Skip to content

support argon2id & nested decryption #27

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
commonism wants to merge 6 commits into
base: main
Choose a base branch
from
Open

support argon2id & nested decryption #27

commonism wants to merge 6 commits into from

Conversation

@commonism
Copy link

@commonism commonism commented Jul 4, 2025

Hi,

I've looked into this library as a replacement.
This PR is meant to allow discussing some design aspects of the library.

In the first place I need to be able to lookup credentials, therefore I worked on decryption.

Decryption is dealt with during validation, using a pydantic WrapValidator.
Item specific keys, as with CipherDetails or Attachments, can be pushed to the stack when working the item, popped afterwards to continue with the org key. Attachment misses this glue atm.

Encryption would be a WrapSerializer.

Argon2id got some initial thoughts already as well.

I've used allow=forbid for development purposes.

I'd be glad if you could look into this and let me know what think about it.
I could even split this into different PRs (crypto-serdes, argon2id) if required.

commonism
commonism commented Jul 4, 2025
View reviewed changes
src/vaultwarden/models/sync.py Outdated
ResetMasterPassword: bool | None = None
master_key: bytes | None = None

master_key: bytes | None = None #pydantic.PrivateAttr(default=None)
Copy link
Author

@commonism commonism Jul 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I propose using PrivateAttr here

@Lowaiz Lowaiz self-requested a review July 4, 2025 14:26
@commonism
Copy link
Author

commonism commented Sep 12, 2025

@Lujeni can we talk about this?

@commonism
Copy link
Author

commonism commented Nov 18, 2025

argon2id works now as well.

@commonism
Copy link
Author

commonism commented Nov 19, 2025

@Lowaiz @Lujeni - how to proceed with this?

@commonism commonism changed the title WIP: decrypt - using pydantic WrapValidator support argon2id & nested decryption Dec 29, 2025
@Lujeni
Copy link
Member

Lujeni commented Jan 12, 2026
edited
Loading

@commonism Sorry for the delay!

Great idea! The Argon2id support and the decryption refactor with pydantic's WrapValidator look really good. I'll review this and come back later so we can deep dive together to finalize and properly integrate this.

update: can you update + rebase your branch pls and fix linter part

@Lujeni Lujeni self-assigned this Jan 12, 2026
@Lujeni Lujeni added the enhancement New feature or request label Jan 12, 2026
@commonism
decrypt - using pydantic WrapValidator
b3f6cbb 
CipherDetails may have a dedicated key to use for decryption, use if set
@commonism
argon2id - implement using argon2-cffi
a56a409
@commonism
linting
e2d2b23
@commonism
Copy link
Author

commonism commented Jan 13, 2026

Done

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Lowaiz Lowaiz Awaiting requested review from Lowaiz

Assignees

@Lujeni Lujeni

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@commonism @Lujeni