Certain messages are not available after re-login #23381
Comments
justjanne
added
S-Major
|
It sounds like the undecryptable events were sent while you were logged out. In this case, the sender doesn't have any device to send the decryption keys to, so you are unable to decrypt the message. We are working on a solution to this, but we're working through some issues. |
|
FWIW, this will be fixed when #22711 gets implemented |
Yeah, it could be, just in case: the sender was online at the time I logged in again. I.e. I could exchange new messages with the sender, but those 2 other messages remained encrypted and I could not see the content of them in any of the active sessions (albeit those 2 messages had different errors shown as mentioned in the issue description), so I had to ask the sender to re-send them. I've encountered the same issue again, this time in |
|
Hmm. If you had multiple sessions open, and one of them can decrypt the messages, your other devices should be able to get the keys from that device. So this does sound (at least partially) like a different issue. |
|
I encounter a similar problem if the interlocutor has a bad connection or at the time of sending a message, he loses connection.
Perhaps there is a need for a mechanism for re-requesting the keys from the interlocutor or verifying the state of the keys for decryption. |
same here. Was about to connect to VPN, and in this momen my interlocutor sent me a message. This was unable to decrypt. But the worse thing, that ALL of messages after it in this session were unable to decrypt. |
|
Not sure if my issue is related to this or different and should be its own, separate issue, but I have what seems to be a similar problem. The other night, I was in a DM with a friend in Element Desktop and I signed out to try to switch servers. I ended up not switching (so nothing changed, except that I changed the server and tried unsuccessfully to log into the new one, then changed it back to matrix.org, not sure if that would affect this), and when I logged back in, it said I needed to verify the device and I chose to do so via passphrase, which I supplied and it accepted. I then got a message saying the following:
Once it loaded, I reentered the DM and it showed the following message:
which then changed to
I tried the "Resend key requests" button to no avail, and after ~38 hours nothing has changed and a few of the messages sent by my friend show as "Unable to decrypt message." It just periodically keeps cycling between the "Decrypting messags..." and "Open another device to load encrypted messages" banner at the top. I originally didn't realize it was just these messages and thought they were all encrypted (or maybe they were and now they're not, but I think I just didn't notice), so I thought it was a different issue. So unfortunately, I'm not sure, but looking at the timestamps, I think maybe the messages from them that I can't decrypt were sent when I was signed out. But since they were online, once I signed in it should have been able to do a key exchange if necessary to allow me to see those messages. Also, I just checked Element Web to see if that would get them to decrypt (it didn't), and that only shows one "message" (a call from them) with a timestamp in the range of messages that won't decrypt in Element Desktop (four total). Edit/Update: I was getting really annoyed at having the banner constantly at the top, made even worse by it constantly changing back and forth, so I reopened Element Web yet again, and this time it finally decrypted the messages, which is good, but also sort of worse, since it means it could and should have done so the first time I opened Element Web, and really when I entered my passphrase originally. Also, the four messages that said they couldn't be decrypted in Element Desktop are now just the one "message" that is the voice call from my friend, as shown in Element Web, so not sure what that's about, showing four when it's really one. Update 2: This has now happened multiple times and is pretty much a regular occurrence every time I logout and log back in. |
|
How come this is not an issue in Signal and Wire? they just work out of the box. Their servers cache the encrypted message until I login again. |
|
I'm pretty sure this is also an issue with Signal and Wire, because they use a similar encryption system to us. Have you actually tried it? IIRC with Signal, you need to wait for the sender to re-send messages that were sent while you were offline. I don't know how Wire behaves. |
|
I double checked, Wire does warn that it might loose history if I was offline for long time, Which is what I would expect, since I have the old keys stored in permanent storage, Given the server+client storage has enough capacity to look back. |
|
Was your sending device online when you logged back in? The message may have been re-sent to your new device when you logged back in. Or perhaps they've implemented something equivalent to our plan for dehydrated devices. Wire uses an encryption system similar to what we're using. The problem described in this issue is a limitation of their encryption system too. They may have worked around the limitation in some way, and may have already implemented things that we're planning on implementing, but I can guarantee you that it's something that they had to figure out how to solve at some point. It's not just a matter of server/client storage capacity. It's a matter of making a tradeoff between convenience and the security properties that the underlying encryption system is supposed to give you. If you are able to log in to a new device and read old encrypted messages, whether in Element, Wire, Signal, WhatsApp (they all use similar encryption systems), then the program that you're using is working around limitations of the encryption system in some way, in favour of convenience. I should note that this issue is a limitation of the encryption system by design. It's a feature called "post-compromise security" or "future secrecy". Basically, if somebody compromises one of your devices, they should not be able to read messages that are sent to you after the compromise has been resolved. |
|
resolving in favour of element-hq/element-meta#245 |
Steps to reproduce
** Unable to decrypt: The sender's device has not sent us the keys for this message. **.** Unable to decrypt: The sender's device has not sent us the keys for this message. **error. Clicking on "Re-request encryption keys" only says "Key request sent.", but the content of the message is still not shown.The authenticity of this encrypted message can't be guaranteed on this device, while all outgoing messages haveEncrypted by a deleted session.** Unable to decrypt: Error: OLM.UNKNOWN_MESSAGE_INDEX **error.The issue is related to several other issues, so I was not sure if it exists, but with a new reproduction scenario or a new one, I think it might be related to these:
There are quite a few related issues, so I decided to create a new one to describe the reproduction steps (so that in the worst case, I can just provide more info for the dev folks to be added to the tracking issue).
Outcome
What did you expect?
I just wanted to see my messages after logging in.
What happened instead?
Certain messages cannot be decrypted and have quite an "unfriendly" (from the user perspective) error. I have to ask the person to re-send the messages, telling them that what they sent to me is not readable on my device for some unknown reason. That's a bit embarrassing.
Operating system
Mac OS Big Sur
Application version
Element 1.11.8
How did you install the app?
From the official website
Homeserver
matrix.org
Will you send logs?
Yes
The text was updated successfully, but these errors were encountered: