES key for the first keyset, which can then unlock other accounts’ keysets, and so forth.

Local Vault Storage

So now that we’ve unlocked the client, and have Master and Overview keys, we can also decrypt items stored in local vaults.

Each item has two parts: the overview (stored in the “items” table), and the actual data (in “item_details”.) The overview is encrypted with (surprise!) the overview key, while the data is encrypted with a random key, different for each item.

"data": "b3BkYXRhMDHwAAAAAAAAAEyyVSCt9Dxc6XbLgvoHxU-8cptUB4VIH0ga-YA89_lrY_Rb4vxuZoWnIuLfBm-9zPtOk7A4xuW6Mlim6__VEm2Fi1kprKQLo0lvQhic6fSX2wW_nQIMbkO62haPlcrI6bvq0RQwOCB3bTSoCNIMA_wEDIfY4HTGxkGiZR3HIZmkRHzYiDw62puOmNZabOWc6q7KCE0cKpI_UHCND32WdfdJNHkDApm_7y2d5SMRTUjgpZC5985hSvqVcjFmWDNguoU_Udy9it_WCdjCufvWX-p4C1pLnP4uxDXcgCKGHDAcByLwSONUaPT8v7PsUX-LDJzWPJzow9Kb6PXPiYiiaS7oOMQXZP1NR2wqaHVbEfUxsfX4BWXhkUqFui0F6TBo55pUH0eVdtR7Y8BXvW6EwDA="

"key_data": "TLJVIK30PFzpdsuC-gfFTwTov28jiL5IoV5kIP1HmEBxyoIRb4iy_nd6vRSr-1CU0SCrQt5TO62adCqBh91NSrsNxmqhYwKSSShesTEP3RiBN-KtH6pQGQIPGSQNfSDLVCa5uqbb8l4rmgFa02ikuw=="

"overview_data": "b3BkYXRhMDFcAAAAAAAAAD9fCPZ7qzQ9T3-BOK2RSe8RY0kVouZEADL1OPAUiZu9xDZigzMBtLXg90Gr3-4cc2szZCXLFo7Zch39xcHctWF_-v75bFCtoSnRs8j61zigRn00XLT-1mA72YeTYgYVxcKIGOlQfTXv86Y5FF1dQH6J0AlXJtX9F1Z9Pjb5IzbfCSO_wDHkukvXhZTUiom9zw=="

The key_data structure includes four components:

First, compute the HMAC tag using the encrypted item keys (encryption + HMAC) as the message, and the Master HMAC Key as key. If that matches the the HMAC tag found in the structure, then we know it hasn’t been altered. Now, use the Master AES key to decrypt the item keys, and those keys (AES + HMAC) to decrypt the actual vault item.

Here’s the entire process, starting with generating the master and overview keys:

$ python local_item.py 
Enter master encryption key (base-64 or hex encoded): ifTjHhbCbgoKlNOEbpi5kJ1UD1OoqRbIEE1B_rvd97Q

Enter master HMAC key (base-64 or hex encoded): 0cLq7yLnx75bbIsAYz0LibbP1qm_9NMG2Q73TcpdDsI

Enter overview encryption key (base-64 or hex encoded): wbIs731Xnk90wLW7SrPLVBRk4Gva8DaeG9SUXBJT5RM

Enter master HMAC key (base-64 or hex encoded): jW7SxBfiVUnrgJXbMVCGx5xSQCo8QdpEDvQv_cV1twM

Enter overview data (base-64 or hex): b3BkYXRhMDFcAAAAAAAAAD9fCPZ7qzQ9T3-BOK2RSe8RY0kVouZEADL1OPAUiZu9xDZigzMBtLXg90Gr3-4cc2szZCXLFo7Zch39xcHctWF_-v75bFCtoSnRs8j61zigRn00XLT-1mA72YeTYgYVxcKIGOlQfTXv86Y5FF1dQH6J0AlXJtX9F1Z9Pjb5IzbfCSO_wDHkukvXhZTUiom9zw==

Enter item key data (base-64 or hex): TLJVIK30PFzpdsuC-gfFTwTov28jiL5IoV5kIP1HmEBxyoIRb4iy_nd6vRSr-1CU0SCrQt5TO62adCqBh91NSrsNxmqhYwKSSShesTEP3RiBN-KtH6pQGQIPGSQNfSDLVCa5uqbb8l4rmgFa02ikuw==

