Acount restricted encrypted json does not import passkeys

bitwarden / clients

Bitwarden client apps (web, browser extension, desktop, and cli).

https://bitwarden.com

Other

9.36k stars 1.26k forks source link

Acount restricted encrypted json does not import passkeys #11935

Open kpiris opened 2 weeks ago

kpiris commented 2 weeks ago

Steps To Reproduce

Do an account restricted encrypted json export
Import it on an empty vault

Expected Result

Passkeys from items that had them are restored.

Actual Result

Passkeys from items that had them are lost.

Screenshots or Videos

No response

Additional Context

It can be reproduced from the web vault and also from bitwarden cli.

The encrypted json file seems to have passkeys exported. But I can't tell if that export is correct, because it's encrypted.

With an unencrypted json export passkeys are correctly imported.

Operating System

Linux

Operating System Version

No response

Web Browser

Chrome

Browser Version

No response

Build Version

2024.10.5 (web) and 2024.10.0 (cli)

Issue Tracking Info

[X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

bitwarden-bot commented 2 weeks ago

Thank you for reporting this issue! We've added this to our internal tracking system. ID: PM-14682

sammbw commented 2 weeks ago

Hi there,

I am unable to reproduce this issue with a fresh account created today, and a test passkey from passkeys.io - it has been escalated for further investigation however. If you have more information that can help us such as the type of passkey or website/service the passkey was created with, please add it below.

Thanks!

kpiris commented 2 weeks ago

Hi,

I don't know what else to tell you. With an old test account of mine:

I purged my vaults (individual and even the family organization one).
Created an item with a passkey on passkeys.io. This is now the only item in my individual vault.
Exported an account restricted encrypted json; which, obviously, has only one item.
Purged my vault again.
Restored the export taken on step 3.
Item is restored, but passkey is missing from it.

There is not much more to test. I can provide the different exports, if necessary (as I said, it's a test account).

kpiris commented 2 weeks ago

I can provide the different exports, if necessary (as I said, it's a test account).

I've uploaded them here:

https://send.bitwarden.com/#DgsT6Fa41EuDgbIlAHll0g/KxC5CAfiI9bHDEq6_NWMNg

Please ask me privately for the password if you need them. They are from a test account, but I'd rather not post them publicly, as they contain a valid email address of mine.

Thanks.

kpiris commented 2 weeks ago

Just now I did reproduce it again with a brand new account. Steps to reproduce:

Create a brand new account (I did it on vault.bitwarden.eu).
Create an item with a passkey on passkeys.io (from the browser extension on chromium).
Export an account restricted encrypted json (from the web vault).
Purge the vault.
Restore the export taken on step 3 (also from the web vault).
Check that the item is restored, but the passkey is missing from it.
Delete this new account.

Doesn't differ very much from what I had already explained.