Encrypted by an unverified device while all devices are verified #11910
Comments
|
Can confirm. No server, all clients: Counterpart only has 1 Riot on Mobile, verified on Linux Desktop & Mobile by new (emoji) verification, verified on MacOS 1 day later by "Legacy verification", just comparing device IDs / keys. Counterpart chat shows as verified on Linux & Mobile, but not on MacOS. --> It appears the warning message is triggered by the other party not having verified my device. |
|
Are you using Riot develop or a custom Riot with labs flags enabled? |
|
I do not know what the two mean - so I guess the former. I use the riot that is available through debian repositories, and on the phone the one from F-Droid. Additional info to the bug: When I got back to the Linux Desktop, after having the bug on MacOS & accepting by legacy verification, the Linux Desktop showed a warning icon in the top of the chat saying that my counterpart had a non-verified device, when actually that device still showed as verified. However, my MacOS device showed as unverified to my Linux (I could swear I had verified it before) and verifying that cleared the warning message... Weird... |
|
Okay, that sounds like you are using stable releases on desktop and Android. |
|
What version of Synapse is being used here? The soon-to-be-released cross-signing work will change a lot of this UX (for example, you'll verify users instead of devices, messages aren't marked individually for warning like this), but still it would be good to isolate what going wrong here. |
jryans
added
the
X-Needs-Info
|
I'm experiencing this with the desktop client hosted on riot.im connected to my home server running Edit I went into User -> Settings -> Security & Privacy and deleted all of my devices except the two that are currently logged in. Now I just have 1 browser and 1 mobile device showing, both verified and new messages show without the warning (though old messages still do, which is probably expected). At least for me, I think maybe there's no bug and just user confusion... the new cross-signing system sounds great. |
|
I, too, experience sometimes these "unverified sessions" although all devices are verified. Using riot 1.5.12 and synapse 1.12.0.
|
|
Same here, running the Electron app extracted from the DEB package on openSUSE Tumbleweed. When opening the same chat in the web app this error doesn't appear. For Googlers, the message says exactly: Encrypted by an unverified session |
|
I'm experiencing the same issue. For the second time now. One of my friends appears to have unverified session even though we've verified each other (multiple times now). Only he appears unverified to me, I appear as verified to him. Managed to solve it previously by verifying the session in which the issue happens on another (RiotX) session of mine but I can't do anything now since everything is verified everywhere... I am not being prevented from sending messages due to unverified session though, so the issue appears to be purely cosmetic. |
|
I started getting this issue after upgrading from 1.5.15 to 1.6.0-rc.2. It's now showing a black shield, although when I open the sessions for the partner user it shows that as all green shields and verified. |
|
Same here. Unverified device when the device is verified. |
|
This code has changed quite a bit in the cross-signing development, but should be fairly stable in more recent versions. In the latest, I can't see any code paths other than an actual unverified device, although the code paths will be quite different depending on whether cross-signing is turned on. If anyone has a reliable way to reproduce this situation, that would be then most useful. |
|
I was able to recreate what might be a related issue while upgrading to 1.6.0 Over the last day I removed all my old sessions except for my main device in preparation for moving to cross signing. Then I brought each device back online and cross signed it. When I got to the laptop, I was already signed out (because I deleted the session) so I logged back in. The initial verification failed with the phone stuck on the shield dialog waiting for confirmation. At this point I checked the version on the laptop, and it was a 1.5.14. I forced an upgrade check and accepted the option to restart to upgrade. When the client started again I restarted the process to verify the session and completed it successfully with the QR code method. At this point I noticed that messages in an encrypted chat had no decryption keys, so I restored keys from backup. Then when the messages decrypted all messages sent from devices that successfully completed cross signing were flagged with "Encrypted by an unverified device". All devices listed for the two users in the channel were indicated as verified, so I went to clear the cache and reload. This didn't resolve the issue. Finally I logged out, logged back in, and verified the new session. At this point the "Encrypted by an unverified device" warnings vanished and only the two messages I sent with the now deleted session are flagged with "Encrypted by a deleted session". So it seems that somewhere in the client upgrade after being signed in under an older version resulted in some sort of state mess that was resolved by deleting the broken session and starting a new session. p.s. I should add that this is the second device I encountered this on. The first I chalked up to a state issue and moved on. When I encountered it on the laptop It seemed more like a potential bug so I took some more time looking into it. |
|
I just signed off the session on the other device that was exhibiting this behavior, signed back in and performed the cross signing with my Primary device. The issue appears to be resolved on this device now. So it seems like it might be related to older session data? |
|
I'm getting this too on Element Desktop (installed via flatpak from flathub.org): my own messages sent from Fluffy on Android are flagged as red. Cross-signing is enabled and both sides show each other as verified. Weirdly other people I chat with say messages from both Fluffy and Element Desktop show fine to them. Element version: 1.9.7 |
|
I have the same problem since yesterday evening Checked in the Sourcecode of the message, that the message indeed comes from one of the verified sessions... |
|
All this code has been rewritten as part of Element-R, so it's unlikely it still exists. |
|
well - sometimes you just never get around to analyzing a root cause... guess we'll have to wait and see :) Haven't seen it happen in a long time, but I also don't use element as much as I used to for private chats anymore. |
Description
I run my own homeserver. I receive messages from a person that has all devices verified by me. However they are marked as "Encrypted by an unverified device" which is not true. When I view source of encrypted message I see device id which belongs to a device that is verified.
I think that this happens after browser crash or when something else went wrong. But still, what message icon shows is simply not true. Unverifying and re-verifying all devices doesn't help, messagess keep being marked as "Encrypted by an unverified device".
Version information
For the web app:
The text was updated successfully, but these errors were encountered: