Element-web: Version 0.15.2 and 0.15.3 of riot-web: Encryption not working any longer, earlier encrypted rooms become undecryptable

Can you fill in the rest of the fields in the bug report please? Most importantly, sent log files from both the sender and receiver.

I have same issue: now can't access messages at all on any device with 0.14 or 0.15.2 versions, both: desktop and web version in any browser. Terrible: now I can't read the room where I'm an administrator. I suggested people to use Riot now will be forced to close this room and create new one. Need to test better before release to public! Now it is totally unusable!

OS: Linux openSUSE
Browser: FF, Chrome

I did some more tests ....

Created a new Room with linux desktop app 0.15.2
Started e2e encryption and invited someone

Invite has been accepted and messages sent were signed with a green lock.
On side of the receiver every message is marked as

"* Unable to decrypt: The sender's device has not sent us the keys for this message. *
Verschlüsselungs-Schlüssel von deinen anderen Geräten erneut anfragen.?"

So the problem exists not only for earlier created e2e encrypted rooms but also for newly created ones.
Something must be broken by e2e encryption.

Opening the details of the encrypted room and clicking on the device list of a member offers "all deveices are accepted"

Rooms with no e2e are working as expected.

Somebody should tag this problem as bug or maybe critical before other users upgrade their desktop app and run into same desaster!

we have only heard about this from two people, and haven’t seen any logs to debug (please submit them via the Submit Logs button in User Settings), so we’re still trying to assess how bad the situation is.

Have you been trying to switch back and forth between 0.14 and 0.15 desktop apps?

(i'm going to delete the "why don't we completely change Matrix's encryption model" comments, as they're irrelevant and distracting to this bug - feel free to open a separate spec bug over at matrix-org/matrix-doc if you like)

Hi ara4n, as i've written above

"...@dbkr Log: How to extract the errorlogfile? I can't find the log under /var/log/... nor /opt/riot/.... please give me a hint ...."

But till now no hints where given ... so again please give me a hint, how can i find the logs you're looking for.

I want to see a preview of the logs i will send via riot before i sent them via internet
As riot desktop app "says" - Log will sent usernames, room-id, etc etc. that data i will check before spreading them .... comprehensible i think :-)

But you are right I will do anything that helps to find the bug :+1:

From the "New issue" template:

You can send us the app's logs via the 'Report bug'
link on the 'Settings' page. Very important for hard-to-reproduce bugs. Please
file a bug here too!

Log transmitted via link -> https://github.com/vector-im/riot-web/issues/6761

Have you been trying to switch back and forth between 0.14 and 0.15 desktop apps?

As I have mentioned above - yes, switched back to 0.14 - keys still lost, and in web version (I have not cleaned up cache, cookies or something) too for some reason. So it is lost everywhere and can't restore conversation. When switching back from 15 to 14 credentials are lost too: need to enter login, pass again.

You can send us the app's logs via the 'Report bug' link on the 'Settings' page.

I do not see any 'Report bug' link there. Is it exist in 0.14?

@akontsevich
if i'm right ...
in the riot desktop / web-app go to the settings (main settings) and scroll down until the E2E Encryption Keys export / import. Underneath that export / import buttons you should see another button for error reporting.
Insert the GitHub URL of this issue
-> https://github.com/vector-im/riot-web/issues/6761

and you should be able to send a logfile

What i dislike here is the fact, that a user can't preview it's logfile before (!) it is send
Not that kind of confidence base i prefer!

I have one log from this issue but I can't see anything in it that would cause problems. If anyone else is able to send logs, that would be great - see the issue template for how to do so. Logs from the sender side too would be ideal.

Edit: Also, don't switch between 0.14 and 0.15 desktop apps: chrome's database is not backwards compatible so you'll be logged out if you go back to 0.14.

in the riot desktop / web-app go to the settings (main settings) and scroll down until the E2E Encryption Keys export / import. Underneath that export / import buttons you should see another button for error reporting.

I do not have either in 0.14 or 0.15 desktop. Where are they located, how to get them and upload here manually. Also I see "Export room keys" button there. Where room keys are stored in Linux/Mac/Windows, how to load them manually? May be I can find them on this PC or another?

Just been chatting about this with PC-Admin in #riot:matrix.org. It looks like at some point the indexeddb data got deleted, resetting the device key. I don't yet know what caused this.

