element-web/docs/e2ee.md

# End to end encryption by default

By default, Element will create encrypted DM rooms if the user you are chatting with has keys uploaded on their account.
For private room creation, Element will default to encryption on but give you the choice to opt-out.

## Disabling encryption by default

Set the following on your homeserver's
`/.well-known/matrix/client` config:

```json
{
    "io.element.e2ee": {
        "default": false
    }
}
```

# Secure backup

By default, Element strongly encourages (but does not require) users to set up
Secure Backup so that cross-signing identity key and message keys can be
recovered in case of a disaster where you lose access to all active devices.

## Requiring secure backup

To require Secure Backup to be configured before Element can be used, set the
following on your homeserver's `/.well-known/matrix/client` config:

```json
{
    "io.element.e2ee": {
        "secure_backup_required": true
    }
}
```

## Preferring setup methods

By default, Element offers users a choice of a random key or user-chosen
passphrase when setting up Secure Backup. If a homeserver admin would like to
only offer one of these, you can signal this via the
`/.well-known/matrix/client` config, for example:

```json
{
    "io.element.e2ee": {
        "secure_backup_setup_methods": ["passphrase"]
    }
}
```

The field `secure_backup_setup_methods` is an array listing the methods the
client should display. Supported values currently include `key` and
`passphrase`. If the `secure_backup_setup_methods` field is not present or
exists but does not contain any supported methods, Element will fallback to the
default value of: `["key", "passphrase"]`.

# Compatibility

The settings above were first proposed under a `im.vector.riot.e2ee` key, which
is now deprecated. Element will check for either key, preferring
`io.element.e2ee` if both exist.
Apply suggestions from code review Co-authored-by: J. Ryan Stinnett <jryans@gmail.com> 2020-06-04 13:38:45 +02:00			`# End to end encryption by default`
Add e2ee-default:false docs Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> 2020-06-03 23:09:56 +02:00
Update e2ee.md 2020-07-17 13:22:51 +02:00			`By default, Element will create encrypted DM rooms if the user you are chatting with has keys uploaded on their account.`
			`For private room creation, Element will default to encryption on but give you the choice to opt-out.`
Add e2ee-default:false docs Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> 2020-06-03 23:09:56 +02:00
			`## Disabling encryption by default`

			`Set the following on your homeserver's`
			`/.well-known/matrix/client` config:
Document new setting to require secure backup This adds notes on configuring the new `.well-known` setting to require Element users to set up secure backup before continuing into the app. Part of https://github.com/vector-im/element-web/issues/14954 2020-08-14 14:31:57 +02:00
Add e2ee-default:false docs Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> 2020-06-03 23:09:56 +02:00			```json
			`{`
Apply prettier formatting 2022-12-09 13:28:29 +01:00			`"io.element.e2ee": {`
			`"default": false`
			`}`
Add e2ee-default:false docs Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> 2020-06-03 23:09:56 +02:00			`}`
			```
Document new .well-known for E2EE settings This updates documentation about the new key in `.well-known` that we'll check for E2EE settings: `im.vector.e2ee`. Part of https://github.com/vector-im/element-web/issues/14954 2020-08-14 14:03:04 +02:00
Document new setting to require secure backup This adds notes on configuring the new `.well-known` setting to require Element users to set up secure backup before continuing into the app. Part of https://github.com/vector-im/element-web/issues/14954 2020-08-14 14:31:57 +02:00			`# Secure backup`

			`By default, Element strongly encourages (but does not require) users to set up`
			`Secure Backup so that cross-signing identity key and message keys can be`
			`recovered in case of a disaster where you lose access to all active devices.`

			`## Requiring secure backup`

			`To require Secure Backup to be configured before Element can be used, set the`
			following on your homeserver's `/.well-known/matrix/client` config:

			```json
			`{`
Apply prettier formatting 2022-12-09 13:28:29 +01:00			`"io.element.e2ee": {`
			`"secure_backup_required": true`
			`}`
Document new setting to require secure backup This adds notes on configuring the new `.well-known` setting to require Element users to set up secure backup before continuing into the app. Part of https://github.com/vector-im/element-web/issues/14954 2020-08-14 14:31:57 +02:00			`}`
			```

Document config for preferring Secure Backup setup methods Part of https://github.com/vector-im/element-web/issues/15238 2020-09-21 16:56:38 +02:00			`## Preferring setup methods`

			`By default, Element offers users a choice of a random key or user-chosen`
			`passphrase when setting up Secure Backup. If a homeserver admin would like to`
			`only offer one of these, you can signal this via the`
			`/.well-known/matrix/client` config, for example:

			```json
			`{`
Apply prettier formatting 2022-12-09 13:28:29 +01:00			`"io.element.e2ee": {`
			`"secure_backup_setup_methods": ["passphrase"]`
			`}`
Document config for preferring Secure Backup setup methods Part of https://github.com/vector-im/element-web/issues/15238 2020-09-21 16:56:38 +02:00			`}`
			```

			The field `secure_backup_setup_methods` is an array listing the methods the
			client should display. Supported values currently include `key` and
			`passphrase`. If the `secure_backup_setup_methods` field is not present or
			`exists but does not contain any supported methods, Element will fallback to the`
			default value of: `["key", "passphrase"]`.

Document new .well-known for E2EE settings This updates documentation about the new key in `.well-known` that we'll check for E2EE settings: `im.vector.e2ee`. Part of https://github.com/vector-im/element-web/issues/14954 2020-08-14 14:03:04 +02:00			`# Compatibility`

			The settings above were first proposed under a `im.vector.riot.e2ee` key, which
			`is now deprecated. Element will check for either key, preferring`
Use `io.element` instead of `im.vector` This also fixes casing as well to match the latest thinking. 2020-08-24 17:34:58 +02:00			`io.element.e2ee` if both exist.