diff --git a/src/matrix/Session.js b/src/matrix/Session.js index a3b7d06c..9db0bd7f 100644 --- a/src/matrix/Session.js +++ b/src/matrix/Session.js @@ -614,13 +614,8 @@ export class Session { e2eeAccount: this._e2eeAccount, deviceId: this.deviceId, }); + await crossSigning.load(log); this._crossSigning.set(crossSigning); - // if (await crossSigning.load(log)) { - // this._crossSigning.set(crossSigning); - // } - // else { - // crossSigning.dispose(); - // } }); } await this._keyBackup.get()?.start(log); diff --git a/src/matrix/verification/CrossSigning.ts b/src/matrix/verification/CrossSigning.ts index 47677e94..9987db31 100644 --- a/src/matrix/verification/CrossSigning.ts +++ b/src/matrix/verification/CrossSigning.ts @@ -277,10 +277,17 @@ export class CrossSigning { async signDevice(verification: IVerificationMethod, log: ILogItem): Promise { return log.wrap("CrossSigning.signDevice", async log => { if (!this._isMasterKeyTrusted) { + /** + * If we're the unverified device that is participating in + * the verification process, it is expected that we do not + * have access to the private part of MSK and thus + * cannot determine if the MSK is trusted. In this case, we + * do not need to sign anything because the other (verified) + * device will sign our device key with the SSK. + */ log.set("mskNotTrusted", true); - return; } - const shouldSign = await verification.verify(); + const shouldSign = await verification.verify() && this._isMasterKeyTrusted; log.set("shouldSign", shouldSign); if (!shouldSign) { return;