Open MarcWadai opened 2 months ago
Hi @richvdh @BillCarsonFr @giomfo. Could you take time to check this issue on Element Web ?
@MarcWadai:
Go to security settings and reset the secure storage on this session
Can you confirm which option you are pressing under "security settings"? A screenshot would help, if possible.
Thanks! So yes, that button is to reset secure backup, rather than resetting 4S, though it does reset 4S as a side-effect. I don't think it would make sense for a "Reset" button within the "Secure backup" settings to retain the existing key backup.
I agree the UX is very confusing here; improving it is part of https://github.com/element-hq/element-web/issues/26468.
The fact that existing keys are lost when key backup is reset is tracked as https://github.com/element-hq/element-meta/issues/2446.
I don't think it would make sense for a "Reset" button within the "Secure backup" settings to retain the existing key backup.
@richvdh the behaviour of this reset button should be aligned on Element clients. If a user loses his recovery key or passphrase this button is the unique way to generate a new one. This case will be more frequent when users want to migrate to Element X because they have to use the recovery key or passphrase to decrypt their messages.
The same button on Element Android doesn't destroy the existing backup and retain the existing key backup.
I have to say that if "Reset Secure Backup" does not actually reset the secure backup, that seems like a bug in Element-Android...
There's certainly an argument that there should be a "Reset Key Storage" "Change recovery key" option in both applications. Generally I think the Element Web settings page needs some serious design work.
Steps to reproduce
-> This reset button behavior is different from Android !
Outcome
What did you expect?
Keeping the current key backup if the session already knows the private key of the key backup . This behavior is the one found on element-android. If 4S is well setup,the key backup is not recreated and the version number not updated. See https://github.com/element-hq/element-android/issues/8814#issuecomment-2196991876
In
matrix-js-sdk
, we can see written in the code https://github.com/matrix-org/matrix-js-sdk/blob/6f63ff1711664154359bb1b998a80f4274569468/src/rust-crypto/rust-crypto.ts#L1192 that no check on 4S is done. From the front we always pass the valuesetupNewKeyBackup = true
to the methodbootstrapSecretStorage
https://github.com/matrix-org/matrix-js-sdk/blob/6f63ff1711664154359bb1b998a80f4274569468/src/rust-crypto/rust-crypto.ts#L748This check is important because there are cases where the users can lose their messages. Indeed, since we don't download a full copy of the keys https://github.com/element-hq/element-meta/issues/2446 anymore, we can have a state where the re-creation of the secret backups doesn't contain all the keys.
What happened instead?
The key backup is completely reset and recreated, even though there are probably keys from the previous backup have not been fully downloaded.
Operating system
linux
Browser information
firefox 128
URL for webapp
app.element.io
Application version
1.11.71
Homeserver
matrix.org
Will you send logs?
No