Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Matrix protocol key import & export from file feature #1785

Open
1 task done
jahway603 opened this issue May 2, 2024 · 12 comments
Open
1 task done

Add Matrix protocol key import & export from file feature #1785

jahway603 opened this issue May 2, 2024 · 12 comments
Labels
feature

Comments

@jahway603
Copy link

Preflight Checklist

  • I could not find a solution in the existing issues, docs, nor discussions

Describe your problem

This is a feature that is really required for anyone to have their own personal e2ee backup on their own devices and the keys each device contains.

Describe your ideal solution

This feature would be implemented in the matrix-dart-sdk

Version

N/A

Security requirements

N/A

Additional Context

Fluffychat Issue krille-chan/fluffychat#942 further explains this issue.
@jahway603 jahway603 mentioned this issue May 2, 2024
Open
@jahway603
Copy link
Author

@krille-chan have you see this issue yet?

@krille-chan
Copy link
Contributor

@krille-chan have you see this issue yet?

yes I did. Please stop pinging me for single issues :)

@jahway603
Copy link
Author

jahway603 commented Nov 19, 2024
edited
Loading

@krille-chan have you see this issue yet?

yes I did. Please stop pinging me for single issues :)

This is one of the most important issues for Matrix client interoperability. Me pinging you @krille-chan is due to this importance.

This Issue was opened on May 2, 2024 with no action taken and Issue krille-chan/fluffychat#942 was opened in March 2024 with no action taken either.

@krille-chan
Copy link
Contributor

I don't think it is that important in a world of online key backup with SSSS. In the future (Element x is already doing it) Clients won't be able to be used without connecting to the online key backup anyway and then the keys will be shared automatically. What benefit does an extra offline key backup export/import would have then?

@marcopenhacking
Copy link

I don't think it is that important in a world of online key backup with SSSS. In the future (Element x is already doing it) Clients won't be able to be used without connecting to the online key backup anyway and then the keys will be shared automatically. What benefit does an extra offline key backup export/import would have then?

Seems like a bad idea to me to give away the private key to some server, if I understood correctly. I hope this will not be the future for "Element X", "Fluffy Chat" or other clients. I support the problem description given by @jahway603:

This is a feature that is really required for anyone to have their own personal e2ee backup on their own devices and the keys each device contains.

@krille-chan
Copy link
Contributor

I don't think it is that important in a world of online key backup with SSSS. In the future (Element x is already doing it) Clients won't be able to be used without connecting to the online key backup anyway and then the keys will be shared automatically. What benefit does an extra offline key backup export/import would have then?

Seems like a bad idea to me to give away the private key to some server, if I understood correctly. I hope this will not be the future for "Element X", "Fluffy Chat" or other clients. I support the problem description given by @jahway603:

This is a feature that is really required for anyone to have their own personal e2ee backup on their own devices and the keys each device contains.

This is not the future but already the case since years for Element and FluffyChat and a lot of other clients. It is not a security concern at all as the keys are encrypted in the SSSS (https://matrix.org/docs/older/e2ee-cross-signing/) together with the cross signing keys.

@jahway603
Copy link
Author

I don't think it is that important in a world of online key backup with SSSS. In the future (Element x is already doing it) Clients won't be able to be used without connecting to the online key backup anyway and then the keys will be shared automatically. What benefit does an extra offline key backup export/import would have then?

The benefit of having an offline key backup export/import are

  1. So that users can store their keys offline if they so choose so.
  2. To be able to import/export keys not if but when the online key backup system is not working correctly.

I'm sure I could come up with more benefits. The online key backup system is funky & does not work efficiently.

@krille-chan
Copy link
Contributor

So that users can store their keys offline if they so choose so.

🤔 Well if we say that something is better just because it is offline, we should not use Matrix but traditional mails. 🫣 Just kidding. I can understand the desire to have different ways to do something. However, right now Matrix is (IMO) suffering from feature creep. In the spec, the SDKs, the servers and the clients we have much more features than the developers can maintain. The overall stability is in danger so I would really prefer to focus on one good way here to do the same thing.

To be able to import/export keys not if but when the online key backup system is not working correctly.

In this case we should fix the online key backup system instead IMO

@jahway603
Copy link
Author

So that users can store their keys offline if they so choose so.

🤔 Well if we say that something is better just because it is offline, we should not use Matrix but traditional mails. 🫣 Just kidding. I can understand the desire to have different ways to do something. However, right now Matrix is (IMO) suffering from feature creep. In the spec, the SDKs, the servers and the clients we have much more features than the developers can maintain. The overall stability is in danger so I would really prefer to focus on one good way here to do the same thing.

I appreciate your humor, but some of us actually DO use traditional mail as a security feature & that is not what this issue and Issue krille-chan/fluffychat#942 are reporting as Issues.

In the "early days" of using the Matrix protocol, in 2017-2018, exporting and importing room keys was the ONLY method available to see all messages on every Matrix client session, so you had to do this between all of them.

Fast forward to today, where this online key backup system is never working correctly, and I STILL USE the above 2017-2018 method because it ALWAYS WORKS. FluffyChat is the ONLY client which I am prohibited from using this method as it has not yet been implemented.

Please understand that just because you're not using this feature does not mean that it is not important to others. Again, I will state that this is one of the most important issues for Matrix client interoperability.

@jahway603
Copy link
Author

@krille-chan I just thought of yet another use case for adding the Matrix protocol key import & export from file feature into matrix-dart-sdk and ultimately into FluffyChat (Issue krille-chan/fluffychat#942):

A user can export their room keys to an Offline File before a server they are using is Permanently Shutdown. Then after they create a new account on a totally different server, then can import that Offline File and when they re-join the rooms they were in, they will see all of the encrypted messages that they had Offline keys saved for. This use case will NEVER be able to use the "online key backup with SSSS" functionality...

I know this is a valid use case as I have personally done this in the past before privacytools.io shut down their Matrix server for good.
What do you think @marcopenhacking ?

@krille-chan
Copy link
Contributor

@jahway603 Thanks for your explanation. Yes this sounds like a valid use case to me then. I've thought about it and actually this feature should not be that complex. Also we could think about if this feature could even replace the current "import/export session" feature that we have as this violates the rule of never exporting private keys anyway. When migrating to a new device, we actually should logout and login again and fetch a new device ID with new keys while exporting and importing the megolm sessions makes much more sense. I will bring this up to my team and ask for more opinions on this.

@marcopenhacking
Copy link

Maybe this is helpful for discussions https://element.io/help:

We give users full control over which of their keys, if any, leave their device. The table below summarises the different scenarios in terms of usability and confidentiality. Note that no keys ever leave your device unencrypted.
..

  • Key Storage: Off
  • Recovery Key: Not available
  • Confidentiality: No keys leave the device
  • Usability & Availability: Not possible to decrypt message history on new devices. Not possible to decrypt message history or retain identity when access to all devices is lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@marcopenhacking @krille-chan @jahway603