Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot verify devices on account with working 4S but no published public cross-signing keys #27252

Open
richvdh opened this issue Mar 28, 2024 · 6 comments
Open

Cannot verify devices on account with working 4S but no published public cross-signing keys #27252

richvdh opened this issue Mar 28, 2024 · 6 comments
Labels
A-E2EE A-E2EE-Cross-Signing O-Occasional Affects or can be seen by some users regularly or most users rarely S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect Team: Crypto

Comments

@richvdh
Copy link
Member

richvdh commented Mar 28, 2024
edited

Suppose you have a user account, where SSSS has been set up, and contains the private cross-signing keys, but the public keys have never been published. See #27253.

Now, when you log in on the account:

  1. You are prompted for your 4S passphrase: image
  2. Enter 4S passphrase.
  3. You are prompted a further two times for 4S passphrase.
  4. It still fails, even after all that:
    image
    Console reports: 
        WARN matrix_sdk_crypto::store: No public identity found while importing cross-signing keys, a /keys/query needs to be done
    Error bootstrapping cross-signing Error: the signing key is missing from the object that signed the message
        at module.exports.__wbindgen_error_new (index.js:9867:1)
        at matrix_sdk_crypto_wasm.wasm.wasm_bindgen::JsError::new::ha883f446bf57a3fd (matrix_sdk_crypto_wa…-0881f436:0x17b4bac)
        at matrix_sdk_crypto_wasm.wasm.matrix_sdk_crypto_wasm::future::future_to_promise::{{closure}}::h69162113e82d4886 (matrix_sdk_crypto_wa…-0881f436:0x1607641)
        at matrix_sdk_crypto_wasm.wasm.<T as futures_util::fns::FnOnce1<A>>::call_once::h66e7cefc41dc8442 (matrix_sdk_crypto_wa…-0881f436:0x18ad0b4)
        at matrix_sdk_crypto_wasm.wasm.<futures_util::fns::MapErrFn<F> as futures_util::fns::FnOnce1<core::result::Result<T,E>>>::call_once::{{closure}}::h94a11c4d36abd7a7 (matrix_sdk_crypto_wa…-0881f436:0x1906219)
        at matrix_sdk_crypto_wasm.wasm.core::result::Result<T,E>::map_err::h61ac269bc4134dbe (matrix_sdk_crypto_wa…-0881f436:0x13dd6bb)
        at matrix_sdk_crypto_wasm.wasm.<futures_util::fns::MapErrFn<F> as futures_util::fns::FnOnce1<core::result::Result<T,E>>>::call_once::h14b9005db0a46cbf (matrix_sdk_crypto_wa…-0881f436:0x1967c2a)
        at matrix_sdk_crypto_wasm.wasm.<futures_util::future::future::map::Map<Fut,F> as core::future::future::Future>::poll::hd56fd2c68aa16e05 (matrix_sdk_crypto_wa…m-0881f436:0xf54621)
        at matrix_sdk_crypto_wasm.wasm.<futures_util::future::future::Map<Fut,F> as core::future::future::Future>::poll::h38cc453636d8daec (matrix_sdk_crypto_wa…-0881f436:0x18ae3fb)
        at matrix_sdk_crypto_wasm.wasm.<futures_util::future::try_future::MapErr<Fut,F> as core::future::future::Future>::poll::h05eb7142cd1307b3 (matrix_sdk_crypto_wa…-0881f436:0x18ad953)
        at /home/rav/work/matrix-rust-sdk/crates/matrix-sdk-crypto/src/store/mod.rs:1212

