Verify bot certificates?

[Just-Insane]

trafficstars

I haven’t seen it mentioned in any docs or issues opened here, but it doesn’t seem to be possible to verify the bots certificates.

It also seems that when doing double-puppeting, certificates/devices are added to your account that cannot be verified.

I’m new to Matrix and not sure if this is a security issue, but some UIs mark the encrypted room as untrusted/less secure due to these issues?

[tulir]

You can do trust-on-first-use by just manually marking the device on the bridge bot as verified, other than that it can't currently be verified. (in element web: click on "1 session" -> click on session name -> manually verify by text)

It also seems that when doing double-puppeting, certificates/devices are added to your account that cannot be verified.

No, double puppeting does not add any e2ee devices.

[Jaffex]

I'm having this problem as well - already had the signal bridge running and only today enabled encryption. Now every time I send a message from within the signal client, it get's tagged with "Encrypted by an unverified session".

Would it break anything if I'd remove the existing Signal Bridge-Session from within my client and then restart the bridge?

I'd expect the "new unverified session" to pop up then, where I can manually verify, as stated by @tulir

[Dual-0]

I have verified the device via text but still gets unencrypted messages from the bot in the encrypted "management room"

[sumnerevans]

Encrypting messages to the management room is not implemented. It reads them encrypted, but doesn't send encrypted messages back.