4S | Improve error feedback when users enters an incorrect Recovery Key by using the 4S key encryption key checks #27458
Labels
A-E2EE
A-E2EE-Key-Backup
A-Element-R
Issues affecting the port of Element's crypto layer to Rust
S-Minor
Impairs non-critical functionality or suitable workarounds exist
T-Enhancement
Comments
dosubot
bot
added
A-E2EE
S-Minor
richvdh
added
the
A-Element-R
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As per spec: When adding a new key to the secret storage the client must encrypt a "zero"/dummy secret to allow for key checks.
Currently web is not using that information. That means that when we need to access the 4S we directly try to decrypt the secret without first checking if the key is correct.
For example if you try to import megolm keys from backup on a session that has not the key in cache, it will ask for the 4S recovery key, and if you enter a wrong key the current error is quite generic:
(this is an error due to fail to decrypt the master key secret)
Doing so could allow us to return a better error to the user.
Ref: https://github.com/element-hq/crypto-internal/issues/180
Ref: #26721
The text was updated successfully, but these errors were encountered: