Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add resignKeyBackup, updateBackupSignature, resignKeyBackup #4171

Conversation

MichaelErjemenko
Copy link

When using key backups without 4s (secure secret storage and sharing) and signing in with the web-client then no migration is performed and the session cannot backup keys without any further user interaction (resetting cross signing (and key backup)).
This seems to be related to: element-hq/element-web#27100
ToDo: If the above is correct then a note for the Changelog will be added.

The changes here depend on the changes in matrix-react-sdk PR 12441 .

Checklist

  • Tests written for new code (and old code if feasible).
  • New or updated public/exported symbols have accurate TSDoc documentation.
  • Linter and other CI checks pass.
  • Sign-off given on the changes (see CONTRIBUTING.md).

Signed-off-by: Michael Schrader [email protected]

Add methods to sign the current backup again and upload it. This aims to fix the problem, that a key backup exists but no 4s, but the migration requires a resign of the backup.
@MichaelErjemenko MichaelErjemenko requested review from a team as code owners April 19, 2024 07:38
@github-actions github-actions bot added the Z-Community-PR Issue is solved by a community member's PR label Apr 19, 2024
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See my comments on matrix-org/matrix-react-sdk#12441, but also:

resignKeyBackup feels like a very low-level, and dangerous primitive to expose. I really don't want applications to have to decide to arbitrarily re-sign existing key backups.

If this is a thing that we need to support, maybe we can make it part of bootstrapCrossSigning ?


await signObject(authData);

// An alternative implementation could be using src\crypto\EncryptionSetup.ts and EncryptionSetupOperation, similar to:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that stuff is deprecated; let's not use it.

@richvdh
Copy link
Member

richvdh commented Jul 4, 2024

As with matrix-org/matrix-react-sdk#12441: I don't really think this is the right thing to be doing.

@richvdh richvdh closed this Jul 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
T-Enhancement Z-Community-PR Issue is solved by a community member's PR
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants