Differences

This shows you the differences between two versions of the page.

--- services:matrix:encryption [2020/12/04 15:50] – behrmj87
+++ services:matrix:encryption [2021/04/12 12:09] – fix formatting behrmj87
@@ Line 2: / Line 2: @@
 ===== End-to-End-encryption for Matrix on Element=====
-<note important>End-to-End-encryption is currently enabled by default for direct chats. This has technical reasons.</note>
 End-to-end encryption means that only the parties participating in a conversation are able to decrypt and read the messages that were send. Our server is not able to decrypt the messages that were sent, preventing third parties to read the messages.
@@ Line 31: / Line 29: @@
 {{ :services:matrix:riot_e2e_setup_03.png |}}
+==== Verifying a session ====
-==== Verification ====
-**This step is optional** **If you choose to not verify a user there will be a black shield displayed next to their user icon** {{ :services:matrix:riot_e2e_verification_icon_1.png |}}
-For end-to-end encryption to be really secure users have to verify they are talking to each other. To do this each user is verifying each their devices, and additionally verifies every user once. Every device another verified user verified themselves will be considered verified.
-A user you did not verify will be displayed with a black shield next to their user icon: {{ :services:matrix:riot_e2e_verification_icon_1.png |}}
-A user you verified, but who did not verify all of their devices will be displayed with a red shield next to their user icon: {{ :services:matrix:riot_e2e_verification_icon_3.png |}}
-A user you verified and who verified all of their devices will be displayed with a red shield next to their user icon: {{ :services:matrix:riot_e2e_verification_icon_2.png |}}
-Example: Alice and Bob start a conversation in their logged in sessions. For the encryption to be secure they have to verify they are actually talking to each other. In Element this is done by comparing a list of emojis that are shown to both users. Alice requests a verification with Bob and they verify they get shown the same string of emojis. When Bob starts using a new session (e.g. using a different Browser/Device) he can use the session that was verified with Alice's session to also verify his new session. Alice's session automatically sees that Bob verified the new session and accepts it into the encrypted conversation.
-==== Verify a user ====
-For this step to make sense you have to be able to communicate with the other user in a way that makes sure you are actually talking to ****them****. For this we recommend video/audio-chat, or just sitting next to each other.
-To verify a user you open a chat you share with the user and click their name in the user side bar.
-{{ :services:matrix:riot_e2e_verify_user_01.png?direct&800 |}}
-Click on the verify link in the sidebar…
-{{ :services:matrix:riot_e2e_verify_user_02.png?direct&800 |}}
-and click on the "Start Verification" button.
-{{ :services:matrix:riot_e2e_verify_user_03.png?direct&800 |}}
-The user you want to verify will see the request as a popup on the left and in the chat.
-{{ :services:matrix:riot_e2e_verify_user_04.png |}} {{./riot-e2e-doku-pictures/riot_e2e_verify_user_05.png |}}
-You will then be presented with the verification options. Currently the only option is comparing a string of emojis. When both users have agreed on a verification method the verification process begins.
-If the user you are verifying with is shown the same string of emojis as you are, you can both click on "They match" to complete the verification.
-{{ :services:matrix:riot_e2e_verify_user_08.png |}}
-==== Verify a session ====
 To access your encryption history and for other users to verify you it is necessary to verify a new session. To verify a session you can either confirm a new session from an existing session or enter your recovery passphrase.
@@ Line 132: / Line 89: @@
 {{ :services:matrix:riot_e2e_delete_session_04.png?direct&800 |}}
-===== Usage tips =====
-  * You can search for other users by their display name or ZEDAT username, the display name is the person's name by default, but users may change it.
+==== Verifying a user ====
-  * You can highlight messages for certain users by mentioning them. You do this by typing ''@'' followed by their name, use tab to autocomplete.
-  * The little symbols to the right of messages are read markers.
