-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable To Decrypt meta issue #245
Comments
Interesting related blog post https://blog.neko.dev/posts/unable-to-decrypt-matrix.html |
@BillCarsonFr Wow what a great write-up you found at https://blog.neko.dev/posts/unable-to-decrypt-matrix.html Please correct me if I'm wrong, but having looked at that, it seems that just about all of those errors could be resolved via wizard/options provided to the user by the client which could try to resend encryption key with help of server or to even create a new one for the channel/room. I don't see any 'technical' issue/blocker other than currently missing functionality client-side to prompt user for permission to, with the help of in-between server, do what's necessary to fix room encryption/decryption. If there's a 'security' issue with properly re-identifying the correct user, for example to re-provide keys to the other user while they've gone offline so they can pick them up from server when they are online again, can't we have a simple "challenge/response" ie question/answer to "pick-up" the keys? (I'm trying to avoid creation of a "new" room/channel and instead fix one already created but giving errors of unable to decrypt. The sender's device has not sent us the keys for this message.) It seems the reason certain steps aren't by default taken to automatically fix such issues, is that it could be a security risk in certain situations. But if the "creator" of a room gives needed permission, it seems in a sense trivial to resolve such decryption/key errors etc. Or am I wrong and missed something? And to the author of: |
FTR, there used to be such UI, but it was prone to social attack and annoying in the UI. |
@BillCarsonFr Ah ok guess I'm relatively new so didn't know of the older UI. Personally, I'd be ok with the "social attack" risks and UI annoyance versus the embarrassment of inviting users to my new chat and getting decryption errors. My concern was that it may be impossible to fix the root for all cases of decryption issues, especially if some are due to security measures which may need to be over-ridden by user consent in order to fix, which brings us back to that UI annoyance. But regardless, it's great to hear the underlying sdk is being improved to hopefully eliminate or greatly reduce these issues. I had heard of rust in conduit (I run go-dendrite) but didn't know Kotlin SDK is being all redone in rust, is that right? Anyway, thanks again to everyone working on this! (I look forward to some beta-testing with the new sdk when its ready for that.) |
The link to send debug logs does not appear on Element Web on my server. Did this UI change, or is there some option that an admin needs to enable to get that to show up? |
@anon8675309 your config.json must have the URL to send debug logs to, like the example /~https://github.com/vector-im/element-web/blob/develop/config.sample.json#L25 |
Can you confirm that this is still the case? I have the bug_report_endpoint_url entry from the sample and the link to send debug logs does not appear. If it's working as expected for you, I'll set up a new server and open a new ticket with the minimal steps to reproduce. (I searched for a report of this issue and didn't find anything, but I'll do so again before opening a new issue). |
Was able to send feedback from Element desktop... and have this issue with one single user on my home server, both users on the same server. Upgraded the room to version 10 and got the error again after not even 10 messages |
Hi there, I have been encountering this problem a lot recently. I've already sent logs from element-web and element-android as the person who received encrypted messages that cannot be decrypted, but I could not yet send logs as somehow sending such problematic messages. Question: when this situation happens in a matrix room, where a given user ends up only sending messages that cannot be decrypted by other room members, is there any (even intricate) known workaround? The only "workaround" I used so far was to upgrade the room to a newer room version, which solves the issue by creating a new room, but I can't really call this a proper solution… and right now I have this problem on a room that is already using version 10… |
@Ezwen I've found that asking sender of messages to run |
Does matrix-org/matrix-js-sdk#454 already "implement" solution for: #647 ? Are we able now to send decryption keys to whomever we wish? |
@jittygitty yes but Rust Crypto does not support that and that is what Element uses, so the js-sdk PR is unrelated |
@t3chguy That's good news, so I guess if I wanted to make use of this feature, I would have to install the "Web" version client of element chat on my webserver? (I currently run Dendrite already, but with mobile and Desktop clients only.) Or is there another client app that uses js-sdk? (Element Desktop does not use it?) Or will rust crypto gain it soon? I use another account on 'matrix.org' using desktop+mobile, for that acct. we can simply login at chat.element.io and if I'm logged in via my other devices, I can send keys to my web chat.element.io and resend to friend who lost his? thx |
Element Desktop = Element Web + Electron. Element Web only supports Rust Crypto at this time. As for other matrix-js-sdk consumers I suggest finding a place discussing Matrix rather than Element specifically. |
Apologies, indeed, seems I'm confused as to what matrix SDK is used by what "client", and I had not noticed the matrix-org/matrix-js-sdk#454 was outside of element-hq repositories. So, I guess you are saying that likely none of the clients under /~https://github.com/element-hq are able to leverage that matrix-js-sdk pull 454? Is there a place I can find all such pertinent information on the various clients available? If anyone can point me in the right direction with a link would be appreciated. Otherwise, I'll try some search engine lookups to dig for such info. thx |
It seems Cinny uses the matrix-js-sdk, and maybe there are more, but I havent found another client that does. |
Another round-up of recent updates. (Most of these have already been reported in TWIM, but I think it's handy to have a record here too.)
A reminder that we're still at war with this issue, and it's incredibly helpful for people to send debug logs when they come across UTD errors. That said, our analytics show that we are starting to make progress here: |
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
I realised we're overdue for an update of recent work done in this area. First, some graphs of UTD rates, according to our metrics:
We changed how the metrics were calculated back in August, to allow breakdown between EX and classic mobile clients. As you can see, there was a big drop back in June, and rates have been relatively static at 1-5% of users (depending on client) since then. Focus recently has been on analysing reports to see where the most important areas for fixes are. #2356 is the most frequent root cause, so we're going to prioritise a fix for that. Meanwhile we did fix a few problems:
There are a few new causes in the list above, but I won't enumerate them here, as they are still under investigation and haven't been seen in many cases. |
Hello, just checking in if this has a clear RCA yet? |
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
I recommend re-reading the description at the top. At the last count, there are eighty-six different causes, many of which have been fixed.
