@@ -58,6 +58,7 @@ class EncryptionManager:
5858 periodically_delete_expired_keys : bool
5959 delete_outdated_inbound : bool
6060 msc4190 : bool
61+ self_sign : bool
6162
6263 bridge : br .Bridge
6364 az : AppService
@@ -110,6 +111,7 @@ def __init__(
110111 self .key_sharing_enabled = bridge .config ["bridge.encryption.allow_key_sharing" ]
111112 self .appservice_mode = bridge .config ["bridge.encryption.appservice" ]
112113 self .msc4190 = bridge .config ["bridge.encryption.msc4190" ]
114+ self .self_sign = bridge .config ["bridge.encryption.self_sign" ]
113115 if self .appservice_mode :
114116 self .az .otk_handler = self .crypto .handle_as_otk_counts
115117 self .az .device_list_handler = self .crypto .handle_as_device_lists
@@ -288,8 +290,18 @@ async def start(self) -> None:
288290 if not device_id :
289291 await self .crypto_store .put_device_id (self .client .device_id )
290292 self .log .debug (f"Logged in with new device ID { self .client .device_id } )
293+ await self .crypto .share_keys ()
291294 elif self .crypto .account .shared :
292295 await self ._verify_keys_are_on_server ()
296+ else :
297+ await self .crypto .share_keys ()
298+ if self .self_sign :
299+ trust_state = await self .crypto .resolve_trust (self .crypto .own_identity )
300+ if trust_state < TrustState .CROSS_SIGNED_UNTRUSTED :
301+ recovery_key = await self .crypto .generate_recovery_key ()
302+ self .log .info (f"Generated recovery key and signed own device: { recovery_key } )
303+ else :
304+ self .log .debug (f"Own device is already verified ({ trust_state } )
293305 if self .appservice_mode :
294306 self .log .info ("End-to-bridge encryption support is enabled (appservice mode)" )
295307 else :
0 commit comments