Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add resignKeyBackup, updateBackupSignature, resignKeyBackup #4171

Closed
wants to merge 1 commit into from
Closed

add resignKeyBackup, updateBackupSignature, resignKeyBackup #4171

wants to merge 1 commit into from

Conversation

MichaelErjemenko
Copy link

When using key backups without 4s (secure secret storage and sharing) and signing in with the web-client then no migration is performed and the session cannot backup keys without any further user interaction (resetting cross signing (and key backup)).
This seems to be related to: element-hq/element-web#27100
ToDo: If the above is correct then a note for the Changelog will be added.

The changes here depend on the changes in matrix-react-sdk PR 12441 .

Checklist

  • Tests written for new code (and old code if feasible).
  • New or updated public/exported symbols have accurate TSDoc documentation.
  • Linter and other CI checks pass.
  • Sign-off given on the changes (see CONTRIBUTING.md).

Signed-off-by: Michael Schrader michael.schrader@connext.de

add resignKeyBackup, updateBackupSignature, resignKeyBackup
a25cd1a 
Add methods to sign the current backup again and upload it. This aims to fix the problem, that a key backup exists but no 4s, but the migration requires a resign of the backup.
@MichaelErjemenko MichaelErjemenko requested review from a team as code owners April 19, 2024 07:38
@github-actions github-actions bot added the Z-Community-PR Issue is solved by a community member's PR label Apr 19, 2024
@MichaelErjemenko MichaelErjemenko mentioned this pull request Apr 19, 2024
Closed
4 tasks
richvdh
richvdh reviewed Apr 22, 2024
View reviewed changes
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See my comments on matrix-org/matrix-react-sdk#12441, but also:

resignKeyBackup feels like a very low-level, and dangerous primitive to expose. I really don't want applications to have to decide to arbitrarily re-sign existing key backups.

If this is a thing that we need to support, maybe we can make it part of bootstrapCrossSigning ?

src/rust-crypto/backup.ts

await signObject(authData);

// An alternative implementation could be using src\crypto\EncryptionSetup.ts and EncryptionSetupOperation, similar to:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that stuff is deprecated; let's not use it.

@richvdh
Copy link
Member

richvdh commented Jul 4, 2024

As with matrix-org/matrix-react-sdk#12441: I don't really think this is the right thing to be doing.

@richvdh richvdh closed this Jul 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@richvdh richvdh richvdh left review comments

@andybalaam andybalaam Awaiting requested review from andybalaam andybalaam is a code owner automatically assigned from matrix-org/element-crypto-web-reviewers

@uhoreg uhoreg Awaiting requested review from uhoreg uhoreg is a code owner automatically assigned from matrix-org/element-crypto-web-reviewers

@t3chguy t3chguy Awaiting requested review from t3chguy t3chguy is a code owner automatically assigned from matrix-org/element-web-reviewers

Assignees
No one assigned
Labels
T-Enhancement Z-Community-PR Issue is solved by a community member's PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MichaelErjemenko @richvdh