Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Decryption keys should be resent also from the sender client if needed and appropriate #1084

Closed
ell1e opened this issue Mar 4, 2023 · 2 comments
Closed

Decryption keys should be resent also from the sender client if needed and appropriate #1084

ell1e opened this issue Mar 4, 2023 · 2 comments
Labels
T-Defect

Comments

@ell1e
Copy link

ell1e commented Mar 4, 2023
edited
Loading

Steps to reproduce

  1. Get a message to a device that is currently offline and then have that device somehow break itself before getting the message, as element sometimes likes to do (endless spinner hang for example that forces data wipe)
  2. Log in to a new device via element web that wasn't logged in before, make sure to properly use your recovery key to get it marked as trusted
  3. The backup hydrated device apparently will be ignored even if it was/is enabled by some other element desktop web device
  4. You'll get an unfixable This device is requesting decryption keys from your other devices. and Unable to decrypt message since the other device broke itself and the backup hydrated one doesn't seem to be understood or queried by element web (but let's pretend that one just wasn't enabled either), even if the person sending you the message is currently online and the sender's client trusts your new client to the same level via a user-wide fingerprint

Outcome

What did you expect?

If none of my devices is available, the sender client should resend the decryption keys instead (or the entire message in whatever newly decrypted way) only if the trust level is the same

What happened instead?

I just get This device is requesting decryption keys from your other devices. and Unable to decrypt message. Note how it doesn't say "from your other device or the sender." which is what I think it should.

Operating system

Linux

Browser information

Firefox 111.0b8

URL for webapp

https://app.element.io

Application version

No response

Homeserver

Element version: 1.11.24 Olm version: 3.2.12

Will you send logs?

No
@ell1e ell1e added the T-Defect label Mar 4, 2023
@ell1e ell1e changed the title Decryption keys should be resend also from the sender client Decryption keys should be resent also from the sender client if needed and appropriate Mar 4, 2023
@t3chguy
Copy link
Member

t3chguy commented Mar 6, 2023

If none of my devices is available, the sender client should resend the decryption keys instead (or the entire message in whatever newly decrypted way) only if the trust level is the same

Currently Element clients only resend the keys if the device asking for it was sent them in the first place (but they got lost) - never if that device didn't exist at the time that megolm session was generated

@t3chguy t3chguy transferred this issue from element-hq/element-web Mar 6, 2023
@richvdh
Copy link
Member

richvdh commented Nov 7, 2023

We used to request keys from the sender but it was disabled because the results were untrustworthy so we would not trust them (matrix-org/matrix-js-sdk#2982). Such a mechanism would be too easy to abuse.

@richvdh richvdh closed this as completed Nov 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
T-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@richvdh @t3chguy @ell1e