Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clients should be trusted to write to online megolm backups if they own the priv half of the backup key. #7399

Closed
ara4n opened this issue Sep 27, 2018 · 2 comments
Labels
A-E2EE A-E2EE-Key-Backup P1 S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect

Comments

@ara4n
Copy link
Member

ara4n commented Sep 27, 2018

In the current implementation we only trust an online megolm backup as a valid destination for our megolm keys if we have verified the device who signed the backup's pubkey when it was created.

This is problematic if we're logging into a new device and restore the backup by providing our recovery key, because by definition we won't have access to other devices for crossverification (otherwise we'd be accessing the backup via crossverification rather than providing the recovery key).

So instead we need a different mechanism to decide whether we should write our keys into the backup and ensure it wasn't created by a malicious server admin.

Proposal is that we should take our copy of the recovery privkey, generate the pubkey from it via Curve25519, and then do a binary comparison with the pubkey which the server is advertising for the backup before letting the user trust the backup for storing keys. This code doesn't exist yet, and needs to be written.

@uhoreg, does this seem correct? ^

[sidenote @lampholder: n.b. that is completely independent of the question of whether the private key is provided directly by the user from their sock, or whether the user downloaded an encrypted copy of their privkey from the server and decrypted it via their passphrase.... other than by implementing this correctly, it should be very unusual for users to start new backups, unless they are deliberately rotating their recovery key every N days, in which case they'll have to deal with the faff of maintaining the sock-copy of the private key themselves if they're not storing it on the server, but that's entirely the user's problem.]

@uhoreg
Copy link
Member

uhoreg commented Sep 27, 2018

Yup, that seems correct.

@lampholder lampholder added T-Defect P1 S-Major Severely degrades major functionality or product features, with no satisfactory workaround A-E2EE labels Sep 27, 2018
@uhoreg
Copy link
Member

uhoreg commented May 16, 2019

This seems to have been implemented.

