services:matrix:encryption
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
services:matrix:encryption [2020/12/03 11:13] – hamiltoc97 | services:matrix:encryption [2021/08/10 14:39] – [The somewhat short story] behrmj87 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | This is a section of the manual on how to use the Matrix client Element. This section describes | + | This is a section of the manual on how to use Element' |
===== End-to-End-encryption for Matrix on Element===== | ===== End-to-End-encryption for Matrix on Element===== | ||
- | |||
- | <note important> | ||
End-to-end encryption means that only the parties participating in a conversation are able to decrypt and read the messages that were send. Our server is not able to decrypt the messages that were sent, preventing third parties to read the messages. | End-to-end encryption means that only the parties participating in a conversation are able to decrypt and read the messages that were send. Our server is not able to decrypt the messages that were sent, preventing third parties to read the messages. | ||
Line 10: | Line 8: | ||
<note warning> | <note warning> | ||
- | ==== Upgrading encryption ==== | ||
- | This step is necessary if you have used encryption | + | ==== The somewhat short story ==== |
+ | |||
+ | Some chats you encounter will be encrypted. Direct conversations are encrypted by default and encryption | ||
+ | |||
+ | * Have one running session (in a browser on your computer, on your phone, wherever), so that new sessions can authenticate against | ||
+ | * have access to your recovery passphrase (that you should create when you first log in) to recover your encryption keys when you log into a new session and have no other running sessions to authenticate against. | ||
- | If you have used encryption before you will notice a small popup on the left side of the screen, asking you to upgrade. Click on the " | + | This means, that if you do have encrypted messages, e.g. in a direct |
- | This concludes the upgrade. You can now on read how to verify users in //*Verify a user//, or use encrypted chats without verification. | + | This may sound difficult, but it's not. Read on for what you need to do. |
==== Setting up encryption for the first time ==== | ==== Setting up encryption for the first time ==== | ||
Line 31: | Line 33: | ||
{{ : | {{ : | ||
+ | ==== Verifying a session ==== | ||
- | ==== Verification ==== | + | To access your messages from encrypted chats, e.g. direct conversations, |
- | **This step is optional** **If you choose | + | When logging in with a new device |
- | For end-to-end encryption to be really secure users have to verify they are talking to each other. To do this each user is verifying each their devices, and additionally verifies every user once. Every device another verified user verified themselves will be considered verified. | + | {{ : |
- | A user you did not verify | + | The three options: |
+ | - **Use another login**, which will authenticate against a running session, e.g. on a phone or another computer. | ||
+ | - **Use Security Key or Phrase**, which works without another session, i.e. without another device, but you will need the Security Phrase or Key that you set up earlier. | ||
+ | - **Skip**, which skips authentication, | ||
- | A user you verified, but who did not verify all of their devices will be displayed with a red shield next to their user icon: {{ : | + | === Verifying |
- | A user you verified | + | This is conceptually the easiest so, we'll discuss it first. Click **Use Security Key or Phrase** |
- | Example: Alice and Bob start a conversation in their logged in sessions. For the encryption to be secure they have to verify they are actually talking to each other. In Element this is done by comparing a list of emojis that are shown to both users. Alice requests a verification with Bob and they verify they get shown the same string of emojis. When Bob starts using a new session (e.g. using a different Browser/ | + | {{ :services: |
- | ==== Verify a user ==== | + | If you enter either correctly, you will be greeted by this happy screen |
- | For this step to make sense you have to be able to communicate with the other user in a way that makes sure you are actually talking to ****them****. For this we recommend video/ | + | {{ : |
- | To verify | + | === Verifying |
- | {{ : | + | If you are logged into another session, e.g. on your phone, it's easiest to click **Use another login**. There are multiple ways how this is handled, which depends on where the other session is running, e.g. Element on phones will allow you to do this via scanning a QR code. All methods do require, though, that you have the device where the other session is running on *at hand* otherwise the whole process will block waiting for you to do something on the other device, which is hard to do, if it's far away. |
- | Click on the verify link in the sidebar… | + | One method that is always available is comparing emoji shown on both devices. First you will be asked on the device |