Great! I assume you sent logs from within the application (as, again, the description requests), so that we can debug it? |
Yep all were uploaded. And yes I did read and re-read again as you asked. |
Unable to decrypt Epic Issue
Meta issue relating to all "Unable to Decrypt" problems, a.k.a "Waiting for this message, this may take a while".
[A decryption failure normally manifests when the recipient doesn't receive the keys for a particular encryption session; hence the acronym UISI: "Unknown inbound session ID". Nowadays the acronym UTD (unable to decrypt) is generally preferred.]
Needed information to resolve a reported issue
Reports from users are hugely helpful in identifying and prioritising the causes of Unable to Decrypt errors.
In order to properly debug an Unable To Decrypt error, we need logs from the receiver of the message (the one seeing the issue) and those from the sender. We can't debug issues without logs from both sides. Instructions on sending problem reports (aka "rageshakes") from within various clients are below.
In your problem report, please use the word "decrypt" or "UTD", and identify which event you can't read. Either include the event ID, or something like
message from @dave:example.com at 10:10
. For example, you might writeUTD $173031096849423vSpOu:matrix.org
.On the sender side, the description is less important: just write "Bob can't decrypt me" or something.
If you'd like us to feed back to you on why you can't decrypt a message, open an issue in the Github project for your client, and mention the issue in your problem report.
Sending a rageshake from Element Web:
Send logs
button.(Protip: although the dialog tells you you need to create a github issue, that is only necessary if you want us to feed back to you about what went wrong.)
Alternatively:
/rageshake <description>
, where<description>
is as above.Send logs
button.Sending a rageshake from Element X:
How to send rageshake from (classic) Element Android:
Report Bug
.How to send rageshake from (classic) element iOS:
Feedback
button at the bottom.Causes of Unable to Decrypt errors
🟢: We believe that this will be fixed with Element R
🕛: Affects a feature which is not yet supported in Element R
We categorize the main sources of UISI errors as follow:
Client Issues
Sender Side
The sender failed to send the keys. There’s no consistent retry logic on network error, so key sending is fragile. Queue and retry to-device msgs, so E2EE works in bad networks or with unreliable HS #673. Test: TestClientRetriesSendToDeviceMemberlist out of sync in fresh DM element-web#20962The keys may be sent slowly:batching ofm.room_key
to-device messages is suboptimal element-web#24680 Test: complement-crypto#34m.room_key_request
responses are prioritised above regularm.room_key
messages element-web#24681Sharing historical room keys on invite is slow and should prioritise recent messages Keyshare-on-invite should start with most-recently-used sessions element-web#23778We abandon claiming OTKs from remote servers after 10s, and never retry, permenantly breaking E2EE to users on those servers. element-web#24138Failures when sharing outbound session keys are swallowed element-web#23792Fallback keys are cycled too quickly matrix-org/matrix-rust-sdk#3127Receiver Side
incoming encrypted to-device messages can be lost when the application is restarted #762 Test: complement-crypto#37If you restart (e.g. upgrade) Element while it's waiting to process a m.room_key, it'll drop it and you'll get UISIs element-web#23113Rolling "Waiting for that message" bug (Last message always in UTD) element-android#5905 (No test since no specific testcase is known - closed because Rust is sufficiently different)Olm session seems to change in storage element-web#24450To-device messages may be lost if/keys/query
fails element-web#24682 Test: complement-crypto#38Device not receiving to-device messages element-x-android#2520Failed to decrypt Olm message withInvalidMAC(MacError)
element-ios#7479 (Cannot reproduce, so no test)Decryption failure caused one-time-key to be discarded element-ios#7480to-device messages can be processed out-of-order, causing dropped keys and decryption errors element-web#25723 Test: complement-crypto#35Element X iOS: Olm sessions can wedge when using multiple Clients (e.g with NSE process) matrix-org/matrix-rust-sdk#3110Server Issues
To-device messages can take a long time to get sent over federationTo-device messages delayed by_DestinationWakeupQueue
matrix-org/synapse#15161Synapse does not attempt to send events in the device outbox at startup synapse#16680To-device messages may get lost on the serverto_device message didn't get delivered matrix-org/synapse#9533to-device message went missing matrix-org/synapse#15335Running under sqlite, Synapse incorrectly populates the to-device messages current stream ID matrix-org/synapse#16681bugfix: correctly tell clients when the fallback key has been used matrix-org/sliding-sync#390Synapse drops received federated to-device messages if it cannot talk to worker processes synapse#17117/sync
and/members
do not return "current state" synapse#16940/sync
incorrectly calculates state changes for non-gappy syncs with lazy-loading synapse#17050Key Backups
Successful download from key backup, but 0 keys returned matrix-org/matrix-rust-sdk#3197Key backups: some backups have incorrect MAC causing UTDs on login #2338Key Backup | Dart SDK is creating invalid payload for session datasender_clencaimed_keys
famedly/matrix-dart-sdk#1739Protocol Issues
A client has been offline for too long and the senders have run out of one time keys. This will be addressed by the proposal to maintain fallback keys.Missing features
UX
Expected UTD
Some room history (pre-invite for example), should never be decryptable by you. This kind of history should probably be hidden or displayed differently.Expected UTDs: Hide device-relative historical UTDs #2313: New devices cannot decrypt existing history until they have access to key backupUser Config
The text was updated successfully, but these errors were encountered: