Add CryptoApi.resetEncryption (#4614)

* feat(crypto api): Add `CryptoApi#resetEncryption` * docs(crypto api): Review changes * test(crypto api): Cleaner way to handle key backup removal
2025-11-26 17:03:12 +03:00 · 2025-01-22 11:53:50 +01:00
parent e5fda72884
commit 61375ef38a
4 changed files with 115 additions and 0 deletions
--- a/src/rust-crypto/rust-crypto.ts
+++ b/src/rust-crypto/rust-crypto.ts
@@ -88,6 +88,7 @@ import { PerSessionKeyBackupDownloader } from "./PerSessionKeyBackupDownloader.t
 import { DehydratedDeviceManager } from "./DehydratedDeviceManager.ts";
 import { VerificationMethod } from "../types.ts";
 import { keyFromAuthData } from "../common-crypto/key-passphrase.ts";
+import { UIAuthCallback } from "../interactive-auth.ts";

 const ALL_VERIFICATION_METHODS = [
    VerificationMethod.Sas,
@@ -1472,6 +1473,30 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, CryptoEventH
        return batch;
    }

+    /**
+     * Implementation of {@link CryptoApi#resetEncryption}.
+     */
+    public async resetEncryption(authUploadDeviceSigningKeys: UIAuthCallback<void>): Promise<void> {
+        const backupEnabled = (await this.backupManager.getActiveBackupVersion()) !== null;
+
+        // Disable backup, and delete all the backups from the server
+        await this.backupManager.deleteAllKeyBackupVersions();
+
+        // Disable the recovery key and the secret storage
+        await this.secretStorage.setDefaultKeyId(null);
+
+        // Reset the cross-signing keys
+        await this.crossSigningIdentity.bootstrapCrossSigning({
+            setupNewCrossSigning: true,
+            authUploadDeviceSigningKeys,
+        });
+
+        // If key backup was enabled, we create a new backup
+        if (backupEnabled) {
+            await this.resetKeyBackup();
+        }
+    }
+
    ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
    //
    // SyncCryptoCallbacks implementation