Desynchronized 4S | Megolm backup causing Unusable backup

[BillCarsonFr]

Step to reproduce

1. Web | Create a new account on web
2. Web | Create a private room and send some E2EE messages
3. Web | Set up secure backup from Web
4. Android | Log this account on element android
5. Android | Verify the login using passphrase
6. Android | Go to Settings > Security & Privacy > Encypted Message Recovery
7. Android | Tap on Delete Backup

8. **Android** | Create a new Backup with another passphrase 9. **Android** | Logout the android session

10. Android | Login again on android
11. Android | Verify the login using passphrase

Actual

Both your session can see a megolm backup but can't use it

=> Tap Connect this session to Key Backup: Entering the passphrase created in step 8 won't work (the one created on 3 neither)

Expected

You should be able to use backup.

Root causes:

• EA lets you delete/create backups without updating the 4S KeyBackup / SSSS | Handle backup creation/deletion with 4S #1260
• EA is not signing the Megolm Backup with the MSK
• Maybe we could do something when we detect that the key in 4S is incorrect? Like try the key to the backup directly and see if it works, then try to update the 4S?

[MadLittleMods]

Thanks for creating this issue @BillCarsonFr! This sounds so spot on to what I did and happy to see it's reproducible for you as well from a fresh state ❤ Impressed with your crypto knowledge and app interactions around it!

For reference, this is spawning out of (internal room) https://matrix.to/#/!HRPxYTDNTrjHtQknUy:matrix.org/$4PoOsVWDLWM_4Kd5OsWc52CASMgePmeDGRhgTtE9O2g?via=matrix.org&via=element.io&via=vector.modular.im which discusses my confusion around how to get my secure backup correct. It turned out to be corrupted in the way described in the issue 😫 and pretty much impossible to suss out what went wrong or how to fix it as not a crypto expert.

We also recorded the session to discuss this which is available at https://www.youtube.com/watch?v=KSsOQZKfRPw but unfortunately the screen recording wasn't set to capture audio. The video is set to private as it has some sensitive information in it but if you want access, feel free to DM me on Matrix (Element employees only).

Workaround and how to fix

If you get into this situation, in one of your known-good sessions, you can fix it by using the Settings -> Security & Privacy -> Encryption -> Secure backup -> Reset option in Element Web. This will create a new secure backup and set it as the new canonical source.

You can verify things went well and synced across devices by checking your Backup version under Secure Backup -> Advanced matches across them.

Reference

The Demystifying Matrix Cryptography talk by @BillCarsonFr also has some very good background information on how this all works and what the jargon all means.