+**This step is optional** **If you choose to not verify a user there will be a black shield displayed next to their user icon** {{ :services:matrix:riot_e2e_verification_icon_1.png |}}
-  * Messages can be formatted in Markdown (tables are unfortunately not supported in the current Markdown flavour).
-  * You can share images and files.
+For end-to-end encryption to be really secure users have to verify they are talking to each other. To do this each user is verifying each their devices, and additionally verifies every user once. Every device another verified user verified themselves will be considered verified.
-  * Emojis can be typed by starting with a colon '':'' followed by the name, choices will pop up.
-  * Messages can be edited after sending them. Use the context menu when hovering over a message.
+A user you did not verify will be displayed with a black shield next to their user icon: {{ :services:matrix:riot_e2e_verification_icon_1.png |}}
-  * You can reply to messages, quoting them thereby. Use the context menu when hovering over a message.
-  * You can react to messages. Use the smilie context menu when hovering over a message.
+A user you verified, but who did not verify all of their devices will be displayed with a red shield next to their user icon: {{ :services:matrix:riot_e2e_verification_icon_3.png |}}
-  * You can add a [[services:jitsi:start|Jitsi]] widget using our Jitsi server to bind a fixed Jitsi room to your Matrix room via the Widget integration menu (the 2x2 squares on the upper right). Be advised, the other integrations besides Jitsi use external resources.
+A user you verified and who verified all of their devices will be displayed with a red shield next to their user icon: {{ :services:matrix:riot_e2e_verification_icon_2.png |}}
+Example: Alice and Bob start a conversation in their logged in sessions. For the encryption to be secure they have to verify they are actually talking to each other. In Element this is done by comparing a list of emojis that are shown to both users. Alice requests a verification with Bob and they verify they get shown the same string of emojis. When Bob starts using a new session (e.g. using a different Browser/Device) he can use the session that was verified with Alice's session to also verify his new session. Alice's session automatically sees that Bob verified the new session and accepts it into the encrypted conversation.
+For this step to make sense you have to be able to communicate with the other user in a way that makes sure you are actually talking to ****them****. For this we recommend video/audio-chat, or just sitting next to each other.
+To verify a user you open a chat you share with the user and click their name in the user side bar.
+{{ :services:matrix:riot_e2e_verify_user_01.png?direct&800 |}}
+Click on the verify link in the sidebar…
+{{ :services:matrix:riot_e2e_verify_user_02.png?direct&800 |}}
+and click on the "Start Verification" button.
+{{ :services:matrix:riot_e2e_verify_user_03.png?direct&800 |}}
+The user you want to verify will see the request as a popup on the left and in the chat.
+{{ :services:matrix:riot_e2e_verify_user_04.png |}} {{./riot-e2e-doku-pictures/riot_e2e_verify_user_05.png |}}
+You will then be presented with the verification options. Currently the only option is comparing a string of emojis. When both users have agreed on a verification method the verification process begins.
+If the user you are verifying with is shown the same string of emojis as you are, you can both click on "They match" to complete the verification.
+{{ :services:matrix:riot_e2e_verify_user_08.png |}}
+==== I've lost all my keys! What now? ====
+Sometimes it happens. Your computer and phone die at the same time and those were the only clients you were logged in at and you didn't save your passwordmanager database (hopefully you are using one) where you store your recovery keys or recovery passphrase to any other device. What now?
+Well, all your encrypted messages, i.e. messages in rooms or private discussions were encryption was enabled, are gone and you won't get them back, but you can make yourself new recovery keys for the future (and hopefully you will safe them redundantly):
+  - Sign out of all your old sessions from the "Security & privacy" preferences.
+  - In the "Security & privacy" preferences reset preset the reset button in the "Secure backup" section.
+  - Use new secure backup passphrase to reset cross-signing in "Cross-signing" section below.
+  - Verify your new sessions so that they start sharing keys.
+  - Back your new recovery keys up :)