Backup Has A Signature From Unknown Device After Removing Devices

[aeridus]

Description

Due to the recent server intrusion, I had two "old" devices on my account that I removed since they're no longer linked to valid devices. However, because I had restored from server backup, I'm stuck with this message indefinitely: "Backup has a signature from unknown device". I also see warning symbols on all my old encrypted messages from before the server intrusion (though they are readable). They all say "encrypted by an unverified device". I'm hesitantly okay with the latter, since technically once a device is no longer on the account it can't be verified, but the key backup issue seems like it would leave that message there indefinitely. If the signatures from unknown devices are made removable from backup somehow, would that make all old encrypted messages unreadable? Or would that only affect the ability of prior (now non-existent) devices to read encrypted messages?

Steps to reproduce

• Send encrypted messages using one device
• Use key backup
• Restore from backup on another device
• Remove device number 1 from account
• Messages sent from device number 1 will be marked as "unknown device"
• Key backup will say "Backup has a signature from unknown device"

Log: N/A

Version information

• Platform: All Platforms

For the desktop app:

• OS: Windows 7 64-bit
• Version: 1.0.8

[lampholder]

Thanks for filing this - this experience will be addressed with the inbound cross-signing work.

[lampholder]

To add a bit more information:

If the signatures from unknown devices are made removable from backup somehow, would that make all old encrypted messages unreadable? Or would that only affect the ability of prior (now non-existent) devices to read encrypted messages?

The signatures are there so your device can know that the backup was written by a trusted device, which most importantly allows your device to know that it can write to that backup safely, too. So if the signatures were removable/removed, that would only stop devices which trusted the devices that wrote those signatures from knowing they could trust the backup automatically - it wouldn't affect decryption.

[aeridus]

Thanks for the clarification!

On Fri, Apr 26, 2019, 5:12 AM Tom Lant notifications@github.com wrote:

To add a bit more information:

If the signatures from unknown devices are made removable from backup somehow, would that make all old encrypted messages unreadable? Or would that only affect the ability of prior (now non-existent) devices to read encrypted messages?

The signatures are there so your device can know that the backup was written by a trusted device, which most importantly allows your device to know that it can write to that backup safely, too. So if the signatures were removable/removed, that would only stop devices which trusted the devices that wrote those signatures from knowing they could trust the backup automatically - it wouldn't affect decryption.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/vector-im/riot-web/issues/9529#issuecomment-486987054, or mute the thread https://github.com/notifications/unsubscribe-auth/AACXIPRXDHXXUUDCX6VE46DPSLBPRANCNFSM4HHDVSQA .