@uhoreg uhoreg closed this as completed May 16, 2019
su-ex added a commit to SchildiChat/element-web that referenced this issue Jan 17, 2022
* Add permission dropdown for sending reactions ([\element-hq#7492](matrix-org/matrix-react-sdk#7492)). Fixes element-hq#20450.
* Ship maximised widgets and remove feature flag ([\element-hq#7509](matrix-org/matrix-react-sdk#7509)).
* Properly maintain aspect ratio of inline images ([\element-hq#7503](matrix-org/matrix-react-sdk#7503)).
* Add zoom buttons to the location view ([\element-hq#7482](matrix-org/matrix-react-sdk#7482)).
* Remove bubble from around location events ([\element-hq#7459](matrix-org/matrix-react-sdk#7459)). Fixes element-hq#20323.
* Disable "Publish this room" option in invite only rooms ([\element-hq#7441](matrix-org/matrix-react-sdk#7441)). Fixes element-hq#6596. Contributed by @aaronraimist.
* Give secret key field an `id` ([\element-hq#7489](matrix-org/matrix-react-sdk#7489)). Fixes element-hq#20390. Contributed by @SimonBrandner.
* Display a tooltip when you hover over a location ([\element-hq#7472](matrix-org/matrix-react-sdk#7472)).
* Open map in a dialog when it is clicked ([\element-hq#7465](matrix-org/matrix-react-sdk#7465)).
* a11y - wrap notification level radios in fieldsets ([\element-hq#7471](matrix-org/matrix-react-sdk#7471)).
* Wrap inputs in fieldsets in Space visibility settings ([\element-hq#7350](matrix-org/matrix-react-sdk#7350)).
* History based navigation with new right panel store ([\element-hq#7398](matrix-org/matrix-react-sdk#7398)). Fixes element-hq#19686 element-hq#19660 and element-hq#19634.
* Associate room alias warning with public option in settings ([\element-hq#7430](matrix-org/matrix-react-sdk#7430)).
* Disable quick reactions button when no permissions ([\element-hq#7412](matrix-org/matrix-react-sdk#7412)). Fixes element-hq#20270.
* Allow opening a map view in OpenStreetMap ([\element-hq#7428](matrix-org/matrix-react-sdk#7428)).
* Display the user's avatar when they shared their location ([\element-hq#7424](matrix-org/matrix-react-sdk#7424)).
* Remove the Forward and Share buttons for location messages only ([\element-hq#7423](matrix-org/matrix-react-sdk#7423)).
* Add configuration to disable relative date markers in timeline ([\element-hq#7405](matrix-org/matrix-react-sdk#7405)).
* Space preferences for whether or not you see DMs in a Space ([\element-hq#7250](matrix-org/matrix-react-sdk#7250)). Fixes element-hq#19529 and element-hq#19955.
* Have LocalEchoWrapper emit updates so the app can react faster ([\#7358](matrix-org/matrix-react-sdk#7358)). Fixes element-hq#19749.
* Use semantic heading on dialog component ([\element-hq#7383](matrix-org/matrix-react-sdk#7383)).
* Add `/jumptodate` slash command ([\element-hq#7372](matrix-org/matrix-react-sdk#7372)). Fixes element-hq#7677.
* Update room context menu copy ([\element-hq#7361](matrix-org/matrix-react-sdk#7361)). Fixes element-hq#20133.
* Use lazy rendering in the AddExistingToSpaceDialog ([\element-hq#7369](matrix-org/matrix-react-sdk#7369)). Fixes element-hq#18784.
* Tweak FacePile tooltip to include whether or not you are included ([\element-hq#7367](matrix-org/matrix-react-sdk#7367)). Fixes element-hq#17278.
* Ensure group audio-only calls don't switch on the webcam on join ([\element-hq#20234](element-hq#20234)). Fixes element-hq#20212.
* Fix wrongly wrapping code blocks, breaking line numbers ([\element-hq#7507](matrix-org/matrix-react-sdk#7507)). Fixes element-hq#20316.
* Set header buttons to no phase when right panel is closed ([\element-hq#7506](matrix-org/matrix-react-sdk#7506)).
* Fix active Jitsi calls (and other active widgets) not being visible on screen, by showing them in PiP if they are not visible in any other container ([\element-hq#7435](matrix-org/matrix-react-sdk#7435)). Fixes element-hq#15169 and element-hq#20275.
* Fix layout of message bubble preview in settings ([\element-hq#7497](matrix-org/matrix-react-sdk#7497)).
* Prevent mutations of js-sdk owned objects as it breaks accountData ([\element-hq#7504](matrix-org/matrix-react-sdk#7504)). Fixes matrix-org/element-web-rageshakes#7822.
