Sulkta-Coop/element-x-ada
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
element-x-ada/docs/build-logs/ssss-recovery-key-result.md

2.3 KiB
Raw Blame History

SSSS Recovery Key Setup Result

Date: 2026-03-28 Account: @testbot-elementx:sulkta.com Homeserver: chat.sulkta.com

Status: SUCCESS

What Worked

Option B: Direct Matrix API via Node.js

Browser automation (Option A) failed due to DNS resolution issues - the Browserless container couldn't resolve matrix.sulkta.com which is internal-only.

Discovered via .well-known that the public-facing homeserver is chat.sulkta.com.

Used a Node.js script with the MAS compat token to:

  1. Generate a 256-bit random recovery key
  2. Create PBKDF2 key derivation parameters (500k iterations)
  3. Set m.secret_storage.key.<id> account data
  4. Set m.secret_storage.default_key to point to the new key

Recovery Key

b4a6 7d93 602e c774 1b74 3839 c00c 9cec 902d 8f70 9c6e 22df 9812 4606 249e 07b0

Key ID: 5b8ac89548308c51

Technical Details

  • Algorithm: m.secret_storage.v1.aes-hmac-sha2
  • KDF: m.pbkdf2 with 500,000 iterations
  • Salt: randomly generated

Caveats

  1. This is a minimal SSSS setup - it creates the key structure but doesn't:

    • Bootstrap cross-signing keys
    • Store the master key backup
    • Set up key backup for room keys

  2. The recovery key is in hex format (not Element's Base58 format) - clients may show a different representation when displaying the key.

  3. For full E2EE functionality, you'd also want to:

    • Run bootstrapSecretStorage() from matrix-js-sdk
    • Set up cross-signing (master, self-signing, user-signing keys)
    • Enable room key backup

Files Created

  • /root/.openclaw/workspace/memory/testbot-recovery-key.txt - The recovery key
  • /root/.openclaw/workspace/memory/ssss-recovery-key-result.md - This report

Verification

# Check default key
curl -H "Authorization: Bearer <token>" \
  "https://chat.sulkta.com/_matrix/client/v3/user/@testbot-elementx:sulkta.com/account_data/m.secret_storage.default_key"
# Returns: {"key":"5b8ac89548308c51"}

# Check key description
curl -H "Authorization: Bearer <token>" \
  "https://chat.sulkta.com/_matrix/client/v3/user/@testbot-elementx:sulkta.com/account_data/m.secret_storage.key.5b8ac89548308c51"
# Returns: {"algorithm":"m.secret_storage.v1.aes-hmac-sha2","passphrase":{"algorithm":"m.pbkdf2","iterations":500000,"salt":"..."}}