Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

E2E: public keys are not refreshed when new key is generated #9821

Closed
zner0L opened this issue May 23, 2019 · 3 comments
Closed

E2E: public keys are not refreshed when new key is generated #9821

zner0L opened this issue May 23, 2019 · 3 comments
Labels
A-E2EE T-Defect

Comments

@zner0L
Copy link

zner0L commented May 23, 2019

Description

I am trying to verify a device by another user who I already shared some unencrypted rooms with. The key fingerprints, however, don't match and the new verification fails with "key mismatch". The fingerprint seems to match an old public key, the same device (same device ID) used before, as we were able to reconstruct from old messages. Other devices which have seen the user only recently get the correct matching key and are able to verify.
I tried to refresh the public keys, by

  • closing and reopening Riot
  • closing and reopening the room we share
  • closing and reopening the contact page
  • blocking and unblocking the device

none of which worked.

Steps to reproduce

It is not particularly clear to us, how the second key got generated, but we suspect:

  • create to users that share an unencrypted room using Riot on Firefox
  • one user changes their key by:
    • either importing a new one
    • or logging into riot in a private tab, potentially triggering a key generation
  • the users try to verify and check the key fingerprints

What happens: There is only one device and the key fingerprints mismatch.
What should happen: There is only one device and the fingerprints match, or there are two devices, one of which matches the fingerprint.

Log: not sent (I don't really know of what process the logs could be interesting)

Version information

For the sending device:

  • Browser: Firefox
  • URL: vector.cccgoe.de,
    Version of matrix-react-sdk:
    Version of riot-web: 1.1.2-14-gaf697df8-dirty
    Version of olm: 3.1.0

For the receiving device:

  • Platform: App
  • OS: macOS 10.13.6
  • Version: 1.1.2

also tested on the iOS client
@uhoreg
Copy link
Member

uhoreg commented May 24, 2019

Yes, it's purposeful that Riot doesn't update the keys, because the keys aren't supposed to change. So the bug is that Riot has changed keys, which is probably due to #9107.

Though it probably is a bug that Riot doesn't alert you when it detects a changed key.

@jryans jryans added the A-E2EE label May 24, 2019
@bwindels
Copy link
Contributor

@zner0L Could you please confirm that Data exists in local storage and crypto is marked as initialised appeared in your logs when this happened, or either submit logs? This way we can confirm @uhoreg 's theory above ^.

@poljar
Copy link
Contributor

poljar commented Nov 4, 2021

This seems to be yet another cleared storage bug, we notify nowadays if this happens: #9109.

@poljar poljar closed this as completed Nov 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-E2EE T-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@bwindels @jryans @poljar @uhoreg @zner0L