Key backup fails silently

[c-bg]

Steps to reproduce

Expectation/thoughts are in the headers, the raw facts are in the numbered lists.

The story, part 1: Upon logout attempt, I get warned on losing message access and attempt to turn on backup.

1. Started a DM, encryption is automatically turned on and cannot be turned off.
2. Clicked on my profile and "Sign out".
3. Pop-up message appears: "You'll lose access to your encrypted messages" with two options: "I don't want my encrypted messages", or "Connect this session to key backup".
4. Clicked on: "Connect this session to key backup".
5. Pop-up message appears: "Keys restored\nSuccessfully restored 0 keys", with button "Ok".
6. Clicked "Ok"

Part 2: I assume that backup now worked/that backup already was there, since 0 keys needed to be restored, and expect to not see any warning anymore upon logout. But, I again receive the same warning

7. Clicked again on my profile and "Sign out".
8. Again, the pop-up message from step 3 appears. ("You'll lose access to your encrypted messages [..]")

Part 3: I suspect the backup did not work and look for other settings to turn it on/export the relevant info.

9. Clicked on my profile and "All settings" > sidebar: "Security and Privacy" > section: Encryption

10. Read

    Connect this session to key backup before signing out to avoid losing any keys that may only be on this session.

    and saw a button directly below: "Connect this session to Key Backup".
    In the advanced section, it says:

    Backup key stored: In secret storage
    Backup key cached: cached locally, well formed
    Secret storage public key: in account data
    Secret storage: ready
    Backup version: 1 
    Algorithm: m.megolm_backup.v1.curve25519-aes-sha2
    Backup has a signature from unknown session with ID <redacted> 
    This backup is trusted because it has been restored on this session
    

11. Clicked that button.

12. Saw again the pop-message from step 5, and again interpret it as in title for "part 2".

Part 4: 3rd logout attempt with same warning, but this time I suspect the bug is in the warning, i.e. that it's always shown upon logout. Reasoning: In the settings, it said that if I connect the session to the key backup, I avoid losing the keys, and I did that (twice). Also, the advanced section suggests (10.) that the backup works fine. (or so I thought....)

13. Attempted to log out.
14. Again pop-up message from step 3.
15. Given the reasoning in the title: Clicked "I don't want my encrypted messages."

(now: logged out)

Part 5: I discover that the key backup did, in fact, not work.

16. I log in again, with the same account.
17. I view the DM from step 1. It cannot be decrypted.
18. I connect the session to the key backup in the menu (9. - 11.). I can still not read the DM.
19. I inspect the debug logs manually. There, it has the following lines:

2023-02-20T17:08:59.957Z I Checking key backup status...
2023-02-20T17:08:59.959Z I Old unverified sessions: 
2023-02-20T17:08:59.959Z I New unverified sessions: 
2023-02-20T17:08:59.959Z I Currently showing toasts for: 
2023-02-20T17:08:59.982Z I Backup is trusted locally
2023-02-20T17:08:59.982Z I Ignoring signature from unknown key <redacted> 
2023-02-20T17:08:59.982Z I No usable key backup: not enabling key backup               <-- the crucial line
2023-02-20T17:09:00.010Z I Old unverified sessions: 
2023-02-20T17:09:00.010Z I New unverified sessions: 
2023-02-20T17:09:00.010Z I Currently showing toasts for: 

Therefore, the backup never worked, but that was never displayed in the pop-up message.
In conclusion, a silent failure.

Outcome

What did you expect?

If I click a button to connect the session to the key backup, and if the key backup is then unsuccessful, I expect that the resulting pop-up window tells me that the backup failed.

What happened instead?

With the two mentioned if-conditions being true, I instead received two signals that the backup works:

• The pop-up window instead displayed the text: "Keys restored" giving the illusion that the key backup may have been successful (even though "restoration" seemed like a weird word for "backup" ;) ) .
  Moreover, the pop-up said "Successfully restored 0 keys" which may be understood as: It backed the keys up, and also attempted to restore them, which is unnecessary since they're in current use. So, of course, 0 keys are restored (no matter whether successfully so ;) ).
• Also, the "Advanced" section in the Encryption Settings seemed to suggest that the backup is well and alive.

Operating system

macOS

Browser information

Firefox 109.0 (64-bit)

URL for webapp

app.element.io

Application version

Element version: 1.11.23 Olm version: 3.2.12

Homeserver

Synapse 1.77.0

Will you send logs?

No

[c-bg]

On a meta-level: Thanks a lot for developing Element! :) I like its concept and hope that I could contribute a helpful report. Please let me know if you need further information.

[schildbach]

This could be related to #23497. In short, the "Connect this session to Key Backup" button doesn't actually connect the session to a key backup. It only restores keys one time.

[richvdh]

needs triage from crypto team

[richvdh]

I suspect the backup did not work

This part apperas to be #26530

[baptx]

This issue affects the user experience and may refrain people from using Matrix. I was expecting to be able to decrypt my encrypted messages in any web browser just with my passphrase (as it says when logging in and asking the security phrase "Verify your identity to access encrypted messages and prove your identity to others.").
But if I want to be able to read encrypted messages in another web browser or after logging out, I have to export the E2E room keys on my computer for each session to import them on another session (by clicking on "Advanced" -> "Manually export keys" when logging out).
The issue was reported more than a year ago, is there any plan to fix it?
By the way, instead of having different E2E room keys for each session, isn't it possible to keep the same key for each sessions (like with PGP for emails)? I also noticed that if someone sent me an encrypted message while I was logged out, I cannot decrypt it when logging in and it creates a new chatroom instead of using the previous one.

[richvdh]

Sorry, this appears to have failed to have had proper triage. Ideally it would have been distilled into a clear explanation of what's going wrong, but that hasn't happened.

I think much of the problem can be chalked up to #26530, so I'm going to close this in favour of that.