Secure Backup' vs 'Export E2E room keys' ... and where to get help #16202
Comments
|
So Secure Backup and Export E2E Room Keys both concern the same data, your Megolm Room Session Keys, the symmetric keys which encrypt/decrypt the messages themselves. Megolm Room Session Keys are rotated relatively frequently to maintain Perfect Forward Secrecy. Due to PFS, manual exports (Export E2E room keys) will not be able to decrypt any messages sent after the time of the export (as the session may have already rotated on the next message send) Secure Backup stores the keys in an encrypted blob on the server, protected by your Security Phrase/Key. (The key is derived from the phrase, the phrase is optional). It is able to upload new keys as they are negotiated so it does not have the same issue. Neither of them can fix the issue of not being able to decrypt messages whilst all your devices are logged out, that's a basic constraint of PFS.
The keys are per-room and there are many per-room. Given they are decryption keys for immutable events resetting them means losing access to that part of history.
Of course, there is #element-web:matrix.org |
|
element-hq/element-meta#1886 is the existing issue for clarifying this in the UI |
|
Thanks for the answers guys! |
If I understand correctly:
If that is correct, then what is the purpose of this backup? |
|
@BartG95 No that’s not correct. You will be able to read messages from before point 1. What the quoted sentence is saying is that you will not be able to read messages sent between points 2 and 3. |
|
Just to clarify -- "Secure Backup stores the keys in an encrypted blob on the server, protected by your Security Phrase/Key. " By "the server" you meant the matrix (say a Synapse instance) server where my account belongs to instead of the Element web app server, right? I inferred from this comment but would like to be sure. |
Background (skip if you like)
I'm a huge fan of the concept behind matrix and just this month have had three unrelated conversations about decentralised (open source) messaging being the future. Surely it has to be, who isn't annoyed by the multiplicity of platforms and their walled gardens (to say nothing of privacy etc.)!
To this end I've found element & matrix and am actively promoting them in my small way.
This is a little difficult due to the learning curve especially for non-technical people.
Main Question: Whats the difference between 'Secure Backup' and 'Export E2E room keys'
I'm pretty technical and I can't work out what the difference is between utilising A) 'Secure Backup' and B) the 'Export E2E room keys' functionality (see attached picture).
Do I need both? Personally I'd prefer just to rely on the Export E2E room keys functionality.
Are these E2E room keys per room, per session, or global and immutable? Can they be reset?
It would be most helpful to have even the shortest of guides delineating this in the FAQ. I'll even write it if you can explain it to me first.
Follow up Question: Where should I get help
Is there a preferred forum, or presumably a chat group on element where I can get help?
There's nothing that I can see on the FAQ promoting a mechanism for getting help. So I've turned to github issues - I'm sure this isn't really the place for a question like this one.
The text was updated successfully, but these errors were encountered: