Describe the bug
E2EE key backup restoration only works if performed immediately after session verification within the same app session. If you verify your session, close/restart Commet, and then attempt to restore E2EE keys, the restoration silently fails. Messages remain undecryptable with the error "The sender has not sent us the session key."
FluffyChat and Element, using the same account and same sessions, can retrieve and decrypt these messages without issue — confirming the keys exist in backup and the server-side setup is correct.
To Reproduce
- Log into Commet on a new device/session
- Verify the session via cross-signing from another device
- Close and reopen Commet (or restart the app)
- Go to Settings → Cross Signing & Backup → Click "Restore"
- Navigate to an encrypted room
- Messages show "The sender has not sent us the session key" and cannot be decrypted
Expected behavior
Key backup restoration should work regardless of whether Commet has been restarted since verification. Restoring from backup in a later session should decrypt all previously received encrypted messages, as it does in FluffyChat and Element.
Workaround
Verify the session AND restore E2EE keys in the same app session without closing/restarting Commet in between:
- Log in
- Immediately verify session
- Immediately restore E2EE key backup
- Messages decrypt correctly
- Now safe to close/reopen freely
Additional context
- Cross-signing is fully set up and shows green/verified
- Key backup is enabled and functional (FluffyChat can restore from the same backup successfully)
- Tested with a self-hosted Synapse 1.144.0 homeserver
- The issue appears to be that Commet loses some in-memory cross-signing or key backup decryption state on restart, which it needs in order to decrypt the key backup
CPU: 16-core AMD EPYC 4585PX (-MT MCP-) speed/min/max: 4250/600/5752 MHz
Kernel: 6.12.75-1-lts x86_64 Up: 13d 19h 36m Mem: 79.4/91.93 GiB (86.4%)
Storage: 2.74 TiB (60.3% used) Procs: 759 Shell: Bash inxi: 3.3.40
Describe the bug
E2EE key backup restoration only works if performed immediately after session verification within the same app session. If you verify your session, close/restart Commet, and then attempt to restore E2EE keys, the restoration silently fails. Messages remain undecryptable with the error "The sender has not sent us the session key."
FluffyChat and Element, using the same account and same sessions, can retrieve and decrypt these messages without issue — confirming the keys exist in backup and the server-side setup is correct.
To Reproduce
Expected behavior
Key backup restoration should work regardless of whether Commet has been restarted since verification. Restoring from backup in a later session should decrypt all previously received encrypted messages, as it does in FluffyChat and Element.
Workaround
Verify the session AND restore E2EE keys in the same app session without closing/restarting Commet in between:
Additional context
CPU: 16-core AMD EPYC 4585PX (-MT MCP-) speed/min/max: 4250/600/5752 MHz
Kernel: 6.12.75-1-lts x86_64 Up: 13d 19h 36m Mem: 79.4/91.93 GiB (86.4%)
Storage: 2.74 TiB (60.3% used) Procs: 759 Shell: Bash inxi: 3.3.40