Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Key backup dialog doesn't show correct backup state #20005

Closed
kittykat opened this issue Dec 1, 2021 · 5 comments
Closed

Key backup dialog doesn't show correct backup state #20005

kittykat opened this issue Dec 1, 2021 · 5 comments
Labels
A-E2EE A-E2EE-Key-Backup O-Occasional Affects or can be seen by some users regularly or most users rarely S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect Z-Community-Testing

Comments

@kittykat
Copy link
Contributor

kittykat commented Dec 1, 2021

Steps to reproduce

  1. Have key backup set up
  2. Settings, Security & Privacy
  3. Delete Backup
  4. See the Delete button still there after the backup is deleted
  5. Exit dialog, then re-open
  6. See the dialog as if I still have a key backup set up

[faye] I'm seeing the delete button go away, but if I try to "Set Up" again, it wants me to enter my recovery passphrase, which is awkward. I think I may have gotten the backup to stick around one time, but I can't reproduce it consistently

Actually, if I set up a brand new account, set up key backup, and then delete the backup, what I get is

"Secure Backup
Back up your encryption keys with your account data in case you lose access to your sessions. Your keys will be secured with a unique Security Key.This session is not backing up your keys, but you do have an existing backup you can restore from and add to going forward.Connect this session to key backup before signing out to avoid losing any keys that may only be on this session."

and I still have the "delete backup" button

Outcome

What did you expect?

Clearer indication of the backup state

What happened instead?

UI doesn't really correspond to what is happening

Operating system

No response

Browser information

Chromium 96.0.4664.45 (Official Build) Arch Linux (64-bit)

URL for webapp

develop.element.io

Application version

Element version: 2039f1f-react-5e77822bccd3-js-87b920698f4c Olm version: 3.2.3

Homeserver

No response

Will you send logs?

No

@SimonBrandner SimonBrandner added A-E2EE-Key-Backup S-Major Severely degrades major functionality or product features, with no satisfactory workaround O-Occasional Affects or can be seen by some users regularly or most users rarely labels Dec 2, 2021
@schildbach
Copy link

schildbach commented Dec 8, 2021

Might be related:

I see the message "This session is not backing up your keys, but you do have an existing backup you can restore from and add to going forward.", even though I have connected to my backup several times. The message does not disappear.

I'm on Element-Desktop 1.9.6, Flatpak, Ubuntu 20.04.3 LTS.

@AndrewFerr
Copy link
Member

I believe the dialog is correct, just confusing:

  • Deleting a key backup only deletes the latest backup. If you had made several backups (i.e. the "backup version" is >=2 and you've never deleted one before), you have to repeatedly press the Delete button to delete each backup, one by one, until none remain.
  • Deleting all backups doesn't reset your Security Key/Phrase or secret storage. They remain valid for Cross-Signing Key backup (as deleting them would unexpectedly break cross-signing, I suppose), and are valid for the next backup you make. This is why after deleting every backup, the remaining options are "Set Up" and "Reset": the former starts a new backup with the Security Key/Phrase you last used, while "Reset" lets you set a new key/phrase.

However, there is still one bug here: it looks like it's possible to make a key backup that can't be decrypted, as follows:

  • Make a key backup with a particular Security Phrase
  • Click "Encryption" > "Reset" to make a new key backup, and set a different Security Phrase than before
  • Click "Encryption" > "Delete backup" to delete the newest backup
  • See that a key backup remains: it's your previous backup
  • See that the main button is now "Connect this session to Key Backup", and click it
  • Enter the Security Phrase you used for the second backup, which gets accepted
    • NB: using the Security Phrase for the first backup will not work
  • Get an error dialog of: "Incorrect Security Phrase / Backup could not be decrypted with this Security Phrase: please verify that you entered the correct Security Phrase."
  • See that, despite the above, "Encryption" > "Advanced" shows all your keys as backed up

Maybe what this means is that whatever existing encrypted content that was in the backup you just connected to can't be decrypted, but future content put in that backup will work properly.

@AndrewFerr
Copy link
Member

Another issue in the dialogs is that "Connect this session to Key Backup" may prompt you for your Security Key twice, despite the first prompt being successful, the second prompt saying "This looks like a valid Security Key" when you paste it in the text input field, and the inevitable appearance of an error dialog that says "Security Key mismatch / Backup could not be decrypted with this Security Key: please verify that you entered the correct Security Key."

A way to reproduce this is:

  • Set up key backup as usual
  • Log in from a new browser session
  • Dismiss the dialog to "Verify this device" (i.e. click the X in the top-right corner, then click "I'll verify later")
  • Go to "Encryption" > "Connect this session to Key Backup"
  • Enter your Security Phrase/Key
  • Get prompted to enter your Security Key, regardless of whether your backup used a Phrase or a Key, and despite having already submitted it successfully
  • Always get an error of "Security Key mismatch"

Notably, this doesn't happen when entering your Security Phrase/Key right after logging in, at the "Verify this device" step.

Also, at the 2nd Security Key prompt, you can paste in any syntactically-valid key for the dialog to say "This looks like a valid Security Key", not just the one in use for your backup.

@AndrewFerr
Copy link
Member

Actually, that second issue is just #23929

@richvdh
Copy link
Member

richvdh commented Jun 26, 2024

As @AndrewFerr says, I think this is doing the right hting

@richvdh richvdh closed this as completed Jun 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-E2EE A-E2EE-Key-Backup O-Occasional Affects or can be seen by some users regularly or most users rarely S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect Z-Community-Testing
Projects
None yet
Development

No branches or pull requests

5 participants