services:matrix:encryption
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
services:matrix:encryption [2021/08/10 14:08] – [Verifying a session] update session verification to newer screens behrmj87 | services:matrix:encryption [2021/08/11 07:42] – fix emphasis behrmj87 | ||
---|---|---|---|
Line 11: | Line 11: | ||
==== The somewhat short story ==== | ==== The somewhat short story ==== | ||
- | When using encryption in a room (or direct chat) all messages in that chat will be encrypted. | + | Some chats you encounter will be encrypted. Direct conversations are encrypted by default and encryption for rooms for multiple people can be switched on. When using encryption in a room (or direct chat) all messages in that chat will be encrypted. |
* Have one running session (in a browser on your computer, on your phone, wherever), so that new sessions can authenticate against the running session (cross-signing, | * Have one running session (in a browser on your computer, on your phone, wherever), so that new sessions can authenticate against the running session (cross-signing, | ||
* have access to your recovery passphrase (that you should create when you first log in) to recover your encryption keys when you log into a new session and have no other running sessions to authenticate against. | * have access to your recovery passphrase (that you should create when you first log in) to recover your encryption keys when you log into a new session and have no other running sessions to authenticate against. | ||
- | If either of this is the case, you will keep access to your old encrypted | + | This means, that if you do have encrypted messages, e.g. in a direct chat, and you were only logged into one session, e.g. only in the web client, and you don't have a Security Phrase or Security Key set up, i.e. you log out and decline to set one up, when asked, you will lose access to those messages. |
+ | |||
+ | This may sound difficult, but it's not. Read on for what you need to do. | ||
==== Setting up encryption for the first time ==== | ==== Setting up encryption for the first time ==== | ||
- | When you log in to Element, it will ask you to set up encryption recovery. This step will make sure that you can share encrypted messages across all your devices and different sessions. If you do not wish to use encryption | + | When you haven' |
+ | |||
+ | Below the list of active sessions, you will find section //Secure Backup//, | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | Click on **Set up** to start. You will be shown this menu | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | By default the upper point (//Generate a Security Key//) is selected, but it's better to choose //Enter a Security Phrase//. What's the difference? | ||
+ | |||
+ | * A //Security Key// is a long random key, that you probably won't be able to memorise. It's purpose is to be stored somewhere safe, e.g. in a password manager like KeePassXC. | ||
+ | * A //Security Phrase// is that: a phrase, something that you will (hopefully) be able to remember, because you choose it, e.g. by a [[https:// | ||
+ | |||
+ | Also, when you generate a Security Phrase, you will be offered to generate a Security Key as well. So why not get both for the price of one? | ||
+ | |||
+ | Once you click **Continue** you can enter your passphrase | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | which you then need to confirm | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | Afterwards you will be offered to also get your Security Key | ||
+ | |||
+ | {{ : | ||
- | To setup encryption recovery | + | And to finish the setup, you need to confirm everything with your //ZEDAT password// |
- | {{ : | + | {{ : |
- | **Optional** By default | + | After you're done with you can have a look at the settings again, where it will look like this if you were successful. |
- | Additionally you can download a recovery key, which you can use if you forget or loose the passphrase. | + | {{ : |
- | {{ : | + | This is also where you can start over - via the **Reset** button - if you forget your Security Phrase and/or lose your Security Key, but still have access to your session, because you never log out. |
==== Verifying a session ==== | ==== Verifying a session ==== | ||
Line 46: | Line 75: | ||
=== Verifying a Sessin using a Security Phrase === | === Verifying a Sessin using a Security Phrase === | ||
- | This is conceptually the easiest so, we'll discuss it first. Click **Use Security Key or Phrase** and in the screen that opens enter either your *Security Phrase* or your *Security Key*. | + | This is conceptually the easiest so, we'll discuss it first. Click **Use Security Key or Phrase** and in the screen that opens enter either your //Security Phrase// or your //Security Key//. |
{{ : | {{ : | ||
Line 56: | Line 85: | ||
=== Verifying a Sessin using a Security Phrase === | === Verifying a Sessin using a Security Phrase === | ||
- | If you are logged into another session, e.g. on your phone, it's easiest to click **Use another login**. There are multiple ways how this is handled, which depends on where the other session is running, e.g. Element on phones will allow you to do this via scanning a QR code. All methods do require, though, that you have the device where the other session is running on *at hand* otherwise the whole process will block waiting for you to do something on the other device, which is hard to do, if it's far away. | + | If you are logged into another session, e.g. on your phone, it's easiest to click **Use another login**. There are multiple ways how this is handled, which depends on where the other session is running, e.g. Element on phones will allow you to do this via scanning a QR code. All methods do require, though, that you have the device where the other session is running on //at hand// otherwise the whole process will block waiting for you to do something on the other device, which is hard to do, if it's far away. |
One method that is always available is comparing emoji shown on both devices. First you will be asked on the device with an already authenticated session whether the new session is you and whether you want to authenticate it. | One method that is always available is comparing emoji shown on both devices. First you will be asked on the device with an already authenticated session whether the new session is you and whether you want to authenticate it. | ||
Line 156: | Line 185: | ||
{{ : | {{ : | ||
- | on the verification dialog after login and instead of entering your security phrase or key, which you've lost, click the **Reset all** link on the bottom, next to *Forgotten or lost all recovery methods?* | + | on the verification dialog after login and instead of entering your security phrase or key, which you've lost, click the **Reset all** link on the bottom, next to //Forgotten or lost all recovery methods?// |
You will then be asked to confirm | You will then be asked to confirm |
services/matrix/encryption.txt · Last modified: 2021/11/29 16:24 by behrmj87