- | + | ||
- | {{ : | + | |
- | + | ||
- | and click on the "Start Verification" | + | |
- | + | ||
- | {{ : | + | |
- | + | ||
- | The user you want to verify will see the request as a popup on the left and in the chat. | + | |
- | + | ||
- | {{ : | + | |
- | + | ||
- | You will then be presented with the verification options. Currently the only option is comparing a string of emojis. When both users have agreed | + | |
- | + | ||
- | If the user you are verifying | + | |
- | + | ||
- | {{ : | + | |
- | + | ||
- | ==== Verify a session | + | |
- | + | ||
- | To access your encryption history and for other users to verify you it is necessary to verify a new session. To verify a session | + | |
- | + | ||
- | When logging in with a new device | + | |
- | + | ||
- | {{ : | + | |
- | + | ||
- | If you are logged into another session there will be a popup asking you to verify the new session: | + | |
{{ : | {{ : | ||
Line 88: | Line 68: | ||
{{ : | {{ : | ||
- | Select to continue and you will be asked for a verification method. Currently the only option is to compare a sting of emojis. | + | Select to continue and you will be asked for a verification method. |
{{ : | {{ : | ||
Line 98: | Line 78: | ||
{{ : | {{ : | ||
- | Confirm the emojis match on both devices to complete verifying the session. | + | Confirm the emojis match on both devices to complete verifying the session and you get the happy result of a verified |
- | Alternatively you can select to verify a session by using your recovery passphrase: | + | {{ :services: |
- | {{ : | ||
==== Deleting a session ==== | ==== Deleting a session ==== | ||
Line 132: | Line 111: | ||
{{ : | {{ : | ||
- | ===== Usage tips ===== | ||
- | | + | ==== Verifying a user ==== |
- | * You can highlight messages for certain | + | |
- | * The little symbols | + | **This step is optional** **If you choose to not verify a user there will be a black shield displayed next to their user icon** {{ : |
- | * Messages can be formatted in Markdown (tables are unfortunately | + | |
- | * You can share images | + | For end-to-end encryption to be really secure |
- | * Emojis can be typed by starting | + | |
- | * Messages can be edited after sending | + | A user you did not verify will be displayed with a black shield next to their user icon: {{ : |
- | * You can reply to messages, quoting them thereby. Use the context menu when hovering over a message. | + | |
- | | + | A user you verified, but who did not verify all of their devices will be displayed with a red shield next to their user icon: {{ : |
- | * You can add a [[services:jitsi:start|Jitsi]] widget | + | |
+ | A user you verified | ||
+ | |||
+ | Example: Alice and Bob start a conversation in their logged in sessions. For the encryption to be secure they have to verify they are actually talking to each other. In Element this is done by comparing a list of emojis that are shown to both users. Alice requests a verification | ||
+ | |||
+ | For this step to make sense you have to be able to communicate with the other user in a way that makes sure you are actually talking to ****them****. For this we recommend video/ | ||
+ | |||
+ | To verify | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | Click on the verify link in the sidebar… | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | and click on the "Start Verification" | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | The user you want to verify will see the request as a popup on the left and in the chat. | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | You will then be presented with the verification options. Currently | ||
+ | |||
+ | If the user you are verifying with is shown the same string of emojis as you are, you can both click on "They match" to complete the verification. | ||
+ | |||
+ | {{ :services:matrix:riot_e2e_verify_user_08.png | ||
+ | |||
+ | ==== I've lost all my keys! What now? ==== | ||
+ | |||
+ | Sometimes it happens. Your computer and phone die at the same time and those were the only clients you were logged in at and you didn't save your passwordmanager database (hopefully you are using one) where you store your recovery keys or recovery passphrase | ||
+ | |||
+ | Well, all your encrypted messages, i.e. messages in rooms or private discussions were encryption was enabled, are gone and you won't get them back, but you can make yourself new recovery keys for the future | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | on the verification dialog after login and instead of entering your security phrase or key, which you've lost, click the **Reset all** link on the bottom, next to *Forgotten or lost all recovery methods?* | ||
+ | |||
+ | You will then be asked to confirm | ||
+ | |||
+ | {{ : | ||
+ | And clicking **Reset** will sign out of all your old sessions and delete all keys, followed by guiding you through the procedure to generate new ones described above. |
services/matrix/encryption.txt · Last modified: 2021/11/29 16:24 by behrmj87