Encryption Keys in Xirta Elemental

Many people use encryption and never know it. With our system if you set your encryption keys on one device – you won’t be able to read messages on a different device. There are methods to add your keys to another device outlined below.

Some people may consider the way things work as of our launch as a good way to keep some encrypted messages long term – but do understand it is our current goal to have messages auto-remove from the system within minutes or hours – sometime in the future things should change that way.. so don’t get used to having chat logs from days ago that you can return to – encrypted or not – the storage time of messages may change in the future. To make an encrypted backup you will need to copy the text, paste it into another program and use other encryption methods.

Our Xirta chat system upon launch has Elemental as a portal for end users to connect to out Xirta server.

Why can’t I read a message?

If you can’t read a message it’s because your device doesn’t have the right key. If your device doesn’t have the right key, there are three ways you might be able to get hold of the key:

Restore all of your keys from key backup
Request the specific key from another device via key share
Upload keys from a manual backup (advanced)

What is Key Backup?

When key backup is enabled, your device will maintain a secure copy of its keys on our server. To ensure those keys can only ever be accessed by you, they are encrypted on your device, with a key that you either store yourself, or secure with a passphrase and upload to our server. It is important to understand that to protect your privacy your keys will never touch our systems unencrypted.
Is it safe to back up my encryption keys to your servers?

Yes. Your keys are encrypted before they are uploaded to our servers, so we never see them unencrypted.
How do I set up key backup?

Go to User Settings -> Security & Privacy and click Start using Key Backup.

How do I restore from key backup?

Go to User Settings -> Security & Privacy and click Restore from Backup.

How do I request the key from another device via key share?

When Element sees a message it can’t decrypt, it automatically asks your other devices if they have a copy of the necessary key. Keys will be shared automatically with trusted devices – if the device with the key hasn’t trusted the device requesting the key, the device with the key will pop up a prompt asking you to confirm the key share manually.

What is a ‘device’?

For historical reasons, when we say ‘device’ we don’t mean your phone or your laptop – you actually create a new ‘device’ each time you log in on Xirta (and destroy it again when you log out).

What does it mean to verify or trust a device in Elemental?

Elemental uses trust to represent an additional layer of security within the app, over and above username and password authentication.

If somebody is sending messages as Alice, we know that they have access to Alice’s account – either they’ve logged in with Alice’s username and password, or they’re using a logged in session, perhaps on Alice’s phone.

Usually, that somebody is going to be Alice. Unfortunately, in the real world, passwords can be guessed or sniffed and phones can be stolen. Elementals trust mechanism is designed to mitigate this.

In Elemental, you can see every device that has joined an encrypted conversation. If a new and unexpected device joins, you can use device verification to check that it’s really Alice. And if you suspect that a trusted device has fallen into the wrong hands, you can revoke that trust and remove its access to the ongoing encrypted conversation.

Verifying every device is, alas, still time-consuming — we’re working hard on a solution to this.

This page should be updated with more info to make it easier to understand and use these features. I welcome suggestions via the comments below, and if anyone wants to share screen shots or video of how – to that would be cool too.

Look for more info here in the future on using encryption keys.

One Comment:

  1. Nash, an interesting write up, I will admit to at first being confuzzled by the encryption, but slowly getting used to it.

Leave a Reply

Your email address will not be published. Required fields are marked *