* fallback properly with pluralized strings ([\element-hq#7495](matrix-org/matrix-react-sdk#7495)). Fixes element-hq#20455.
* Consider continuations when resolving whether a tile is last in section ([\element-hq#7461](matrix-org/matrix-react-sdk#7461)). Fixes element-hq#20368 and element-hq#20369.
* Fix read receipts and sent indicators for bubble layout ([\element-hq#7460](matrix-org/matrix-react-sdk#7460)). Fixes element-hq#18298 and element-hq#20345.
* null-guard dataset mxTheme to prevent html exports from exploding ([\element-hq#7493](matrix-org/matrix-react-sdk#7493)). Fixes element-hq#20453.
* Fix avatar container overlapping give feedback cta ([\element-hq#7491](matrix-org/matrix-react-sdk#7491)). Fixes matrix-org/element-web-rageshakes#7987.
* Fix jump to bottom button working when on a permalink ([\element-hq#7494](matrix-org/matrix-react-sdk#7494)). Fixes element-hq#19813.
* Remove the Description from the location picker ([\element-hq#7485](matrix-org/matrix-react-sdk#7485)).
* Fix look of the untrusted device dialog ([\#7487](matrix-org/matrix-react-sdk#7487)). Fixes element-hq#20447. Contributed by @SimonBrandner.
* Hide maximise button in the sticker picker  ([\element-hq#7488](matrix-org/matrix-react-sdk#7488)). Fixes element-hq#20443. Contributed by @SimonBrandner.
* Fix space ordering to match newer spec ([\element-hq#7481](matrix-org/matrix-react-sdk#7481)).
* Fix typing notification colors ([\element-hq#7490](matrix-org/matrix-react-sdk#7490)). Fixes element-hq#20144. Contributed by @SimonBrandner.
* fix fallback for pluralized strings ([\element-hq#7480](matrix-org/matrix-react-sdk#7480)). Fixes element-hq#20426.
* Fix right panel soft crashes chat rooms ([\element-hq#7479](matrix-org/matrix-react-sdk#7479)). Fixes element-hq#20433.
* update yarn.lock and i18n ([\element-hq#7476](matrix-org/matrix-react-sdk#7476)). Fixes element-hq#20426 and element-hq#20423.
* Don't send typing notification when restoring composer draft ([\element-hq#7477](matrix-org/matrix-react-sdk#7477)). Fixes element-hq#20424.
* Fix room joining spinner being incorrect if you change room mid-join ([\element-hq#7473](matrix-org/matrix-react-sdk#7473)).
* Only return the approved widget capabilities instead of accepting all requested capabilities ([\element-hq#7454](matrix-org/matrix-react-sdk#7454)). Contributed by @dhenneke.
* Fix quoting messages from the search view ([\element-hq#7466](matrix-org/matrix-react-sdk#7466)). Fixes element-hq#20353.
* Attribute fallback i18n strings with lang attribute ([\element-hq#7323](matrix-org/matrix-react-sdk#7323)).
* Fix spotlight cmd-k wrongly expanding left panel ([\element-hq#7463](matrix-org/matrix-react-sdk#7463)). Fixes element-hq#20399.
* Fix room_id check when adding user widgets ([\element-hq#7448](matrix-org/matrix-react-sdk#7448)). Fixes element-hq#19382. Contributed by @bink.
* Add new line in settings label ([\element-hq#7451](matrix-org/matrix-react-sdk#7451)). Fixes element-hq#20365.
* Fix handling incoming redactions in EventIndex ([\element-hq#7443](matrix-org/matrix-react-sdk#7443)). Fixes element-hq#19326.
* Fix room alias address isn't checked for validity before being shown as added ([\element-hq#7107](matrix-org/matrix-react-sdk#7107)). Fixes element-hq#19609. Contributed by @Palid.
* Call view accessibility fixes ([\element-hq#7439](matrix-org/matrix-react-sdk#7439)). Fixes element-hq#18516.
* Fix offscreen canvas breaking with split-brained firefox support ([\element-hq#7440](matrix-org/matrix-react-sdk#7440)).
* Removed red shield in forwarding preview. ([\element-hq#7447](matrix-org/matrix-react-sdk#7447)). Contributed by @ankur12-1610.
* Wrap status message ([\element-hq#7325](matrix-org/matrix-react-sdk#7325)). Fixes element-hq#20092. Contributed by @SimonBrandner.
* Move hideSender logic into state so it causes re-render ([\element-hq#7413](matrix-org/matrix-react-sdk#7413)). Fixes element-hq#18448.
* Fix dialpad positioning ([\element-hq#7446](matrix-org/matrix-react-sdk#7446)). Fixes element-hq#20175. Contributed by @SimonBrandner.
* Hide non-functional list options on Suggested sublist ([\element-hq#7410](matrix-org/matrix-react-sdk#7410)). Fixes element-hq#20252.
