Unable to decrypt message, keys aren't getting transferred from other devices

[TellowKrinkle]

Steps to reproduce

1. Sign into your account on a new device
2. Verify the session from an already signed in device
3. Try to view encrypted messages on the new device
4. According to https://joinmatrix.org/guide/fix-decryption-error/, if you view the same messages on a device that has the keys, they will be transferred to the new device in a "few moments"

Outcome

What did you expect?

The messages will be decrypted in less than a minute

What happened instead?

Still shows unable to decrypt message after multiple minutes

Operating system

Fedora Linux

Browser information

Firefox 127.0

URL for webapp

app.element.io

Application version

Element version 1.11.69, Crypto version Rust SDK 0.7.0 (068a0af), Vodozemac 0.6.0

Homeserver

matrix.org

Will you send logs?

Yes

[kegsay]

This is due to the other client (not the new one) not having the m.megolm_backup.v1 secret, but it has the other 3 (SSK, USK, MSK).

Confusingly, functions which get access to the backup key are producing different results:

• this code produces a truthy response, but
• this code produces None.

[jblachly]

I recently signed in with a new web browser. My existing mobile element session is not sending keys.
In contrast to the message in tchapgouv/tchap-web-v4#904 (referenced above), I instead have the following info (in "view source") for all the undecryptable messages:

{
  "type": "m.room.message",
  "content": {
    "msgtype": "m.bad.encrypted",
    "body": "** Unable to decrypt: DecryptionError: This message was sent before this device logged in, and key backup is not working. **"
  }
}

[richvdh]

I don't really know what's going on with this issue. It describes a particular user's failure mode, but no attempt appears to be being made to investigate it. There's not much point keeping issues like this open forever, waiting to confuse other users who come across superficially-similar symptoms but completely different causes.

[knkski]

@richvdh I can reproduce the issue:

• Create an account on app.element.io
• Export a file named <username>-element-security-key.txt
• Log out of session, clear all cookies
• Log in again
• When prompted, enter contents of <username>-element-security-key.txt
• Look at message history, see only messages shown as Unable to decrypt message
• View source on the messages shows this:

  {
    "type": "m.room.message",
    "content": {
      "msgtype": "m.bad.encrypted",
      "body": "** Unable to decrypt: DecryptionError: This message was sent before this device logged in, and key backup is not working. **"
    }
  }
  

• Have no indication of what exactly is wrong or how to fix it

I don't have this on another account where I always have at least one device signed in and always use it to verify new devices. In the Security & Privacy settings, I see this:

Backup key stored:	in secret storage
Backup key cached:	cached locally, well formed
Secret storage public key:	in account data
Secret storage:	ready
Latest backup version on server:	1 (Algorithm: m.megolm_backup.v1.curve25519-aes-sha2)
Active backup version:	None
This backup can be restored on this session

It says "This session is not backing up your keys, but you do have an existing backup you can restore from and add to going forward.". When I click Connect this session to Key Backup, it says Successfully restored 10 keys, but nothing changes. I was able to "fix" the issue by resetting the backup key and losing all history before, which is not ideal.

Are there any diagnosing/debugging steps I can take to help fix the issue?

[richvdh]

@knkski please open a new issue describing your symptoms, and send debug logs from within the app

[knkski]

I had to follow the directions here #26530 (comment) to reset the "Secure Backup" functionality. I also went down to the "Cryptography" section of the "Security & Privacy" settings page and did "Export room E2E keys" and ended up with a key file and password for it.

Logging out and back in then showed all previous messages as unable to be decrypted. In "Security & Privacy" I saw "✅ This session is backing up your keys.". After I went back to the "Cryptography" sectionand did "Import E2E room keys", I was able to see old messages.

This is a very confusing process, full of footguns. I say this with love and wanting Element to succeed, and also as someone technically inclined. I doubt that my non-technical friends & family would be able to figure this process out.