services:matrix:encryption
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
services:matrix:encryption [2021/02/11 17:19] – add a section what to do when shit hits the fan behrmj87 | services:matrix:encryption [2021/04/12 12:33] – behrmj87 | ||
---|---|---|---|
Line 8: | Line 8: | ||
<note warning> | <note warning> | ||
+ | |||
+ | ==== The somewhat short story ==== | ||
+ | |||
+ | When using encryption in a room (or direct chat) all messages in that chat will be encrypted. Everyone of your clients (e.g. the webclient at meet.physik.fu-berlin.de or Element on your phone) will have a session with its own keys. This is mostly transparent to you as a user, but you must always hold either of the following to be true: | ||
+ | |||
+ | * Have one running session (in a browser on your computer, on your phone, wherever), so that new sessions can authenticate against the running session (cross-signing, | ||
+ | * have access to your recovery passphrase (that you should create when you first log in) to recover your encryption keys when you log into a new session and have no other running sessions to authenticate against. | ||
+ | |||
+ | If either of this is the case, you will keep access to your old encrypted messages, so generate a recovery passphrase and save it in your password safe. | ||
+ | |||
==== Upgrading encryption ==== | ==== Upgrading encryption ==== | ||
Line 128: | Line 138: | ||
{{ : | {{ : | ||
- | ==== I've lost all my keys! What know? ==== | + | ==== I've lost all my keys! What now? ==== |
Sometimes it happens. Your computer and phone die at the same time and those were the only clients you were logged in at and you didn't save your passwordmanager database (hopefully you are using one) where you store your recovery keys or recovery passphrase to any other device. What now? | Sometimes it happens. Your computer and phone die at the same time and those were the only clients you were logged in at and you didn't save your passwordmanager database (hopefully you are using one) where you store your recovery keys or recovery passphrase to any other device. What now? | ||
Line 134: | Line 144: | ||
Well, all your encrypted messages, i.e. messages in rooms or private discussions were encryption was enabled, are gone and you won't get them back, but you can make yourself new recovery keys for the future (and hopefully you will safe them redundantly): | Well, all your encrypted messages, i.e. messages in rooms or private discussions were encryption was enabled, are gone and you won't get them back, but you can make yourself new recovery keys for the future (and hopefully you will safe them redundantly): | ||
- | 1. Sign out of all your old sessions from the " | + | - Sign out of all your old sessions from the " |
- | 2. In the " | + | |
- | 3. Use new secure backup passphrase to reset cross-signing in " | + | |
- | 4. Verify your new sessions so that they start sharing keys. | + | |
- | 5. Back your new recovery keys up :) | + | |
services/matrix/encryption.txt · Last modified: 2021/11/29 16:24 by behrmj87