Unable to decrypt messages sent when offline

[nordemn]

Steps to reproduce

Open session 1 (with tor), backup your key, receive (in e2ee room) message A.
Close tor, then someone send e2ee message B.
Open session 2, verify it with your passphrase or secure key, receive e2ee message C.

Outcome

What did you expect?

To be able to decrypt all messages with session 2.

What happened instead?

I could decrypt only messages A and C, not B which was sent when I was offline.

I checked my sessions list, and session 1 is still a "verified session", not logged out. Then I successfully restored 1/1 key (although this was already done when I had verified my session I guess). Problem is still there.

I think that for unknown reasons, message B hasn't been encrypted for session 1.

Looks like the same issue @tepozoa describes at #19748. This is not the same issue the OP has, and there seems to be no answer.

Operating system

Linux

Browser information

Tor browser

URL for webapp

app.element.io

Application version

No response

Homeserver

matrix.org

Will you send logs?

No

[t3chguy]

This is due to Perfect Forward Secrecy, the keys you are backing up only decrypt history at that point in time, as keys are rotated for security & privacy.

Duplicate of element-hq/element-meta#1893

[nordemn]

Mmmmh, I guess I don't understand what the "active session" is. In my issue, session 1 is still there and there is a button for logging out from it. I haven't logged out, I've just closed the browser. It's unclear what "logging out" actually means.

To my view, as long as I've an active session, no matter wether I'm offline or not, messages should be encrypted for that session.

And I should be able to read all messages by restoring from this session's backup.
If you want to rotate keys then just rotate them once a session is online, or I don't know, there must be a way that doesn't compromise security at all as I'm on a trusted session. Reading your own messages should never be an issue no ?

If I'm correct, this is a basic feature (called dehydration as far as I've understood) that is in the works since several years but still not there.

Always being logged in is also a security issue that is unfortunately not considered because it's from the user POV.

I would like confirmation as all that seems weird to me.

[t3chguy]

@nordemn Sure, and if you were to reopen that session with the cryptographic asymmetric keys which only that session has then you'd be able to decrypt things. The issue is you're throwing those keys away when you close Tor.

session's backup.

As told before, those backups only cover decrypting up to that point in time. This is PFS. https://en.wikipedia.org/wiki/Forward_secrecy
Keys are rotated periodically, those keys will be exchanged with your active sessions, those are the sessions which the sender considers trusted (unless manually blacklisted) at the time of sending their message. You never receive those keys as the only receiving device of those keys is your Tor session which has thrown away the olm keys needed to decrypt the megolm keys you were sent to decrypt the message.

If I'm correct, this is a basic feature (called dehydration as far as I've understood) that is in the works since several years but still not there.

Its available in labs, you can turn it on in your own Element deployment's config.json

Please move to the duplicate issue to prevent forking the conversation.