← back to waywardinn.com

Encryption Key Guide

waywardinn.com · matrix.waywardinn.com

What is an Encryption Key?

Matrix uses end-to-end encryption (E2EE) to protect your messages. When it's enabled in a room, your messages are encrypted on your device before being sent. The server never sees what you wrote.

Your Security Key (sometimes called a Recovery Key) is what lets you decrypt your message history when you log in on a new device, reinstall your client, or get logged out. Without it, your past encrypted messages are gone forever. We can't recover them either.

How to Back Up Your Key in Sable

The first time you register on a homeserver, you need to set up verification manually. In Sable, go to:

Settings → Devices → Enable Verification

Follow these steps to complete the setup:

  • Choose to generate a Security Key or use a strong passphrase.
  • Download or copy the key and store it somewhere safe: a password manager, printed paper, or an encrypted drive.
  • Complete the setup. Sable will now automatically back up your session keys to the server, encrypted with your Security Key.
  • Any time you sign in on a new device after that, Sable, Element, and other clients will prompt you to verify against an existing logged-in session. Just approve it from another device or enter your Security Key.
Encrypted vs Unencrypted Rooms
🔒 Encrypted
  • Messages encrypted on your device
  • Server cannot read content
  • Requires key verification
  • New members can't read history
  • Best for private groups and direct messages
○ Unencrypted
  • Messages stored as plaintext
  • Server can read all content
  • No key management needed
  • Full history accessible to new members
  • Best for open communities and public rooms
A Note on Large Public Servers

Encryption is powerful, but it's a bad fit for big open communities. You can't realistically make sure every member has backed up their keys. Encryption in Matrix is tied to each session, so someone who loses their key just quietly loses their history. Nobody gets notified.

For public rooms, bridges, and announcement channels, unencrypted is the right call. Keep encryption for private groups, DMs, and rooms where you know everyone. It keeps history accessible, moderation simple, and saves casual users from getting stuck on broken key prompts.