Feature Request: Device Verification Support (SAS/QR) #82
Description
Feature Request: Device Verification Support
Summary
Add support for interactive device verification (SAS emoji verification, QR codes) to enable bots to be verified by users.
Problem
Currently, when E2EE is enabled, bot devices remain permanently unverified in clients like Element. Users see "Encrypted by a device not verified by its owner" warnings with no way to resolve them.
Proposed Solution
Implement verification methods in CryptoClient:
// Request verification from own user's other sessions
async requestOwnUserVerification(): Promise<VerificationRequest>
// Accept incoming verification request
async acceptVerificationRequest(request: VerificationRequest): Promise<void>
// Handle SAS verification flow
async startSasVerification(request: VerificationRequest): Promise<SasVerification>Use Case
Bots running with E2EE enabled should be verifiable by their owners to:
- Remove "unverified device" warnings in Element
- Enable key sharing/backup with verified sessions
- Improve trust signals in encrypted rooms
Context
The Rust crypto SDK (@matrix-org/matrix-sdk-crypto-nodejs) likely has verification primitives that could be exposed. Element's matrix-js-sdk has full verification support as reference.
Workaround
Currently none — bots remain unverified indefinitely.