giomfo
commented
1 year ago We should be able to set the cross-signing keys (which is the part that requires entering your password) before you set the SSSS key and backup. So, it would go something like: 1) prompt for new passphrase, 2) create and set new cross-signing keys (which will prompt for account password), 3) set up new SSSS using passphrase from 1), 4) save private cross-signing keys to SSSS, 5) create new key backup, 6) save key backup key to SSSS
We will work on this proposed solution
weeman1337
Steps to reproduce the issue
{ "io.element.e2ee": { "secure_backup_required": true, "secure_backup_setup_methods": ["passphrase"] } }Expected behaviour:
Actual behaviour:
It is possible to skip the last step of the passphrase reset. which is the confirmation via the login password.
It can be skipped via backgroundclick or clicking the x or just refreshing the page.
The problem with that behaviour is that in the step before (confirming the passphrase by typing it for the second time) there is already a new key backup created.
If you now skip the password input it leads to weird behaviour both in the active web client as well as the other sessions that are currently active.
When logging in again you will be prompted twice for the passphrase ( the old one and the new one ).
This can be only fixed by resetting the passphrase again and finish the process fully with the login password.
On Android I don’t see this behaviour and suspect that the process is done only after typing in the password.
The whole process should be either done after the password input or the password input should be left out of the process.
Operating system
No response
Browser information
No response
URL for webapp
No response
Application version
No response
Homeserver
No response
Will you send logs?
No