Encryption: Can't find the room key to decrypt the event

[JeWe37]

With the config.yml:

queue:
  monolithic: true
  port: 6379
  host: redis

experimentalEncryption:
  storagePath: /data/encryption

experimental_features:
  msc3202_device_masquerading: true
  msc3202_transaction_extensions: true
  msc2409_to_device_messages_enabled: true

and registration.yml

# If enabling encryption
de.sorunome.msc2409.push_ephemeral: true
push_ephemeral: true
org.matrix.msc3202: true

the bot ignores any messages sent in encrypted rooms, while working find in unencrypted ones. In the logs I see:

WARN 18:10:28:800 [Appservice] Bot client was not able to decrypt !BsRKscRoGoJLKdMVhT:malined.com $lcFLV6RZW1-20VNhEG68WfnWuQ7TDH4fjpPUU4pep4U - trying other intents
ERROR 18:10:28:831 [Appservice] Decryption error on !BsRKscRoGoJLKdMVhT:malined.com $lcFLV6RZW1-20VNhEG68WfnWuQ7TDH4fjpPUU4pep4U [Error: Can't find the room key to decrypt the event] {
  code: 'GenericFailure'
}
WARN 18:10:28:831 [Bridge] Failed to decrypt event $lcFLV6RZW1-20VNhEG68WfnWuQ7TDH4fjpPUU4pep4U from !BsRKscRoGoJLKdMVhT:malined.com: Can't find the room key to decrypt the event
INFO 18:10:28:833 [Appservice] 192.168.10.6 - - [03/Aug/2023:18:10:28 +0000] "PUT /_matrix/app/v1/transactions/1867385?access_token=%3Credacted%3E HTTP/1.1" 200 2 "-" "Synapse/1.88.0"

This appears to be a bug. A similar behavior was reported by someone else in the matrix room as well, for them it started randomly working after resetting everything. Seeing as encryption is apparently experimental, it seems to me that this is a bug of some kind.

[Half-Shot]

It could be, I'm afraid I'm not quite sure how we trace missing room keys yet. I'll ask internally.

[tswfi]

I saw this too today.

New e2e room Invite the hookshot user (it did not have encryption configured at that point) => didnt even try to handle the encrypted messages Enabled encryption settings and the experimental stuff for synapse => got the missing keys errors Removed the bot from the channel and invited back => started working

So maybe it gets the keys on room join but as the encryption settings were not active on the first join those were not handled?

[JeWe37]

That didn't work, I tried making entirely new encrypted rooms with encryption enabled. And even reset the bot entirely and started fresh with encryption on, but none of that helped in my case.

[tswfi]

Do you have the experimental features enabled on the synapse server also? (And restarted synapse)

[azerbe]

I was using the matrix-ansible playbook and when you activate the experimental encryption feature, the synapse homeserver.yaml doesn't receive the required flags.

In this case it helps to extend the config manually and restart all services.

matrix_synapse_configuration_extension_yaml: |
  experimental_features:
    msc3202_device_masquerading: true
    msc3202_transaction_extensions: true
    msc2409_to_device_messages_enabled: true

[JeWe37]

I was using the matrix-ansible playbook and when you activate the experimental encryption feature, the synapse homeserver.yaml doesn't receive the required flags.

In this case it helps to extend the config manually and restart all services.

matrix_synapse_configuration_extension_yaml: |
  experimental_features:
    msc3202_device_masquerading: true
    msc3202_transaction_extensions: true
    msc2409_to_device_messages_enabled: true

That ended up fixing it. I am admittedly not entirely sure how I missed this in the docs. Working perfectly now, thanks!

[Half-Shot]

Might be worth informing the matrix-ansible maintainers, I'll send em a ping.