Encryption keys not received

[witchent]

Description

Disclaimer: I don't know if this is a duplicate of #14074, but there is not a lot of information in there.

I have an Element-Desktop instance, which just never gets keys for encrypted messages except for when it is online.
If I have Element closed for lets say the night, after I open it up again all messages are just
** Unable to decrypt: The sender's device has not sent us the keys for this message. **

This is for all messages, some from my own phone (fluffy chat), some from a friend (element-android) and some from maubot, so I don't think it's anything on the other device.

It seems to get some keys from the key backup, but then it says "The authenticity of this encrypted message can't be guaranteed on this device", and sometimes I have to manually re-request encryption keys from my other sessions.

Synapse is up to date (in fact it is on the release candidate). All my other devices seem to get the keys correctly.

If I have the Element-Desktop version open, after a while (I guess after the keys get rotated) I start getting at least some keys for as long as Element is open. I cannot really tell which keys I get and which I don't.

I tried logging out and in, clearing all local files and renaming the device, but nothing is working.
All devices are verified via cross-signing. This is on my own homeserver.

Steps to reproduce

I can't really tell. But it is happening in every encrypted room.

Log: sent

Version information

• Platform: desktop

For the desktop app:

• OS: Arch Linux
• Version: 1.7.8

[dbkr]

Do you have some examples of message IDs that couldn't be decrypted? The logs for your last two sessions don't have any failed decryptions at all, and the ones I picked randomly from the third were decrypted once keys arrived.

[witchent]

As I requested all keys from my other messages I only have message IDs that have the authenticity message.
But sure, here are some of them:
$BdFZicTi7q8jUym0O8iUA-MkEXTLSC_1ObPWFFu-EJQ
$METl1Y0WRdSrZ75VrO5xYPrXC-hwQ4552wtJbJO0Q9c
(those are recentish, don't know the exact date of the rage shake so I just chose any)

$YiDrENDa88bKX_dSNS3b7q8uPWMfBquTm8SypmHAIuA
(This one just says that it was encrypted by an unverified session after requesting the keys, even though the device is verified)

If needed I can send another rageshake tomorrow without requesting the encryption keys.

[witchent]

I sent another rageshake. Thought all messages ended up with the grey logo again, but actually there are some that still cannot be decrypted, for example
$yOL4oSjua6FQO7jZXlnyuiGKxMkZtthCc_Phv_PZllY

I don't know how that worked though, as I explicitly did not turn on any of my other devices, so the keys have to be from somewhere else.

And another one has :
** Unable to decrypt: This device does not share keys to other users **
$HSy6ABZqxia_oB663nYWhDkEm1mg5lVCTsS2WSen8o

[dbkr]

Neither $BdFZicTi7q8jUym0O8iUA-MkEXTLSC_1ObPWFFu-EJQ nor $METl1Y0WRdSrZ75VrO5xYPrXC-hwQ4552wtJbJO0Q9c appear in any of your debug logs - perhaps they weren't quite recent enough?

$yOL4oSjua6FQO7jZXlnyuiGKxMkZtthCc_Phv_PZllY is from maubot and all I can tell from your log is that indeed, the key did not arrive, so unfortunately there's nothing I can get out of these logs.

Since the problem appears to be with element-desktop, what would be most useful is if you could send logs from both sender and receiver after the receiver has failed to decrypt the message and say which message(s) couldn't be decrypted. If you can reproduce the problem with another element-web instance as the sender, that would be ideal as a simplest-possible scenario.

Also, you're a couple of versions behind (latest is 1.7.8), so updating would be a good idea.

[witchent]

First of all, as you could probably tell from earlier rage shakes, I was on 1.7.8 to check if I can reproduce it there, which I was able to. I then downgraded again, because arch linux only packages 1.7.5 right now, and with 1.7.8 seshat does not work.

I will see if I can reproduce it with another element-web instance, though this will probably take a bit. Thanks for trying to help.

[witchent]

I just send you three rageshakes, one from the element-desktop, that's always failing even after logging out, cleaning all files and logging in again, one from element-web using the same account, and one from element-desktop, using my matrix account.

Hopefully you can find something there. The test event ids were send with one rageshake, but just to be sure here they are again:
Message sent from element-web instance (same account):
$G-zhEToV1_U24uiv_ra5zUwf1-aSkEChbjA_p9q205M
(red, cannot decrypt)

Message sent from element-desktop instance (other account):
vebhaoMFuasf_hdqeMGPpHA_fAv9j3xtJ6JQbKqD1ec
(grey, cannot authentificate)

Edit:// I should probably mention that I also tried a cross-signing reset a few days ago, and that did not help. Also, all devices are verified via cross-signing.

[witchent]

Another thing I just found out: maubot IS sending the keys for my Element-Desktop instance. In the log I always get an "Encrypted group session" for the instance, and it also says "Sending 4 to-device events to share key", and I have exactly 4 devices right now. So on that side everything seems to work as intended.