Skip to content

Support encrypted state events MSC4362 #30877

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
kaylendog wants to merge 1 commit into
base: andybalaam/remove-needless-para
Choose a base branch
from
Draft

Support encrypted state events MSC4362 #30877

kaylendog wants to merge 1 commit into from
+417 −24

Conversation

@kaylendog
Copy link
Contributor

@kaylendog kaylendog commented Sep 25, 2025
edited by andybalaam
Loading

When the labs flag ("Encrypted state events") is enabled, a new option ("Encrypt state events") appears when creating a room.

Whether or not the labs flag is enabled, in a room created with this option, state events are encrypted and decrypted as specified in MSC4362.

image image

People invited to the room later (without MSC4268 enabled) will not be able to decrypt state (e.g. room name) that was sent before they joined.

Checklist

@kaylendog kaylendog self-assigned this Sep 25, 2025
@kaylendog kaylendog marked this pull request as ready for review September 25, 2025 09:42
@kaylendog kaylendog requested review from a team as code owners September 25, 2025 09:42
@kaylendog
Copy link
Contributor Author

kaylendog commented Sep 25, 2025

Two potential considerations:

  • What do clients without the flag enabled see when using a room with state event encryption enabled?
  • Can clients without the flag enabled still send encrypted state events if they are sent in a room with state encryption enabled?

@Half-Shot
Copy link
Member

Half-Shot commented Sep 25, 2025

Can clients without the flag enabled still send encrypted state events if they are sent in a room with state encryption enabled?

IMO it would make sense that clients with this flag enabled can create / enable rooms to have encrypted state, but all supporting clients regardless of features should be able to interact in these rooms. So, they should probably attempt to send encrypted state if the room requires it.

@kaylendog
Copy link
Contributor Author

kaylendog commented Sep 25, 2025

Can clients without the flag enabled still send encrypted state events if they are sent in a room with state encryption enabled?

IMO it would make sense that clients with this flag enabled can create / enable rooms to have encrypted state, but all supporting clients regardless of features should be able to interact in these rooms. So, they should probably attempt to send encrypted state if the room requires it.

I agree! The last commit I made locks MatrixClient.enableEncryptedStateEvents to true, but the toggle switch on the create room dialogue is still locked behind the lab flag.

@kaylendog
Copy link
Contributor Author

kaylendog commented Sep 25, 2025
edited
Loading

It appears that the state events sent immediately after room creation are not encrypted - investigating... Although this may be preferable behaviour - clients could fall back to this if room key sharing ever fails?

This was referenced Sep 25, 2025
Draft
Open
@kaylendog kaylendog changed the title Implement lab for encrypted state events (MSC3414) Implement lab for encrypted state events (MSC3414/MSC4362) Sep 26, 2025
@kaylendog
Copy link
Contributor Author

kaylendog commented Sep 29, 2025

Latest changes enabling room name encryption might belong in the JS SDK? Thoughts appreciated!

@richvdh richvdh marked this pull request as draft October 27, 2025 13:16
@andybalaam andybalaam mentioned this pull request Oct 28, 2025
Open
17 tasks
andybalaam
andybalaam requested changes Oct 31, 2025
View reviewed changes
Copy link
Member

@andybalaam andybalaam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding a review, primarily to remind myself what needs doing when I get back to this.

andybalaam
andybalaam reviewed Oct 31, 2025
View reviewed changes
@andybalaam andybalaam changed the title Implement lab for encrypted state events (MSC3414/MSC4362) Implement lab for encrypted state events MSC4362 Nov 14, 2025
@andybalaam andybalaam changed the title Implement lab for encrypted state events MSC4362 Add labs flag for encrypted state events MSC4362 Nov 14, 2025
@andybalaam andybalaam changed the title Add labs flag for encrypted state events MSC4362 Support encrypted state events MSC4362 Nov 14, 2025
@andybalaam andybalaam assigned andybalaam and unassigned kaylendog Dec 10, 2025
@andybalaam andybalaam force-pushed the kaylendog/msc3414 branch 2 times, most recently from 82e2b6a to 509d4e8 Compare December 10, 2025 11:07
@andybalaam andybalaam changed the base branch from develop to andybalaam/remove-needless-para December 10, 2025 12:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andybalaam andybalaam andybalaam requested changes

@richvdh richvdh richvdh left review comments

@florianduros florianduros florianduros requested changes

@MidhunSureshR MidhunSureshR Awaiting requested review from MidhunSureshR MidhunSureshR is a code owner automatically assigned from element-hq/element-web-reviewers

Assignees

@andybalaam andybalaam

Labels

T-Enhancement Z-Labs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@kaylendog @Half-Shot @andybalaam @richvdh @florianduros