Logging out and logging back in again (a third time...) made things work again, so this is a workaround if you have keys from another device you can import and export

Logging out and logging back in again (a third time...) made things work again, so this is a workaround if you have keys from another device you can import and export

Where this keys are stored?! Path?! Linux/Mac/Windows? And what is passphrase - my password?

@akontsevich this one of the settings you seem to be missing somehow - I'd suggest dropping into #riot:matrix.org and someone can help figure out why you can't find these.

@dbkr You are developer? You do not know? :)

Let's keep this for actual discussion on the bug itself please, rather than help with finding settings.

strange answer to me...

@dbkr according to #riot:matrix.org history many users have this bug and unable to continue working with Riot. And people can't get desktop Riot to work. I can't web version as well. So think no help there.

Hmm... I found this text in desktop version when trying to relogin:

Sign out
For security, logging out will delete any end-to-end encryption keys from this browser. If you want to be able to decrypt your conversation history from future Riot sessions, please export your room keys for safe-keeping.

So seems after upgrading Riot signouts somehow and cleared all the keys. So I need always save all the keys from all rooms on every sign out? And watch for them manually all the time? What a stupid an inconvenient behaviour.

Just been chatting about this with PC-Admin in #riot:matrix.org. It looks like at some point the indexeddb data got deleted, resetting the device key. I don't yet know what caused this.

So, there is a bug, that could be reproduced? I think so ...

Logging out and logging back in again (a third time...) made things work again, so this is a workaround if you have keys from another device you can import and export

Wouldn't that cause a new device key? And does that mean, that in the e2e chat my logged out and re-logged in device become "unknown" with yellow breakdown triangle?
I would wait until there might be another solution...

Exporting the keys / room keys is not the problem!
One export for all rooms is doing the job well but for now a little bit annoying :-)

If i'm right only the Linux desktop app causes this problem? Under Windows i think everything stays decryptable. Behaviour as expected ...

Bad you've left 0.15.2 version in web - logged-in Windows now (web version) - same issue. I've shared keys with other devices but messages still encrypted. So it is broken everywhere.

Windows now (web version) - same issue. I've shared keys with other devices but messages still encrypted. So it is broken everywhere.

That are bad news! So i hope that the admins here could reproduce the bug as it is and mark this issue as "issue" so that others don't run into the same trap ....

I think we could say that we don't have an individual case.

@akontsevich you should be able to send a logfile (errorlog) from your Windows client maybe?
More infos could help the developers i hope....

@akontsevich you should be able to send a logfile (errorlog) from your Windows client maybe?

I've sent them from Windows machine - only web version have the button, so do not think it will help much.

I'm having what sounds like the same issue.

I'm in 2 E2E rooms, both 1:1, both with the same person, on Riot Web and Riot Android.

All messages in both rooms, whether they were from me on Riot Web, the other user on Riot Desktop (Windows), or either of us on Riot Android, began show as "unable to decrypt" in Riot Web for me, but continue to show normally for me on Riot Android (and presumably for the other user's clients). When I click "Re-request encryption keys" in my Riot Web, nothing happens.

I clicked my name in the member list on Riot Web and looked at devices: my mobile shows as verified, with correct device ID. I did the same in Riot Android, and my Riot Web shows as verified with the correct ID. All proper.

Clearing my cache in Riot Web did not affect it.

I sent a message from Riot Web, and here's its E2E info modal from Riot Web (where it was sent and has a 🔒 icon) and Riot Android (where it is displayed, but has a ⚠ icon instead):

I created a new E2E empty room via Riot Android and messages show as unable to decrypt on Riot Web.

I think bug somewhere in settings saving: I switched notifications off because of electron bug, on next start they are switched on as by default. Some other settings returned to default values as well.

Something else that may help: I'm using Firefox, and I haven't logged in with this session in any other browsers or in Electron.

Just been chatting about this with PC-Admin in #riot:matrix.org. It looks like at some point the indexeddb data got deleted, resetting the device key. I don't yet know what caused this.

It feels like we should close this as a duplicate of the more specific and clearer #6808.

People should be aware this is far from the only cause of "unable to decrypt" errors. #2996 is a more general bug which tries to keep track of the various reasons for it.