Verification gets cancelled at completion

[deepadmax]

Description

I cannot successfully verify my friends. Once the verification is finished, after we've both selected that our emojis match, it tells us that the verification has been cancelled and it remains unverified.

I've tried it on other clients and platforms too, but to no success.

Version information

• Platform: Desktop
• OS: Manjaro Linux
• Versions:
  • 1.7.29
  • 2021071901 (Nightly)

[dbkr]

Yikes:

Verification request $cY6-4aF1xw5c9aXG4wZzD4Ldg8CCPmhu4ZYd108RD-4: m.key.verification.cancel event with id:$YV4Umc_uIuQtkV2wxDc7T0Mev_HM3bONE4doN1iCfyo, content:{"code":"m.unknown","reason":"Error: Key type user_signing from getCrossSigningKey callback did not match"} deviceId:undefined, sender:[redacted], isSentByUs:true, isLiveEvent:true, isRemoteEcho:true, phase:1=>5, observeOnly:false=>true

Somehow the app has got into a state where the cross signing key in SSSS (secure secret storage and sharing) doesn't match the one it thinks it should be.

I'm guessing it prompts you for your passphrase at the end of the verification process?

Adding this to our cross-signing hitlist. In the meantime, you could try to log out & log in again to fix this. If you normally verify by scanning another device, try entering your passphrase / key instead. As a last resort, you could also try to reset cross signing, although of course you'd have to verify your devices and anyone you verified again.

[deepadmax]

It has actually been prompting me that each and every time. I did think it was a little weird.

If you normally verify by scanning another device, try entering your passphrase / key instead.

When I enter the security key and press Continue, it doesn't proceed. It doesn't say it's incorrect, it says "Looks good!"
I avoided scanning a QR code and went with emojis in stead. I'll try to verify a friend again and see if the problem is solved. I'll report back with the result.

As a last resort, you could also try to reset cross signing, although of course you'd have to verify your devices and anyone you verified again.

Doesn't that mess with room keys and will make me lose access to previously encrypted messages? Or am I mistaken on that?

[deepadmax]

After having relogged, but using emojis, it still asks for my security key and the process yet gets cancelled.

[deepadmax]

I have now even tried this in the browser and I cannot login using my security key there either. I don't know if I now have a completely different issue or whether this is related.

To reiterate

When I select to "Use Security Key" and enter it, it says it's correct but upon pressing Continue, it doesn't continue. It simply closes that "window" and returns me to choosing between "Use another login" and "Use Security Key" with no sign of error other than that it isn't proceeding. This persists however many times I try.

P.S.

I logged in using emojis and when going to log out, it asked me to start using Key Backup. [1] Saying yes to it and being once again asked for my security key, though it said the key was correct, "Looks good!", [2] I got this error. [3] That seems kind of strange.

[1]

[2]

[3]

[deepadmax]

As a last resort, you could also try to reset cross signing, although of course you'd have to verify your devices and anyone you verified again.

Nothing else did, but resetting cross signing has made it work again. Thank you!
Hopefully I won't need to do this again, because I don't like seeing "Encrypted by a deleted session"

[newptcai]

I also get stuck in this status. It actually works but I always get notification to verify my devices each time I start element desktop.

[MadLittleMods]

Maybe related to #21488

[rlaferla]

I'm seeing this on macOS:

[adam4235]

Same thing happening for me. I'm a new user, e.g. my Linux Mint desktop app is:

Element version: 1.11.17
Olm version: 3.2.12

I created my account on my Linux desktop through the web interface (Firefox), and also logged in via Linux desktop app on the same machine, as well as Android and Windows desktop app. The only device that shows as verified is the Linux web interface that I created the account on. The others I repeatedly try to verify and it repeatedly says I cancelled at the end, regardless of whether I use QR code or emojis.

I also noticed 2 extra Linux devices in my list of devices that I don't remember signing in to. I signed out of those. Probably an unrelated bug.

Not sure what people mean by entering their passphrase / security key above. It never asked me for that and I never created one, I just have my account password. It does also keep asking me to back up my messages, which I assumed is normal.

[adam4235]

When I first set up key backup in Settings under Privacy and Security, the problem then went away and I was able to successfully verify, as @dbkr mentioned. If setting up that backup is required before verification, then the interface should inform me of that.

[m0veax]

I'm running into this issue every now and then too. I have a feeling that this happens, if i have more then 2 sessions and one get's to old or was not used for a few days.

I have a "one machine per purpose" politics for my boxes and so there are boxes I don't use daily. I noticed, that those problems starts, if I use a machine again that was not powered one for a while. Afterwards I get Messages from people that they can not read my messages anymore.

I clean up my Sessions then and restore from my recovery key. But that is really driving me mad from time to time, because I do not have access to my key all the time.

If it helps I can provide logs and infos after that happens the next time. But I would need to know what I have to set in the Client to provide those?

Thanks for Element :) I really like that client.

[PrplHaz4]

Yikes:

Verification request $cY6-4aF1xw5c9aXG4wZzD4Ldg8CCPmhu4ZYd108RD-4: m.key.verification.cancel event with id:$YV4Umc_uIuQtkV2wxDc7T0Mev_HM3bONE4doN1iCfyo, content:{"code":"m.unknown","reason":"Error: Key type user_signing from getCrossSigningKey callback did not match"} deviceId:undefined, sender:[redacted], isSentByUs:true, isLiveEvent:true, isRemoteEcho:true, phase:1=>5, observeOnly:false=>true

Somehow the app has got into a state where the cross signing key in SSSS (secure secret storage and sharing) doesn't match the one it thinks it should be.

I'm guessing it prompts you for your passphrase at the end of the verification process?

Adding this to our cross-signing hitlist. In the meantime, you could try to log out & log in again to fix this. If you normally verify by scanning another device, try entering your passphrase / key instead. As a last resort, you could also try to reset cross signing, although of course you'd have to verify your devices and anyone you verified again.

Thank you! Logging out and back in again on my "new" device (Element X iOS) allowed the verification (against the element web app) to finally complete successfully after multiple failures.

[richvdh]

I'm going to close this, as it doesn't seem to be going anywhere useful, and is presumably specific to the legacy crypto stack. Please open new issues, clearly describing your symptoms, with steps to repeat, if you continue to encounter this.

I'll also mention that there is a bug in Element Android which can cause Verification to fail prematurely, even if you're not using that client: element-hq/element-android#8806