Allow E2EE keys sharing between room users

[Biep]

When someone has lost her keys, she can ask them from someone else in the room. This will also solve the problems of reading history from before joining, or losing devices or sessions. Users should have the option to set their reaction to such requests as 'refuse', 'allow for trusted sessions', and 'ask'.

The current option to request keys from one's own devices would be a special case of this. Another would be to have the original sender resend the keys - but that would not work for history if people have since left.

[Biep]

In some rooms, where privacy is less critical, one could invite a bot that would provide keys to any member who asked.
If knowledge who trusts which device is public, the bot could provide the keys to any session trusted by e.g. any manager.

[turt2live]

I don't believe this is possible because you'd need a few decryption keys for it to actually work. Key backup is also meant to solve this.

[Biep]

It ought to be possible. I (obviously) can decrypt the keys I receive, and then encrypt them with a public key from the requester, and sent them in that encrypted form. The requester can then decrypt them with the corresponding private key.
Key backup doesn't solve the issue of messages sent while no session was active, or of people losing their key backup passphrase (and yes, that happens - a lot).

[Biep]

One workaround in trust situations is simply downloading one's keys and uploading them in the other account. This transfers all one's keys of course.. If keys could be downloaded per room it would already be possible to do this: create an encrypted channel, download the room keys, send them by the encrypted channel to the requestor, who then uploads them.

[notramo]

@Biep It can be filtered, see this comment: element-hq/element-meta#647

[Biep]

Thanks for the pointer!

[t3chguy]

Closing in favour of element-hq/element-meta#647