* Fix width overflow in mini composer overflow menu ([\element-hq#7411](matrix-org/matrix-react-sdk#7411)). Fixes element-hq#20263.
* Fix being wrongly sent to Home space when creating/joining/leaving rooms ([\element-hq#7418](matrix-org/matrix-react-sdk#7418)). Fixes matrix-org/element-web-rageshakes#7331 element-hq#20246 and element-hq#20240.
* Fix HTML Export where the data-mx-theme is `Light` not `light` ([\element-hq#7415](matrix-org/matrix-react-sdk#7415)).
* Don't disable username/password fields whilst doing wk-lookup ([\element-hq#7438](matrix-org/matrix-react-sdk#7438)). Fixes element-hq#20121.
* Prevent keyboard propagation out of context menus ([\element-hq#7437](matrix-org/matrix-react-sdk#7437)). Fixes element-hq#20317.
* Fix nulls leaking into geo urls ([\element-hq#7433](matrix-org/matrix-react-sdk#7433)).
* Fix zIndex of peristent apps in miniMode ([\element-hq#7429](matrix-org/matrix-react-sdk#7429)).
* Space panel should watch spaces for space name changes ([\element-hq#7432](matrix-org/matrix-react-sdk#7432)).
* Fix list formatting alternating on edit ([\element-hq#7422](matrix-org/matrix-react-sdk#7422)). Fixes element-hq#20073. Contributed by @renancleyson-dev.
* Don't show `Testing small changes` without UIFeature.Feedback ([\element-hq#7427](matrix-org/matrix-react-sdk#7427)). Fixes element-hq#20298.
* Fix invisible toggle space panel button ([\element-hq#7426](matrix-org/matrix-react-sdk#7426)). Fixes element-hq#20279.
* Fix legacy breadcrumbs wrongly showing up ([\element-hq#7425](matrix-org/matrix-react-sdk#7425)).
* Space Panel use SettingsStore instead of SpaceStore as source of truth ([\element-hq#7404](matrix-org/matrix-react-sdk#7404)). Fixes element-hq#20250.
* Fix inline code block nowrap issue ([\element-hq#7406](matrix-org/matrix-react-sdk#7406)).
* Fix notification badge for All Rooms space ([\element-hq#7401](matrix-org/matrix-react-sdk#7401)). Fixes element-hq#20229.
* Show error if could not load space hierarchy ([\element-hq#7399](matrix-org/matrix-react-sdk#7399)). Fixes element-hq#20221.
* Increase gap between ELS and the subsequent event to prevent overlap ([\element-hq#7391](matrix-org/matrix-react-sdk#7391)). Fixes element-hq#18319.
* Fix list of members in space preview ([\element-hq#7356](matrix-org/matrix-react-sdk#7356)). Fixes element-hq#19781.
* Fix sizing of e2e shield in bubble layout ([\element-hq#7394](matrix-org/matrix-react-sdk#7394)). Fixes element-hq#19090.
* Fix bubble radius wrong when followed by a state event from same user ([\element-hq#7393](matrix-org/matrix-react-sdk#7393)). Fixes element-hq#18982.
* Fix alignment between ELS and Events in bubble layout ([\element-hq#7392](matrix-org/matrix-react-sdk#7392)). Fixes element-hq#19652 and element-hq#19057.
* Don't include the accuracy parameter in location events if accuracy could not be determined. ([\element-hq#7375](matrix-org/matrix-react-sdk#7375)).
* Make compact layout only apply to Modern layout ([\element-hq#7382](matrix-org/matrix-react-sdk#7382)). Fixes element-hq#18412.
* Pin qrcode to fix e2e verification bug ([\element-hq#7378](matrix-org/matrix-react-sdk#7378)). Fixes element-hq#20188.
* Add internationalisation to progress strings in room export dialog ([\element-hq#7385](matrix-org/matrix-react-sdk#7385)). Fixes element-hq#20208.
* Prevent escape to cancel edit from also scrolling to bottom ([\element-hq#7380](matrix-org/matrix-react-sdk#7380)). Fixes element-hq#20182.
* Fix narrow mode composer buttons for polls labs ([\element-hq#7386](matrix-org/matrix-react-sdk#7386)). Fixes element-hq#20067.
* Fix useUserStatusMessage exploding on unknown user ([\element-hq#7365](matrix-org/matrix-react-sdk#7365)).
* Fix room join spinner in room list header ([\element-hq#7364](matrix-org/matrix-react-sdk#7364)). Fixes element-hq#20139.
* Fix room search sometimes not opening spotlight ([\element-hq#7363](matrix-org/matrix-react-sdk#7363)). Fixes matrix-org/element-web-rageshakes#7288.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-E2EE A-E2EE-Key-Backup P1 S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect
Projects
None yet
Development

No branches or pull requests

3 participants