Can't restore key backup when key is not encrypted with default 4S key

[bwindels]

When restoring with a security phrase, the operation fails with the error message:

Could not enable key backup: Could not read key backup with the given key.

The key is a random long string, and when trying to enter it as a security key, the operation fails as expected with the message "not a base 58 character" or similar.

The account has two 4S keys, one of which is default.

[Mikaela]

Possibly related https://github.com/vector-im/hydrogen-web/issues/762#issuecomment-1166233069

[bwindels]

What is likely happening:

• User bootstraped cross-signing for the first time, using a passphrase
• User bootstraped cross-signing again with the same passphrase, creating a new 4S key and changing the default key. For some reason the backup key is not migrated to the new key
• When logging in in Element, they are asked for the passphrase twice, after which they can correctly restore from backup. Element prompts for the passphrase a second time, likely because of the backup key being encrypted with the old 4S key, for which it doesn't have the passphrase yet.
• When logging in with Hydrogen, it only supports using the default 4S to decrypt the backup key, so it fails.

We should likely adopt a similar behaviour to Element where we can prompt for multiple 4S keys?

[bwindels]

How come element does not have this problem them? Is it because when you enter your key that they try to decrypt values with that passphrase/key of all the keys that are found in the account data rather than just the default one?