        (anonymous) @ CreateCrossSigningDialog.tsx:163
  5. Press "Cancel". EW now launches.
  6. Under "Security & Privacy": image
  7. Click "Verify this session"
  8. You are prompted (yet again) for 4S passphrase.
  9. Entering correct password returns you to "Verify this session" dialog. Console reports: 
        Error: the signing key is missing from the object that signed the message
        at module.exports.__wbindgen_error_new (index.js:9867:1)
        at matrix_sdk_crypto_wasm.wasm.wasm_bindgen::JsError::new::ha883f446bf57a3fd (matrix_sdk_crypto_wasm.wasm-0881f436:0x17b4bac)
        at matrix_sdk_crypto_wasm.wasm.matrix_sdk_crypto_wasm::future::future_to_promise::{{closure}}::h69162113e82d4886 (matrix_sdk_crypto_wasm.wasm-0881f436:0x1607641)
        at matrix_sdk_crypto_wasm.wasm.<T as futures_util::fns::FnOnce1<A>>::call_once::h66e7cefc41dc8442 (matrix_sdk_crypto_wasm.wasm-0881f436:0x18ad0b4)
        at matrix_sdk_crypto_wasm.wasm.<futures_util::fns::MapErrFn<F> as futures_util::fns::FnOnce1<core::result::Result<T,E>>>::call_once::{{closure}}::h94a11c4d36abd7a7 (matrix_sdk_crypto_wasm.wasm-0881f436:0x1906219)
        at matrix_sdk_crypto_wasm.wasm.core::result::Result<T,E>::map_err::h61ac269bc4134dbe (matrix_sdk_crypto_wasm.wasm-0881f436:0x13dd6bb)
        at matrix_sdk_crypto_wasm.wasm.<futures_util::fns::MapErrFn<F> as futures_util::fns::FnOnce1<core::result::Result<T,E>>>::call_once::h14b9005db0a46cbf (matrix_sdk_crypto_wasm.wasm-0881f436:0x1967c2a)
        at matrix_sdk_crypto_wasm.wasm.<futures_util::future::future::map::Map<Fut,F> as core::future::future::Future>::poll::hd56fd2c68aa16e05 (matrix_sdk_crypto_wasm.wasm-0881f436:0xf54621)
        at matrix_sdk_crypto_wasm.wasm.<futures_util::future::future::Map<Fut,F> as core::future::future::Future>::poll::h38cc453636d8daec (matrix_sdk_crypto_wasm.wasm-0881f436:0x18ae3fb)
        at matrix_sdk_crypto_wasm.wasm.<futures_util::future::try_future::MapErr<Fut,F> as core::future::future::Future>::poll::h05eb7142cd1307b3 (matrix_sdk_crypto_wasm.wasm-0881f436:0x18ad953)
@richvdh
Copy link
Member Author

richvdh commented Mar 28, 2024

For now, I think the best workaround is to "Reset" cross-signing from the "Security & Privacy" page.

@MidhunSureshR MidhunSureshR added T-Defect S-Major Severely degrades major functionality or product features, with no satisfactory workaround O-Occasional Affects or can be seen by some users regularly or most users rarely labels Apr 1, 2024
@venimus
Copy link

venimus commented Apr 11, 2024
edited

I have the same issue. Not reproducible in 1.11.53 (can't pinpoint the breaking version, but looks like ~1.11.6x). Same is with app.element.io. I have SSO only enabled if that matters

@davidmehren
Copy link

Two of my colleagues experienced this bug recently. The "connect to Key Backup" button resulted in an error message and the signing key is missing from the object that signed the message appeared in the console.

Of note is that the "Reset" button under key backup in settings did not help. It creates a new recovery key, but cross-signing is still not set up after that. When you then try to set up cross signing, it wants a recovery key, but not the recovery key that was just created by resetting key backup. Very confusing.

What finally helped was the "reset all" in the recovery key prompt dialog box. That created another new recovery key, but both key backup and cross-signing were working after that.

@venimus
Copy link

venimus commented Apr 16, 2024

Two of my colleagues experienced this bug recently. The "connect to Key Backup" button resulted in an error message and the signing key is missing from the object that signed the message appeared in the console.

Of note is that the "Reset" button under key backup in settings did not help. It creates a new recovery key, but cross-signing is still not set up after that. When you then try to set up cross signing, it wants a recovery key, but not the recovery key that was just created by resetting key backup. Very confusing.

What finally helped was the "reset all" in the recovery key prompt dialog box. That created another new recovery key, but both key backup and cross-signing were working after that.

same behavior, had to downgrade the client to 1.11.55

@richvdh richvdh mentioned this issue Apr 26, 2024
Open
@richvdh
Copy link
Member Author

richvdh commented May 13, 2024

I think this is more "Element R roundoff" than "UTD fixes"; updating the workstream accordingly

@richvdh richvdh mentioned this issue May 22, 2024
Open
@kegsay
Copy link
Contributor

kegsay commented May 28, 2024

#26322 feels like a common way for real people to hit this, which would explain why we see this more in the wild and not at all in tests.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-E2EE A-E2EE-Cross-Signing O-Occasional Affects or can be seen by some users regularly or most users rarely S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect Team: Crypto
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@venimus @richvdh @davidmehren @MidhunSureshR @kegsay