New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add HS admin-configured option to require secure backup #14954

Closed

jryans opened this issue Aug 13, 2020 · 5 comments · Fixed by matrix-org/matrix-react-sdk#5130

Assignees

Labels

A-E2EE-Key-Backup Sponsored

Collaborator

jryans commented Aug 13, 2020 •

edited

Some HS admins may want to require all users to set up secure backup (message key backup) before proceeding to use the app, as a way of reducing support burdens.

To enable this, Element will check for the following in /.well-known/matrix/client:

  "io.element.e2ee": {
    "secure_backup_required": true, 
  }

If this is set, then:

flows to setup secure backup at registration become mandatory and cannot be skipped
buttons in Settings to remove backups are hidden

Additionally as part of this work, the previous similar config key im.vector.riot.e2ee used for disabling encryption is deprecated. Element Web will check both io.element.e2ee and im.vector.riot.e2ee blocks, preferring io.element.e2ee if both exist.

The text was updated successfully, but these errors were encountered:

jryans added the A-E2EE-Key-Backup label

jryans self-assigned this

jryans added this to In Progress in Web App Team via automation

jryans added the Sponsored label

This comment has been minimized.

Sign in to view

This comment has been minimized.

Sign in to view

jryans mentioned this issue

Handle auth errors during cross-signing key upload matrix-org/matrix-js-sdk#1443

Merged

jryans added a commit to matrix-org/matrix-react-sdk that referenced this issue


          Check for .well-known E2EE settings under new key

0d1e555

This adds an extra check for `.well-known` E2EE settings under the key
`im.vector.e2ee`. The older key `im.vector.riot.e2ee` is kept for historical
compatibility.

Part of element-hq/element-web#14954

jryans added a commit to matrix-org/matrix-react-sdk that referenced this issue


          Enforce Secure Backup completion when requested by HS

de4cfe8

This removes all button to escape the Secure Backup setup flow when the matching
`.well-known` setting is set by homeserver.

Part of element-hq/element-web#14954

jryans added a commit to matrix-org/matrix-react-sdk that referenced this issue


          Hide Delete Backup button when Secure Backup required

ba19703

If Secure Backup is required by the HS admin, then this hides the Delete Backup
button in Settings to ensure everyone keeps their backup per policy.

Part of element-hq/element-web#14954

jryans added a commit to matrix-org/matrix-react-sdk that referenced this issue


          Invoke Secure Backup flow inside the app when requested by HS

e997561

If the Secure Backup required mode is set the client `.well-known` file, then
this will ensure that everyone already inside the app is required to complete
setup matching that policy.

Fixes element-hq/element-web#14954

jryans added a commit that referenced this issue


          Document new .well-known for E2EE settings

f4e92f4

This updates documentation about the new key in `.well-known` that we'll check
for E2EE settings: `im.vector.e2ee`.

Part of #14954

jryans added a commit that referenced this issue


          Document new setting to require secure backup

88eb4fd

This adds notes on configuring the new `.well-known` setting to require Element
users to set up secure backup before continuing into the app.

Part of #14954

jryans mentioned this issue

Add method to check whether client .well-known has been fetched matrix-org/matrix-js-sdk#1444

Merged

jryans added a commit to matrix-org/matrix-react-sdk that referenced this issue


          Enforce Secure Backup completion when requested by HS

6337c5f

This removes all buttons to escape the Secure Backup setup flow when the
matching `.well-known` setting is set by homeserver.

Part of element-hq/element-web#14954

jryans added a commit to matrix-org/matrix-react-sdk that referenced this issue


          Hide Delete Backup button when Secure Backup required

c115edb

If Secure Backup is required by the HS admin, then this hides the Delete Backup
button in Settings to ensure everyone keeps their backup per policy.

Part of element-hq/element-web#14954

jryans added a commit to matrix-org/matrix-react-sdk that referenced this issue


          Invoke Secure Backup flow inside the app when requested by HS

0f68959

If the Secure Backup required mode is set the client `.well-known` file, then
this will ensure that everyone already inside the app is required to complete
setup matching that policy.

Fixes element-hq/element-web#14954

jryans mentioned this issue

Document .well-known E2EE secure backup setting #15003

Merged

jryans added a commit to matrix-org/matrix-react-sdk that referenced this issue


          Check for .well-known E2EE settings under new key

b293ef0

This adds an extra check for `.well-known` E2EE settings under the key
`im.vector.e2ee`. The older key `im.vector.riot.e2ee` is kept for historical
compatibility.

Part of element-hq/element-web#14954

jryans added a commit to matrix-org/matrix-react-sdk that referenced this issue


          Enforce Secure Backup completion when requested by HS

This removes all buttons to escape the Secure Backup setup flow when the
matching `.well-known` setting is set by homeserver.

Part of element-hq/element-web#14954

jryans added a commit to matrix-org/matrix-react-sdk that referenced this issue


          Hide Delete Backup button when Secure Backup required

fed7ebb

If Secure Backup is required by the HS admin, then this hides the Delete Backup
button in Settings to ensure everyone keeps their backup per policy.

Part of element-hq/element-web#14954

jryans added a commit to matrix-org/matrix-react-sdk that referenced this issue


          Invoke Secure Backup flow inside the app when requested by HS

e56a61e

If the Secure Backup required mode is set the client `.well-known` file, then
this will ensure that everyone already inside the app is required to complete
setup matching that policy.

Fixes element-hq/element-web#14954

jryans added a commit that referenced this issue


          Document new .well-known for E2EE settings

8b0eafe

This updates documentation about the new key in `.well-known` that we'll check
for E2EE settings: `im.vector.e2ee`.

Part of #14954

jryans added a commit that referenced this issue


          Document new setting to require secure backup

fa265e4

This adds notes on configuring the new `.well-known` setting to require Element
users to set up secure backup before continuing into the app.

Part of #14954

jryans mentioned this issue

Enforce Secure Backup completion when requested by HS matrix-org/matrix-react-sdk#5130

Merged

jryans moved this from In Progress to In Review in Web App Team

This comment has been minimized.

Sign in to view

This comment has been minimized.

Sign in to view

jryans closed this as completed in matrix-org/matrix-react-sdk#5130

Web App Team automation moved this from In Review to In Test

Contributor

chagai95 commented Oct 12, 2021

@jryans this causes the whole well known to not be parsed in iOS because it expects the default parameter, could you please update this for now until this issue is fixed?

        "io.element.e2ee": {
                "default": true,
                "secure_backup_required": true
        }

It should be worked on via this internal ticket, but if it does not get done you should probably open a public ticket...

https://gitlab.matrix.org/ps/aarenet/issue-tracker/-/issues/347

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment