Cross Signing

Check Status

  1. Go to Element Security & Privacy settings
    temp

  2. Expand the Advanced section
    temp

  3. Look for All keys backed up
    temp

Export and Import E2E Room Keys

Element Web and Desktop

Export

  1. Go to Element Security & Privacy settings
    temp

  2. Click Export E2E room keys
    temp

  3. Enter a secure passphrase and click Export
    temp

  4. Choose to save the file
    temp

  5. Select a directory on your computer
    temp

Import

  1. Go to Element Security & Privacy settings
    temp

  2. Click Import E2E room keys
    temp

  3. Click Browse
    temp

  4. Select your export
    temp

  5. Enter your passphrase and click Import
    temp

Element iOS

Export

  1. Tap the cog in the top left of Element
    temp

  2. Tap Security
    temp

  3. Tap Export keys manually
    temp

  4. Enter a secure passphrase and tap Export
    temp

  5. Choose Save to Files
    temp

  6. Choose a location then tap Save
    temp

Import

This is a temporary solution until this issue is resolved

  1. Tap the + in the bottom right corner
    temp

  2. Tap Create room
    temp

  3. Tap the room name (Empty room) at the top
    temp

  4. Tap the room name again
    temp

  5. Under Advances, enable encryption
    temp

  6. Tab Done in the top right
    temp

  7. Tab the + to send a file
    temp

  8. Tap Send file
    temp

  9. Browse to and select your export
    temp

  10. Tap the file you just sent
    temp

  11. Tap Import
    temp

  12. Enter your passphrase and tap Import
    temp

Element Android

Export

  1. Tap your user picture in the top right
    temp

  2. Tap the cog
    temp

  3. Tap Security & Privacy
    temp

  4. Tap Export E2E room keys
    temp

  5. Select a location and a file name, then tap SAVE
    temp

  6. Enter a secure passphrase, then tap EXPORT
    temp

Import

  1. Tap your user picture in the top right
    temp

  2. Tap the cog
    temp

  3. Tap Security & Privacy
    temp

  4. Tap Import E2E room keys
    temp

  5. Browse to and select your export
    temp

  6. Enter your passphrase and tap IMPORT
    temp

Reset Cross Signing

Only do this if you have forgotten or lost your cross signing backup passphrase.

Please read through the entire document before starting to make sure you understand the consequences of doing this.

If you have an active session

  1. You may wish to backup your keys before doing this just to be on the safe side if something goes wrong: See Export and Import E2E Room Keys

  2. Go to Element Security & Privacy settings
    temp

  3. Click Reset in the Cross-signing section

  4. Click Clear cross-signing keys
    temp

  5. Click Generate a Security Key or Enter a Security Phrase. Then Continue
    temp

  6. Take note of your key then click Continue
    temp

  7. Enter your account password and click Continue
    temp

  8. You can delete any untrusted sessions in Element Security & Privacy settings. Select the sessions you want to remove and click Delete 1 session
    temp

  9. Optionally, Sign out old devices no longer needed

If you DO NOT have an active session

Doing this will destroy all your keys and you will NOT be able to access any historical encrypted messages.

  1. Log in to Element
    temp

  2. Click Skip
    temp

  3. Click Skip again
    temp

  4. Do not connect to Key Backup or verify session when asked

  5. Note that you will not be able to decrypt any previous messages after doing this
    temp

  6. Follow the steps from If you have an active session

Sign out old devices

  1. Go to Element Security & Privacy settings
    temp

  2. Select the devices you wish to sign out

  3. Click Sign out n selected devices

  4. Authenticate with your Matrix account password or via SSO

Set up Cross Signing

On first login to a new account

  1. Sign up or log in
    temp

  2. Click Generate a Security Key or Enter a Security Phrase. Then click Continue
    temp

  3. Take note of your key, then click Continue
    temp

If you did not set it up on first login, or if you did not get asked

  1. If you do not have key backup configured, you will be asked to set it up the first time you enter an encrypted room. Click Start using Key Backup
    temp

  2. Click Generate a Security Key or Enter a Security Phrase. Then Continue
    temp

  3. Take note of your key, then click Continue
    temp

  4. Enter your account password, then click Continue
    temp

If you clicked Don't ask me again

  1. Go to Element Security & Privacy settings
    temp

  2. Click Start using Key Backup
    temp

  3. Click Generate a Security Key or Enter a Security Phrase. Then Continue
    temp

  4. Take note of your key, then click Continue
    temp

  5. Enter your account password, then click Continue
    temp

Verify new Login

When you log in to a new device/session, you must verify the login and connect it to cross signing and secret storage to access your backed up encryption keys for historical messages. This assumes you already have configured cross signing, see Set up Cross Signing.

  1. Log in to Element with your username and password
    Element Web login screen

  2. Choose one of the methods below for cross signing

Compare emojis using another login

  1. Click Use another login
    Element login screen
  2. On another device/session that is connected to cross signing, click Accept
    New session Verification request
  3. Click Start
    Choose method to Verify other login
  4. Compare the emojis on your new and old sessions. They should be the same emojis and in the same order. Click They match on both sessions
    Compare emojis
  5. If all was successful, you should get this green shield on both sessions. Click Got it. Your new device/session is now verified and will download your backed up message encryption keys
    Session verified green shield

Scan QR code on another login

Login is here demonstrated on Element Android

  1. On your phone, tap Verify this login
    Verify this login from Element Android
  2. Your phone is now waiting for you to accept from another device
    Waiting for another session to accept verification request
  3. On another device/session that is connected to cross signing, click Accept
    New session Verification request
  4. On your phone, tab Scan with this device
    Scan with this device
  5. Using your phone, scan the QR code shown on your other session
    QR code scanner on Element Android
    QR code for verification shown on the other session
  6. Your phone waits for you to confirm green shield on your other session. Click Yes
    Element Android waiting for other session
    Verify by scanning - both sessions should show the same green shield
  7. Tap Done on your phone
    Element Android - session verified
  8. If all was successful, you should get this green shield on both sessions. Click Got it. Your new device/session is now verified and will download your backed up message encryption keys
    Session verified green shield

Using your Security Key

  1. Click Use Security Key
    Verify this login, choose between using another device or entering security key
  2. Enter your Security key when prompted and click Continue
    Enter Security Key
  3. If all was successful, you should get this green shield on both sessions. Click Got it. Your new device/session is now verified and will download your backed up message encryption keys
    Session verified green shield