element-web
element-web copied to clipboard
element-hq
Unable to decrypt message, keys aren't getting transferred from other devices
Steps to reproduce
- Sign into your account on a new device
- Verify the session from an already signed in device
- Try to view encrypted messages on the new device
- According to https://joinmatrix.org/guide/fix-decryption-error/, if you view the same messages on a device that has the keys, they will be transferred to the new device in a "few moments"
Outcome
What did you expect?
The messages will be decrypted in less than a minute
What happened instead?
Still shows unable to decrypt message after multiple minutes
Operating system
Fedora Linux
Browser information
Firefox 127.0
URL for webapp
app.element.io
Application version
Element version 1.11.69, Crypto version Rust SDK 0.7.0 (068a0af), Vodozemac 0.6.0
Homeserver
matrix.org
Will you send logs?
Yes
This is due to the other client (not the new one) not having the m.megolm_backup.v1 secret, but it has the other 3 (SSK, USK, MSK).
Confusingly, functions which get access to the backup key are producing different results:
I recently signed in with a new web browser. My existing mobile element session is not sending keys. In contrast to the message in https://github.com/tchapgouv/tchap-web-v4/issues/904 (referenced above), I instead have the following info (in "view source") for all the undecryptable messages:
{
"type": "m.room.message",
"content": {
"msgtype": "m.bad.encrypted",
"body": "** Unable to decrypt: DecryptionError: This message was sent before this device logged in, and key backup is not working. **"
}
}
I don't really know what's going on with this issue. It describes a particular user's failure mode, but no attempt appears to be being made to investigate it. There's not much point keeping issues like this open forever, waiting to confuse other users who come across superficially-similar symptoms but completely different causes.
@richvdh I can reproduce the issue:
- Create an account on app.element.io
- Export a file named
<username>-element-security-key.txt - Log out of session, clear all cookies
- Log in again
- When prompted, enter contents of
<username>-element-security-key.txt - Look at message history, see only messages shown as
Unable to decrypt message View sourceon the messages shows this:{ "type": "m.room.message", "content": { "msgtype": "m.bad.encrypted", "body": "** Unable to decrypt: DecryptionError: This message was sent before this device logged in, and key backup is not working. **" } }- Have no indication of what exactly is wrong or how to fix it
I don't have this on another account where I always have at least one device signed in and always use it to verify new devices. In the Security & Privacy settings, I see this:
Backup key stored: in secret storage
Backup key cached: cached locally, well formed
Secret storage public key: in account data
Secret storage: ready
Latest backup version on server: 1 (Algorithm: m.megolm_backup.v1.curve25519-aes-sha2)
Active backup version: None
This backup can be restored on this session
It says "This session is not backing up your keys, but you do have an existing backup you can restore from and add to going forward.". When I click Connect this session to Key Backup, it says Successfully restored 10 keys, but nothing changes. I was able to "fix" the issue by resetting the backup key and losing all history before, which is not ideal.
Are there any diagnosing/debugging steps I can take to help fix the issue?
@knkski please open a new issue describing your symptoms, and send debug logs from within the app
I had to follow the directions here https://github.com/element-hq/element-web/issues/26530#issuecomment-2019786392 to reset the "Secure Backup" functionality. I also went down to the "Cryptography" section of the "Security & Privacy" settings page and did "Export room E2E keys" and ended up with a key file and password for it.
Logging out and back in then showed all previous messages as unable to be decrypted. In "Security & Privacy" I saw "✅ This session is backing up your keys.". After I went back to the "Cryptography" sectionand did "Import E2E room keys", I was able to see old messages.
This is a very confusing process, full of footguns. I say this with love and wanting Element to succeed, and also as someone technically inclined. I doubt that my non-technical friends & family would be able to figure this process out.
I had similar issue: ** Unable to decrypt:...*** msg. When I use restore key i did not see messages. In my case I was using private mode in browser, when I switched it off it worked.
