Resetting Secure Backup ruins device verification / cross-signing

[AndrewFerr]

Steps to reproduce

1. Go to Settings->Security & Privacy -> Encryption -> Secure Backup -> Reset, in order to change your Security Phrase
2. Follow the instructions to start a new backup with a new phrase
3. In a few moments, will get a prompt to "upgrade your encryption", which is reminiscent of the upgrade to enable cross-signing

Outcome

What did you expect?

Only the backup for message encryption keys should be rebuilt from scratch, which is a fairly invisible event.

What happened instead?

All of my clients appeared as untrusted devices to each other, anyone I had verified before became marked as unverified, and I appeared as unverified to them. It is as if cross-signing keys were reset.

And FWIW, Element Android said that it didn't have cross-signing private keys, as also seen here: element-hq/element-android#5090 (comment) . Logging out & back in fixed that issue, but the issue of lost verification remained.

This happened with both a matrix.org account & a self-hosted account.

Operating system

Fedora Workstation 36

Browser information

Firefox 100.0

URL for webapp

app.element.io & self-hosted Element Web v1.10.12

Application version

No response

Homeserver

matrix.org & self-hosted Synapse 1.57.1

Will you send logs?

No

[AndrewFerr]

To be clear, what I was after was a way to change my Secure Backup passphrase without changing the contents of the backup itself / changing any keys. Apparently this is possible via a "soft reset" that UIs don't expose very well?

[richvdh]

I think this is the same as #27841