this post was submitted on 12 Sep 2023
7 points (76.9% liked)

Privacy

31975 readers
652 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I use Element as my Matrix client, but all of the Secure Backup and Cross-Signing buttons confuse me. Does anyone know the difference between pressing Reset instead of Delete Backup for the Secure Backup? Also, how does Cross-Signing share the same key with Secure Backup, or am I mixing something up?

top 1 comments
sorted by: hot top controversial new old
[–] [email protected] 6 points 1 year ago* (last edited 1 year ago)

Each message in the various rooms are encrypted individually with their own keys. These keys are derived from the session keys of the participants in each of the rooms. That's a lot of keys.

If you wish to read these encrypted messages across multiple devices you'll need to have the same keys on each of those devices ("sessions ") too.

One method to share the keys is for your sessions to "gossip" them between each other.

When you logout of a session, all its keys are deleted.

If you ever logged out of all your sessions at once, you'd lose access to all those keys and you'd never be able to decrypt your old messages again.

To mitigate that, you can create a key backup that is itself encrypted and stored on the server (Secure Backup). This allows you to download the stored keys from the server, restore them to your current device and rejoin the discussions again.

The Cross Signing process is the process used to authorise your new session and allows it to participate in the key-gossip function. By restoring the keys from the Secure Backup you're implicitly signing-in your device and blessing it all at once.

(... as far as I understand it all. Someone with more in-depth knowledge will correct me, I'm sure)