Unable to decrypt message that has been received while being logged out

[Graphicscore]

Steps to reproduce

1. Create 2 accounts (Account A, Account B)
2. Setup Key Backup in Settings for both accounts
3. Logout Account A
4. Send message from Account B to Account A
5. Login with Account A and restore backup
6. Message is unable to be decrypted, and Account A cannot see the content.
   ** Unable to decrypt: The sender's device has not sent us the keys for this message. **

What happened?

You're unable to decrypt an E2EE message that has been send/received while the receiver has been logged out of the session.

What did you expect?

I expect to be able to decrypt/restore messages that I should have received while being logged out of my account.

Operating system

Windows,Mac, Web

Browser information

Latest Chrome, Latest Edge

URL for webapp

https://app.element.io/

[t3chguy]

This is a property of https://en.wikipedia.org/wiki/Forward_secrecy

A feature is in the works (Dehydration) which lets you stash your session during logout securely to be able to re-use with your next login

[Graphicscore]

@t3chguy But what if I want to logout and resume on a different pc? The message would be lost then wouldn't it?
Is there any way to "make it work" right now?

[t3chguy]

That would have no effect. It would be securely stored (encrypted) on your Matrix server so can be migrated to a different device.

Is there any way to "make it work" right now?

Keep a session logged in, if you log out of all of your sessions then you have 0 keypairs to which encrypted messages can be encrypted for.

[Graphicscore]

So if I have no sessions left there is no way around this issue until the dehydration feature is implemented?

[t3chguy]

If you have 0 sessions then you have no keys to be encrypted for. Hence you not receiving the decryption keys for messages which happen during that time.

[Graphicscore]

Do you have a rough estimate / timeline for when the dehydration feature will be available?

[Elementisgreatbut]

Same here, that would be really nice to know.

Do you have a rough estimate / timeline for when the dehydration feature will be available?

[svargh]

So instead of doing Security Key backup and room keys export in element,
I should make a firefox profile backup to be really sure all needed information for decryption is available?

There should be at least some kind of hint before log off, that any message sent can never be decrypted again!

[nordemn]

-- answering to @t3chguy at duplicate #25837 --

Sure, and if you were to reopen that session with the cryptographic asymmetric keys which only that session has then you'd be able to decrypt things. The issue is you're throwing those keys away when you close Tor.

Ok ok, I didn't know about this OLM/megolm thing and how keys were sent.

Is it a security issue to store ALL keys from a backup-ed session ? Then new sent keys could also be stored and no more decrypting issue. That's what is expected when you backup a session...

Is it possible to turn on the feature with a web app ?

Thanks

[t3chguy]

Is it a security issue to store ALL keys from a backup-ed session ?

You're describing dehydration

[chagai95]

Isn't this already implemented?