Set up encrypted-chat recovery once and forget it
A plain-English guide to E2EE key backup on chat.txid.uk - what a Security Key vs a Security Phrase does, and how to recover old messages on a new device.
chat.txid.uk runs on the Matrix protocol with a KakaoTalk-style UI. One-to-one chats and private group rooms are protected by end-to-end encryption (E2EE) - not even the server operator can read your messages.
The cost of E2EE is simple and brutal: if you lose your decryption keys, you also lose access to your own history. Signing in on a new laptop and seeing nothing but "🔒 Unable to decrypt" means you never set up key backup.
This is the one-shot guide to getting it right.
Why key backup exists
Matrix E2EE mints a fresh key pair on each device. The keys in Chrome on your desktop are different from the keys on your iPhone Safari. Even with the same account, each device only decrypts messages for which it has the matching "session keys."
That design is solid - until you hit one of these:
- You clear browser data. chat.txid.uk stores keys in IndexedDB. Wiping storage wipes the keys.
- You move to a new device. A fresh Chrome install, a new iPhone - none of them have your old room keys.
- You log out and back in. That resets the session and mints new keys.
Key backup uploads your key bundle to the server encrypted with a passphrase only you know. The server can host it but can't read it.
Security Key vs Security Phrase
chat.txid.uk asks for two similar-sounding values. They play different roles.
| Value | Form | Purpose |
|---|---|---|
| Security Key | Space-separated 48-character string starting with EsUc-… | Auto-generated. Paste into a password manager |
| Security Phrase (Passphrase) | A free-form string you choose | Human-memorable. The Security Key is derived from it |
You only need one of them safely stored. The Security Key is stronger but impossible to memorise; the Phrase is easy to remember but weak if it's too short.
Recommended in practice:
- At setup, define a Phrase of at least 12 words (e.g.
"blue sparrow under bridge yesterday ate kimbap"). - Also copy the auto-generated Security Key into 1Password / Bitwarden.
- Either one can unlock the backup, so forgetting one still leaves you with recovery options.
First-time setup
- Log into chat.txid.uk → top-right profile → Settings → Security
- In the "Key backup" card, click Start key backup
- Two options appear:
- Use a security phrase: type your own. Aim for 14+ characters
- Use only a security key: accept the generated 48-char key
- Recommended: create a phrase and save the auto-shown security key
- Hit continue. Your existing room keys are encrypted and uploaded
Once done, Settings → Security shows something like "Key backup is enabled, using backup version 1."
Restoring on a new device
- Sign into chat.txid.uk on the new device/browser
- Right after login, a banner asks "Restore your encrypted history?"
- Type the phrase or paste the Security Key
- Hit continue - your encrypted key bundle is pulled from the server and decrypted locally
Missed the banner? No problem. Settings → Security → Key backup always has a "Restore from backup" button.
Common failure modes
"Key backup is enabled but cannot be restored"
- Wrong Security Key or phrase. Double-check you haven't confused them with your login password
- The login password cannot unlock key backup - they're separate values
"A new backup version has been created from another device"
- You (or another signed-in device) disabled and re-enabled key backup with a new key
- Go to Settings → Security → Disable existing backup → Enable with the new key
A red "Session not verified" badge won't go away
- Key recovery succeeded but cross-device verification hasn't happened yet
- From your existing device, run the emoji-compare verification on the new device
If you lost everything
Realistically, old E2EE messages are gone for good. But you can still:
- Turn off key backup and start fresh with new keys. Old history stays 🔒 but new messages arrive normally.
- Plaintext (unencrypted) rooms are unaffected - those messages were never encrypted on the server anyway.
Prevention is 100× easier than recovery. The moment you log in, go to Settings → Security and turn key backup on.
TL;DR
- chat.txid.uk E2EE messages only decrypt with your local keys
- To read past messages on a new device or after clearing storage, key backup must be on
- Settings → Security → Start key backup, done in five minutes
- Save either the recovery phrase or the security key in a password manager - or both
- Lose both and the past is permanently unreadable. Setup is your insurance policy
chat.txid.uk's Settings → Security section links back to this page. If you're new, read this before starting real conversations.