Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Device Dehydration: "Reset cryptographic identity" leaves unverified device #29131

Closed
richvdh opened this issue Jan 29, 2025 · 5 comments · Fixed by matrix-org/matrix-js-sdk#4727
Closed

Device Dehydration: "Reset cryptographic identity" leaves unverified device #29131

richvdh opened this issue Jan 29, 2025 · 5 comments · Fixed by matrix-org/matrix-js-sdk#4727
Assignees
@uhoreg
Labels
A-E2EE-Dehydration O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Minor Impairs non-critical functionality or suitable workarounds exist T-Defect

Comments

@richvdh
Copy link
Member

richvdh commented Jan 29, 2025
edited
Loading

STR:

  1. Have dehydrated devices enabled
  2. Settings -> Encryption -> Advanced -> Reset cryptographic identity
  3. Confirm, enter password, etc

This leaves us with an unverified session for the existing dehydrated device:

Image

Image
@richvdh richvdh mentioned this issue Jan 29, 2025
Open
@richvdh richvdh changed the title Device Dehydration: "Reset cryptographic identity" leaves account in an inconsistent state Device Dehydration: "Reset cryptographic identity" leaves unverified device Jan 29, 2025
@dosubot dosubot bot added A-E2EE-Dehydration O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Minor Impairs non-critical functionality or suitable workarounds exist T-Defect labels Jan 29, 2025
@richvdh richvdh mentioned this issue Jan 29, 2025
Closed
@andybalaam
Copy link
Member

The fix for this is to delete the dehydrated device when we reset identity.

@uhoreg uhoreg self-assigned this Feb 19, 2025
@uhoreg
Copy link
Member

uhoreg commented Feb 19, 2025

Is there a reason we decided to delete the dehydrated device rather than to create a new one?

@richvdh
Copy link
Member Author

richvdh commented Feb 20, 2025

Is there a reason we decided to delete the dehydrated device rather than to create a new one?

"Reset identity" also removes recovery (i.e. it clears 4S storage), so there would be nowhere to store the dehydration key.

@uhoreg
Copy link
Member

uhoreg commented Feb 20, 2025

Oh, so it does. That's ... interesting. So users would need to perform another step to actually re-set-up 4S?

@richvdh
Copy link
Member Author

richvdh commented Feb 20, 2025

Yup. Which is why fixing #29135 was important.

@uhoreg uhoreg mentioned this issue Feb 21, 2025
Merged
4 tasks
@uhoreg uhoreg mentioned this issue Feb 25, 2025
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@uhoreg uhoreg

Labels
A-E2EE-Dehydration O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Minor Impairs non-critical functionality or suitable workarounds exist T-Defect
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Delete the dehydrated device when resetEncryption is called uhoreg/matrix-js-sdk
3 participants
@andybalaam @uhoreg @richvdh