diff --git a/src/CrossSigningManager.js b/src/CrossSigningManager.js
index a584a69d35..676c41d7d7 100644
--- a/src/CrossSigningManager.js
+++ b/src/CrossSigningManager.js
@@ -129,27 +129,21 @@ const onSecretRequested = async function({
console.log(`CrossSigningManager: Ignoring request from untrusted device ${deviceId}`);
return;
}
- if (name.startsWith("m.cross_signing")) {
+ if (
+ name === "m.cross_signing.master" ||
+ name === "m.cross_signing.self_signing" ||
+ name === "m.cross_signing.user_signing"
+ ) {
const callbacks = client.getCrossSigningCacheCallbacks();
if (!callbacks.getCrossSigningKeyCache) return;
- /* Explicit enumeration here is deliberate – never share the master key! */
- if (name === "m.cross_signing.self_signing") {
- const key = await callbacks.getCrossSigningKeyCache("self_signing");
- if (!key) {
- console.log(
- `self_signing requested by ${deviceId}, but not found in cache`,
- );
- }
- return key && encodeBase64(key);
- } else if (name === "m.cross_signing.user_signing") {
- const key = await callbacks.getCrossSigningKeyCache("user_signing");
- if (!key) {
- console.log(
- `user_signing requested by ${deviceId}, but not found in cache`,
- );
- }
- return key && encodeBase64(key);
+ const keyId = name.replace("m.cross_signing.", "");
+ const key = await callbacks.getCrossSigningKeyCache(keyId);
+ if (!key) {
+ console.log(
+ `${keyId} requested by ${deviceId}, but not found in cache`,
+ );
}
+ return key && encodeBase64(key);
} else if (name === "m.megolm_backup.v1") {
const key = await client._crypto.getSessionBackupPrivateKey();
if (!key) {
diff --git a/src/components/views/settings/CrossSigningPanel.js b/src/components/views/settings/CrossSigningPanel.js
index aa512d4365..1c6baee9af 100644
--- a/src/components/views/settings/CrossSigningPanel.js
+++ b/src/components/views/settings/CrossSigningPanel.js
@@ -32,6 +32,7 @@ export default class CrossSigningPanel extends React.PureComponent {
error: null,
crossSigningPublicKeysOnDevice: false,
crossSigningPrivateKeysInStorage: false,
+ masterPrivateKeyCached: false,
selfSigningPrivateKeyCached: false,
userSigningPrivateKeyCached: false,
sessionBackupKeyCached: false,
@@ -78,6 +79,7 @@ export default class CrossSigningPanel extends React.PureComponent {
const secretStorage = cli._crypto._secretStorage;
const crossSigningPublicKeysOnDevice = crossSigning.getId();
const crossSigningPrivateKeysInStorage = await crossSigning.isStoredInSecretStorage(secretStorage);
+ const masterPrivateKeyCached = !!(pkCache && await pkCache.getCrossSigningKeyCache("master"));
const selfSigningPrivateKeyCached = !!(pkCache && await pkCache.getCrossSigningKeyCache("self_signing"));
const userSigningPrivateKeyCached = !!(pkCache && await pkCache.getCrossSigningKeyCache("user_signing"));
const sessionBackupKeyFromCache = await cli._crypto.getSessionBackupPrivateKey();
@@ -91,6 +93,7 @@ export default class CrossSigningPanel extends React.PureComponent {
this.setState({
crossSigningPublicKeysOnDevice,
crossSigningPrivateKeysInStorage,
+ masterPrivateKeyCached,
selfSigningPrivateKeyCached,
userSigningPrivateKeyCached,
sessionBackupKeyCached,
@@ -140,6 +143,7 @@ export default class CrossSigningPanel extends React.PureComponent {
error,
crossSigningPublicKeysOnDevice,
crossSigningPrivateKeysInStorage,
+ masterPrivateKeyCached,
selfSigningPrivateKeyCached,
userSigningPrivateKeyCached,
sessionBackupKeyCached,
@@ -235,6 +239,10 @@ export default class CrossSigningPanel extends React.PureComponent {
| {_t("Cross-signing private keys:")} |
{crossSigningPrivateKeysInStorage ? _t("in secret storage") : _t("not found")} |
+
+ | {_t("Master private key:")} |
+ {masterPrivateKeyCached ? _t("cached locally") : _t("not found locally")} |
+
| {_t("Self signing private key:")} |
{selfSigningPrivateKeyCached ? _t("cached locally") : _t("not found locally")} |
diff --git a/src/i18n/strings/en_EN.json b/src/i18n/strings/en_EN.json
index 82a8f960ab..d25e136747 100644
--- a/src/i18n/strings/en_EN.json
+++ b/src/i18n/strings/en_EN.json
@@ -653,9 +653,10 @@
"not found": "not found",
"Cross-signing private keys:": "Cross-signing private keys:",
"in secret storage": "in secret storage",
- "Self signing private key:": "Self signing private key:",
+ "Master private key:": "Master private key:",
"cached locally": "cached locally",
"not found locally": "not found locally",
+ "Self signing private key:": "Self signing private key:",
"User signing private key:": "User signing private key:",
"Session backup key:": "Session backup key:",
"Secret storage public key:": "Secret storage public key:",
diff --git a/src/rageshake/submit-rageshake.ts b/src/rageshake/submit-rageshake.ts
index 350602aa5d..b562141338 100644
--- a/src/rageshake/submit-rageshake.ts
+++ b/src/rageshake/submit-rageshake.ts
@@ -122,6 +122,8 @@ export default async function sendBugReport(bugReportEndpoint: string, opts: IOp
body.append("ssss_key_in_account", String(!!(await secretStorage.hasKey())));
const pkCache = client.getCrossSigningCacheCallbacks();
+ body.append("master_pk_cached",
+ String(!!(pkCache && await pkCache.getCrossSigningKeyCache("master"))));
body.append("self_signing_pk_cached",
String(!!(pkCache && await pkCache.getCrossSigningKeyCache("self_signing"))));
body.append("user_signing_pk_cached",