-
Notifications
You must be signed in to change notification settings - Fork 274
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Loading the session fails with "Unable to load session Error decrypting secret access_token: bad MAC" #1077
Comments
Vast majority of reports are from Linux, 3 from Windows. Theory: race condition between app launch and keyring unlocking |
Removing from our board as this is not a fire based on our definition of it and, thus, won't be picked up by our processes. |
Given the number of reports we receive of this, I'm updating the labels |
Contrary to what you might expect given the error message, this is not related to end-to-end encryption. Specifically, the problem comes from trying to decrypt the matrix access token, which is stored, encrypted, in indexeddb, in export interface IEncryptedPayload {
/** the initialization vector in base64 */
iv: string;
/** the ciphertext in base64 */
ciphertext: string;
/** the HMAC in base64 */
mac: string;
} When encrypting the access token, we:
When decrypting, we therefore derive the same pair of keys, and then verify that a signature on The (misnamed) What is particularly strange here is that, somehow, a completely different pickle key is being hallucinated somehow. It's not that there is a total absence of pickle key; that would be more understandable, as some sort of failure to talk to the system keychain. |
I wonder if this could be something like: the user has logged out and logged in again, causing a new picklekey to be created, and new user id/device id to be stored in localstorage. However, indexeddb is having a bit of a moment, and the access token is not correctly persisted in indexeddb. Hence, on restore, we get the picklekey for the old encrypted access token. |
... in an attempt to diagnose element-hq/element-desktop#1077
... in an attempt to diagnose element-hq/element-desktop#1077
I added some logging which might help diagnose this, in matrix-org/matrix-react-sdk#12831. Interested to hear from people who observe it in nightlies or 1.11.72 or later. |
None of the previous reporters included any reproduction steps. They all reported element refusing to launch with the aforementioned error.
Element fails with the following stacktrace:
The text was updated successfully, but these errors were encountered: