Encryption Basics
Encryption is one of Matrix’s biggest strengths. It is important to understand a few basic ideas about encryption in Matrix.
What end-to-end encryption means
All DMs and most private rooms in Matrix are end-to-end encrypted by default.
This means:
- Messages are “password-locked” on your device
- Only the people in the room can “unlock” them
- Your homeserver can not read your messages
Even though messages pass through servers, they are unreadable to anyone except you and the people you’re chatting with.
Recovery keys
At some point, your client will ask you to save a recovery key or set a recovery passphrase. This is important. A recovery key is used to verify your new devices if you don’t have a currently verified device available to confirm your identity.
You should save your recovery key somewhere safe, like a password manager.
If you lose access to all your verified devices and your recovery key, you will still be able to log into your account, but you’ll lose access to all messages previously sent.
Verifying your devices
Matrix treats each device or app you log in on as its own session. For security reasons, every new device/session needs to be approved before it can read your encrypted messages.
So if you’re already using Matrix in Element and decide to try Cinny, Matrix will ask you to verify that new app. You can do this by:
- Entering your recovery key
- Approving it from another device you’re already logged in on
This is Matrix’s version of two-factor authentication. It makes sure that even if your account is compromised, nobody can access the messages you’ve previously sent.
Next Steps:
If you’d like to continue learning about Matrix, check out the next recommended page:
Text Chats in Matrix (Custom sticker packs, emotes, replies, threads