** Unable to decrypt: decryption key withheld ** error when attempting to read a user's message(s)

[ccarter-tmt]

Steps to reproduce

Attempting to read messages sent from a user to me has some messages (not all) flagged with the message '** Unable to decrypt: decryption key withheld **'. Clicking on 'Re-request encryption keys from your other sessions.' has no effect in the short or long term (days later messages are still unreadable).

Outcome

Expected to be able to read and receive messages from this user normally.

Operating system

Windows 10 Pro Version 10.0.19045 Build 19045

Application version

Element version: 1.11.17 Olm version: 3.2.12

How did you install the app?

From https://element.io/download

Homeserver

matrix.org

Will you send logs?

Yes

[ccarter-tmt]

NB: This issue also affects Element on Android (Version 1.5.14 [40105142] (G-4a46289f) olm version 3.2.12 but I am only posting desktop issue here.

[ccarter-tmt]

This is a typical error message as displayed in the chat.

[ccarter-tmt]

Same issue again with another user a few days later. Logs uploaded.

[ccarter-tmt]

Sometimes recommended 'fix' to issue a '/discardsession' also has no effect. Problem remains.

[chkalch]

Same issue here on Ubuntu 20.04.5 LTS with Element version: 1.11.16, Olm version: 3.2.12.

The messages are from one specific person and only when he uses Element on Android. When he sends messages from Element on Windows 10 there's no problem.

[chkalch]

Today I had the issue with a message sent from Element version: 1.5.18, Olm version version: 3.2.12 on Android during a short power outage and hence no internet connection. After power went on again the message arrived but cannot be decrypted.

[weeman1337]

Upgrading to O-Occasional as we had another report of this issue (+ I also had this problem on a bad network).

[motey]

Same here, had this multiple times the last two month. Send logs via Element Desktop client

[oblak-be]

We have several users reporting the same issue.

[uhoreg]

It looks like the story behind this error message is that

• the receiving user has multiple devices, but none of them receive the key for whatever reason
• the receiving device requests the key from the user's other devices
• the user's other devices report that they don't have the key, by sending a withheld message
• the receiving device decides to apply that withheld message, making it seem like the original sender held back the key for an unspecified reason

So this is a normal undecryptable event, but made more confusing by the message indicating that the key was withheld. So, downgrading the severity of this issue. Obviously, the fact that the messages are undecryptable in the first place is a big issue, but that is tracked elsewhere.

[uhoreg]

And, in fact, this issue should be fixed by matrix-org/matrix-js-sdk#3061 (so should be coming to a release soon, if not already released)

[motey]

Thanks for a first clarification.
Do i read the the merge you reference correct: The message will be more clear, but the issue will still persist?
And out of curiosity: what may provoke a sender withholding a key?
From my naive perspective, a bad connection should just trigger a retry, and not end up in a m.room_key.withheld-event, shouldn't it?

[uhoreg]

Do i read the the merge you reference correct: The message will be more clear, but the issue will still persist?

It will no longer say "decryption key withheld", but will show up as a normal undecryptable message.

And out of curiosity: what may provoke a sender withholding a key?
From my naive perspective, a bad connection should just trigger a retry, and not end up in a m.room_key.withheld-event, shouldn't it?

"Withholding" a key refers to when the sender purposely does not send the key to the recipient. It's generally rare, but can happen, for example, if the sender has configured their client to not send keys to unverified devices.

The more general problem of undecryptable messages can be caused by many different things. See element-hq/element-meta#245