diff --git a/proposals/1219-storing-megolm-keys-serverside.md b/proposals/1219-storing-megolm-keys-serverside.md index 14149950..905cd264 100644 --- a/proposals/1219-storing-megolm-keys-serverside.md +++ b/proposals/1219-storing-megolm-keys-serverside.md @@ -4,10 +4,28 @@ Storing megolm keys serverside Background ---------- -We *optionally* let clients store a copy of their megolm inbound session keys -on the HS so that they can recover history if all devices are lost without an -explicit key export; fix UISIs; support clients with limited local storage for -keys. +A user who uses end-to-end encyrption will usually have many inbound session +keys. Users who log into new devices and want to read old messages will need a +convenient way to transfer the session keys from one device to another. While +users can currently export their keys from one device and import them to +another, this is involves several steps and may be cumbersome for many users. +Users can also share keys from one device to another, but this has several +limitations, such as the fact that key shares only share one key at a time, and +require another logged-in device to be active. + +To help resolve this, we *optionally* let clients store an encrypted copy of +their megolm inbound session keys on the homeserver. Clients can keep the +backup up to date, so that users will always have the keys needed to decrypt +their conversations. The backup could be used not just for new logins, but +also to try to fix UISIs that occur after a device has logged in (as an +alternative to key sharing), or to support clients with limited local storage +for keys (clients can store old keys to the backup, and remove their local +copy, retrieving the key from the backup when needed). + +To recover keys from the backup, a user will need to enter a recovery key to +decrypt the backup. The backup will be encrypted using public key +cryptography, so that any of a user's devices can back up keys without needing +the user to enter the recovery key until they need to read from the backup. See also: