Identity reset flow leaves broken account/device if it races with a /keys/query

[richvdh]

STR:

1. Log in
2. Click "Can't confirm?"
3. Click "Continue reset"
4. Click "Yes, reset now"
5. Log in on another device
6. Back on the first device, enter the account password

At this point, things appear normal (other than the suggestion that you set up recovery) but the client has thrown away the private cross-signing keys.

Now:

7. Click "Set up recovery"
8. Now on the Encryption settings menu, Click "Set up recovery" (aside: this seems a redundant step)
9. Click "Generate your recovery key"
10. Copy the recovery key
11. Click "Done"

Now, observe:

Entering the recovery key does nothing to help, as you might expect.

[richvdh]

The problem is that the new device triggers a /keys/query for our own account, whose response contains the old cross-signing identity. We spot that the private key doesn't match the public key, and drop the private keys:

2025-02-19T17:58:50.115536Z  INFO matrix_sdk_crypto::identities::manager: Removed some or all of our private cross signing keys cleared=DiffResult { master_differs: true, self_signing_differs: true, user_signing_differs: true }

[richvdh]

This might be the cause behind element-hq/element-x-android#3039 or element-hq/element-x-android#3644? The symptoms are slightly different though.