Save the key backup key to secret storage

When setting up secret storage, if we have a key backup key in cache (like we do for the cross signing secrets).
matrix-org · Nov 22, 2024 · 332f9ca · 332f9ca
1 parent 336797e
commit 332f9ca
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/src/rust-crypto/rust-crypto.ts b/src/rust-crypto/rust-crypto.ts
@@ -841,6 +841,20 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, CryptoEventH
             await this.secretStorage.store("m.cross_signing.self_signing", crossSigningPrivateKeys.self_signing_key);
         }
 
+        // likewise with the key backup key: if we have one, store it in secret storage (if it's not already there)
+        // also don't bother storing it if we're about to set up a new backup
+        if (!setupNewKeyBackup) {
+            const keyBackupKey = await this.getSessionBackupPrivateKey();
+
+            const keyBackupKeyInStorage = await secretStorageCanAccessSecrets(this.secretStorage, [
+                "m.megolm_backup.v1",
+            ]);
+
+            if (keyBackupKey && !keyBackupKeyInStorage) {
+                await this.secretStorage.store("m.megolm_backup.v1", encodeBase64(keyBackupKey));
+            }
+        }
+
         if (setupNewKeyBackup) {
             await this.resetKeyBackup();
         }