Element-web: Messages shown as unencrypted with red shield in encrypted room search UI
Description
Searching for messages in encrypted rooms (using the new encrypted room search functionality implemented via seshat), the results are shown as unencrypted with a red shield even though the original message was properly encrypted and verified. This happens because seshat reinjects the decrypted messages but the verified status of the message gets lost along the way.
Steps to reproduce
- Turn on encrypted room search in labs.
- Send a message to an encrypted room.
- Search for the message and observe the red shield.
Version information
- Platform: desktop
- OS: Arch Linux
- Version: develop (9e8358dc24c7beecf404cb8b9551b4d1f0ec2818), with matrix-js-sdk and matrix-react-sdk also on develop
dkasak
All 10 comments
Just so you know, you can upload images directly to GitHub issues so you don't have to worry about other services deleting them.
aaronraimist
on 16 Feb 2020
Just wanted to confirm I see this in v1.6 as well.
tredondo
on 7 May 2020
Me too, running the latest flatpak on Manjaro.
pwr22
on 8 May 2020
Not sure what the plan here is for bite-sized given as it looks, Seshat only stores the decrypted event so we lose the encryption information. Asking Synapse for each event by ID would be slow but possible I guess. Hiding the icons is bad because some of these messages might be from unverified devices and whatnot.
@jryans ideas?
t3chguy
on 13 May 2020
Not sure what the plan here is for
bite-sizedgiven as it looks, Seshat only stores the decrypted event so we lose the encryption information. Asking Synapse for each event by ID would be slow but possible I guess. Hiding the icons is bad because some of these messages might be from unverified devices and whatnot.
Hmm, my suggestion as a quick fix would be to hide the icons in search results for now. The trust status is based on dynamic info, so we can't save it in Seshat and it would also be expensive to check every message as you say, so I think for now we should bias towards removing the warning overload (which isn't even correct in this case) by hiding the icons.
I presume in many cases, people may click on a search result to view the message in context in the room, and then the correct status should be visible there.
jryans
on 21 May 2020
The trust status is based on dynamic info
Sure but if Seshat stored the deviceId of the [verified] sending session then we could check if we have trust for that session for rendering
t3chguy
on 21 May 2020
Sure but if Seshat stored the deviceId of the [verified] sending session then we could check if we have trust for that session for rendering
Ah okay, fair enough then. Let's summon @poljar to estimate the complexity of doing that.
jryans
on 21 May 2020
Seshat allows you to store arbitrary json, it only cares that the fields required to index an event (event id, sender, content...) are there. Any additional json fields are left as is, or if you will, json comes in, json comes out.
Not sure how to add that info without re-crawling a room though.
poljar
on 21 May 2020
Okay, sounds like we would like to additionally persist some bits of the encrypted event as well then, as in at least the device ID, and then somehow trigger all rooms to be re-indexed (as otherwise we'd only have that for some messages).
I'll remove bite-sized as the scope is larger than I guessed, but it would be good to work on this as part cross-signing release feedback over the next few weeks if possible.
jryans
on 21 May 2020
Note, we'd have to check that the signature is consistent with the device id the payload claims to be sent by and then we can just persist the now "verified" deviceId for checking later
t3chguy
on 22 May 2020
Related issues
n-o-o-b
路
3Comments
grahamperrin
路
3Comments
richvdh
路
3Comments
anoadragon453
路
3Comments
turt2live
路
3Comments
Most helpful comment
Just wanted to confirm I see this in v1.6 as well.