Enter item detail data (base-64 or hex): b3BkYXRhMDHwAAAAAAAAAEyyVSCt9Dxc6XbLgvoHxU-8cptUB4VIH0ga-YA89_lrY_Rb4vxuZoWnIuLfBm-9zPtOk7A4xuW6Mlim6__VEm2Fi1kprKQLo0lvQhic6fSX2wW_nQIMbkO62haPlcrI6bvq0RQwOCB3bTSoCNIMA_wEDIfY4HTGxkGiZR3HIZmkRHzYiDw62puOmNZabOWc6q7KCE0cKpI_UHCND32WdfdJNHkDApm_7y2d5SMRTUjgpZC5985hSvqVcjFmWDNguoU_Udy9it_WCdjCufvWX-p4C1pLnP4uxDXcgCKGHDAcByLwSONUaPT8v7PsUX-LDJzWPJzow9Kb6PXPiYiiaS7oOMQXZP1NR2wqaHVbEfUxsfX4BWXhkUqFui0F6TBo55pUH0eVdtR7Y8BXvW6EwDA=

Decrypt the overview data field, using the overview key:

Header               6f70 6461 7461 3031                      

PT length            5c00 0000 0000 0000                      

IV                   3f5f 08f6 7bab 343d 4f7f 8138 ad91 49ef  

CT                   1163 4915 a2e6 4400 32f5 38f0 1489 9bbd  
                     c436 6283 3301 b4b5 e0f7 41ab dfee 1c73  
                     6b33 6425 cb16 8ed9 721d fdc5 c1dc b561  
                     7ffa fef9 6c50 ada1 29d1 b3c8 fad7 38a0  
                     467d 345c b4fe d660 3bd9 8793 6206 15c5  
                     c288 18e9 507d 35ef f3a6 3914 5d5d 407e  
CT length (padded): 96

HMAC digest          89d0 0957 26d5 fd17 567d 3e36 f923 36df  
                     0923 bfc0 31e4 ba4b d785 94d4 8a89 bdcf  

{
    "ainfo": "-",
    "ps": 75,
    "title": "Vault entry for local private vaults",
    "url": "www.example.com"
}

Decrypt the item encryption and HMAC keys, using master key:

Item Key             cd60 d734 ebdf 17d5 d9e7 4264 efbd d0ff  
                     cc83 3bf3 7080 22e8 12f3 4b86 ac89 59f7  

Item HMAC            25f8 dcc4 3fc1 35ff 7773 905a 52d3 7464  
                     2b22 1a6f 1d90 865a 20a7 ba3c 9f17 4c9c  

Finally, decrypt the item details using the item key:

Header               6f70 6461 7461 3031

PT length            f000 0000 0000 0000

IV                   4cb2 5520 adf4 3c5c e976 cb82 fa07 c54f

CT                   bc72 9b54 0785 481f 481a f980 3cf7 f96b
                     63f4 5be2 fc6e 6685 a722 e2df 066f bdcc
                     fb4e 93b0 38c6 e5ba 3258 a6eb ffd5 126d
                     858b 5929 aca4 0ba3 496f 4218 9ce9 f497
                     db05 bf9d 020c 6e43 bada 168f 95ca c8e9
                     bbea d114 3038 2077 6d34 a808 d20c 03fc
                     040c 87d8 e074 c6c6 41a2 651d c721 99a4
                     447c d888 3c3a da9b 8e98 d65a 6ce5 9cea
                     aeca 084d 1c2a 923f 5070 8d0f 7d96 75f7
                     4934 7903 0299 bfef 2d9d e523 114d 48e0
                     a590 b9f7 ce61 4afa 9572 3166 5833 60ba
                     853f 51dc bd8a dfd6 09d8 c2b9 fbd6 5fea
                     780b 5a4b 9cfe 2ec4 35dc 8022 861c 301c
                     0722 f048 e354 68f4 fcbf b3ec 517f 8b0c
                     9cd6 3c9c e8c3 d29b e8f5 cf89 88a2 692e
                     e838 c417 64fd 4d47 6c2a 6875 5b11 f531
CT length (padded): 256

HMAC digest          b1f5 f805 65e1 914a 85ba 2d05 e930 68e7
                     9a54 1f47 9576 d47b 63c0 57bd 6e84 c030

{
    "fields": [
        {
            "id": "OldPassword;opid=__2",
            "name": "OldPassword",
            "type": "P",
            "value": "notagoodpassword"
        },
        {
            "designation": "password",
            "id": "NewPassword;opid=__3",
            "name": "NewPassword",
            "type": "P",
            "value": "OldSk00lRulzFTW!"
        }
    ]
}

Is that it?

That’s it. I kind of sped over this part, because I was more interested in how local copies of the cloud vaults were encrypted, and because we’re kind of (eventually) moving away from using this older vault format. Also it’s been worked with before – there are several projects on GitHub which read and write these vaults.

Next time, I’ll wrap up the entire series (mostly, I’ll just list all the things I didn’t talk about, which is actually a fair bit).