m.room.encryption not set, despite room creation set to encyrpted in configuration

[felixx9]

Description

When inviting a Uaser-Account (mxid), which does not exist yet, we have problem, it this account gets created, later.

Steps to reproduce

• User A wants to invite User B, but accidentially invites User C (which does not have an account / does not exist yet)
• User A does write a lot of confidential stuff into the newly created room
• User C (which might be a completely different person than User B) creates his account
• he sees the invitation & accepts it
• User C can read the whole history, which was meant for User B
• the room is not encrpyted (even though the servers default setting says: encrypt all rooms)

what I expect

• I would expect, that
  • I see this warning (but I didn't): Invites should check more thoroughly if a user exists element-hq/element-web#7137 within Client (e.g. Element)._
  • 
  • the room is encrypted
  • if not possible due to missing public key (?) of User C: Do not create the room
  • if created an encrypted: User C is not allowed to join, (unless invited again after account creation.)

Details

• Homeserver: matrix.yatrix.org

If not matrix.org:

What version of Synapse is running? > 1.58.1
Element Desktop 1.10.8

[DMRobertson]

Thanks for the report.

• User A wants to invite User B, but accidentally invites User C (which does not have an account / does not exist yet)

This isn't a mistake that Matrix-the-protocol can prevent. Imagine user A had emailed a bunch of secret documents to user C --- there's no way to take those emails back once they've been sent.

However: the fact that you didn't see the warning sounds like a problem in Element Desktop.

the room is not encrpyted (even though the servers default setting says: encrypt all rooms)

Again, this sounds like it might be a bug in the client. Clients are responsible for sending an m.room.encrypted state event, which marks the room as encrypted (telling other clients which encryption algorithm to use).

I'm going to move this issue to the Element-web repo for them to investigate more.

[DMRobertson]

I'm going to move this issue to the Element-web repo for them to investigate more.

I apparently lack the permissions to do this; I've asked @matrix-org/element-web to do this instead.

[t3chguy]

You can't move between github orgs

[DMRobertson]

• (even though the servers default setting says: encrypt all rooms)

@felixx9 Can you share the part of your config which sets this?

[felixx9]

Hej, thank you for having a look on it. A friend of mine found it - I only reported this behavior.

Actually, sorry, I don't find a setting for having rooms encrypted by default, in my different homeserver.yaml files.
But I know, by default the rooms ARE encrypted, and therefore I thought it must be in the config. It probably just is the default.

a) room after invitation of a known account:

b) invitation of unknown account

c) invitation of an account on unknown server

[uhoreg]

Element automatically encrypts DMs if the other user has devices with device keys set. If the other user doesn't have any devices with device keys set, then it won't enable encryption. This allows you to DM bots that don't support encryption, or users who only use clients that don't support encryption.

Obviously, if the other user doesn't exist, it won't be able to find any devices with device keys set, so it won't enable encryption in the room.

[DMRobertson]

It sounds like Synapse is behaving as intended then. If there is some problem with encryption_enabled_by_default_for_room_type in the config, I'm happy for this to be reopened with details of that config.