DokuWiki

User Tools

Site Tools

Trace:
services:matrix:encryption

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
services:matrix:encryption [2021/02/11 17:19] – add a section what to do when shit hits the fan behrmj87services:matrix:encryption [2021/08/10 11:54] – Remove the (possibly outdated?) section on upgrading encryption behrmj87
Line 8: Line 8:
  
 <note warning>When logging into a new device (a different browser, a new phone, your fridge), you will only get access to your already encrypted messages //after// verifying the new session. This is explained below (and most easily done if you use Element on your phone).</note> <note warning>When logging into a new device (a different browser, a new phone, your fridge), you will only get access to your already encrypted messages //after// verifying the new session. This is explained below (and most easily done if you use Element on your phone).</note>
-==== Upgrading encryption ==== 
  
-This step is necessary if you have used encryption in the past on your matrix.physik.fu-berlin.de account. If you have not used encryption previously, you can jump to the section [[services:matrix:start#setting_up_encryption_for_the_first_time | Setting up encryption for the first time ]]+==== The somewhat short story ====
  
-If you have used encryption before you will notice a small popup on the left side of the screen, asking you to upgradeClick on the "upgrade" button to start the upgrade{{ :services:matrix:riot_e2e_upgrade_01.png?direct&800 |}} Next you will have to enter your ZEDAT-password… {{./riot-e2e-doku-pictures/riot_e2e_upgrade_02.png |}} and enter your recovery passphrase you set when you set up key backups for encryption. If you can not remember your passphrase you can use the recovery key if you have still saved it somewhereAlternatively you can set up new key recovery. Your previous encrypted messages will still be available if you are able to read them on the device you are using to perform the upgrade. {{./riot-e2e-doku-pictures/riot_e2e_upgrade_03.png |}}+When using encryption in a room (or direct chat) all messages in that chat will be encrypted. Everyone of your clients (e.g. the webclient at meet.physik.fu-berlin.de or Element on your phone) will have a session with its own keysThis is mostly transparent to you as user, but you must always hold either of the following to be true:
  
-This concludes the upgrade. You can now on read how to verify users in //*Verify user//or use encrypted chats without verification.+    * Have one running session (in a browser on your computer, on your phone, wherever), so that new sessions can authenticate against the running session (cross-signing, described below), or 
 +    * have access to your recovery passphrase (that you should create when you first log in) to recover your encryption keys when you log into new session and have no other running sessions to authenticate against. 
 + 
 +If either of this is the caseyou will keep access to your old encrypted messages, so generate a recovery passphrase and save it in your password safe.
  
 ==== Setting up encryption for the first time ==== ==== Setting up encryption for the first time ====
Line 128: Line 130:
 {{ :services:matrix:riot_e2e_verify_user_08.png |}} {{ :services:matrix:riot_e2e_verify_user_08.png |}}
  
-==== I've lost all my keys! What know? ====+==== I've lost all my keys! What now? ====
  
 Sometimes it happens. Your computer and phone die at the same time and those were the only clients you were logged in at and you didn't save your passwordmanager database (hopefully you are using one) where you store your recovery keys or recovery passphrase to any other device. What now?  Sometimes it happens. Your computer and phone die at the same time and those were the only clients you were logged in at and you didn't save your passwordmanager database (hopefully you are using one) where you store your recovery keys or recovery passphrase to any other device. What now? 
  
-Well, all your encrypted messages, i.e. messages in rooms or private discussions were encryption was enabled, are gone and you won't get them back, but you can make yourself new recovery keys for the future (and hopefully you will safe them redundantly):+Well, all your encrypted messages, i.e. messages in rooms or private discussions were encryption was enabled, are gone and you won't get them back, but you can make yourself new recovery keys for the future (and hopefully you will safe them redundantly). To this, just click **Use Security Key or Phrase** 
 + 
 +{{ :services:matrix:verifylogin.png |}} 
 + 
 +on the verification dialog after login and instead of entering your security phrase or key, which you've lost, click the **Reset all** link on the bottom, next to *Forgotten or lost all recovery methods?* 
 + 
 +You will then be asked to confirm 
 + 
 +{{ :services:matrix:reseteverything.png |}}
  
-1. Sign out of all your old sessions from the "Security & privacy" preferences. +And clicking **Reset** will sign out of all your old sessions and delete all keys, followed by guiding you through the procedure to generate new ones described above.
-2. In the "Security & privacy" preferences reset preset the reset button in the "Secure backup" section. +
-3. Use new secure backup passphrase to reset cross-signing in "Cross-signing" section below. +
-4. Verify your new sessions so that they start sharing keys. +
-5. Back your new recovery keys up :)+
services/matrix/encryption.txt · Last modified: 2021/11/29 16:24 by behrmj87
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki