From 68eda6b169144ac81c3a63b6c0442f5bf5a0fd96 Mon Sep 17 00:00:00 2001
From: alvis <allogn@gmail.com>
Date: Sat, 21 Mar 2026 04:40:33 +0000
Subject: [PATCH] Add crypto store details, room IDs, and decryption
 instructions

---
 Matrix.md | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/Matrix.md b/Matrix.md
index c1647a3..ad63e22 100644
--- a/Matrix.md
+++ b/Matrix.md
@@ -65,6 +65,43 @@ Outgoing verification events must NOT contain `transaction_id` (that field is fo
 
 To-device verification is also handled as a fallback.
 
+### Crypto Store
+
+E2EE state (olm sessions, megolm group sessions, device keys) is persisted in SQLite databases:
+
+```
+~/matrixbot/data/
+├── adolf/@bot:mtx.alogins.net_ADOLFDEVICE.db
+├── adolf/cross_signing.json
+├── zabbix/@zabbix:mtx.alogins.net_ZABBIXDEVICE.db
+└── zabbix/cross_signing.json
+```
+
+| Store | Pickle passphrase |
+|-------|-------------------|
+| SQLite databases (olm/megolm sessions) | `DEFAULT_KEY` (matrix-nio default) |
+| `cross_signing.json` files | `matrixbot-cs-keys` (`CS_PICKLE_PASS` in bot.py) |
+
+To decrypt E2EE messages, run inside the matrixbot container (host `python-olm` links against a different libolm, causing `BAD_ACCOUNT_KEY`):
+
+```python
+# docker exec matrixbot python3 -c "..."
+import olm, sqlite3
+conn = sqlite3.connect('/data/zabbix/@zabbix:mtx.alogins.net_ZABBIXDEVICE.db')
+cur = conn.cursor()
+cur.execute('SELECT session_id, session FROM megolminboundsessions WHERE room_id = ?', (ROOM,))
+for sid, blob in cur.fetchall():
+    session = olm.InboundGroupSession.from_pickle(blob, 'DEFAULT_KEY')
+    plaintext, idx = session.decrypt(ciphertext)
+```
+
+### Rooms
+
+| Room ID | Name |
+|---------|------|
+| `!kNQXdXrjSAjoAMdosG:mtx.alogins.net` | Agap Notifications (Zabbix) |
+| `!vYXGUTRHUIIrrZXTFE:mtx.alogins.net` | Adolf chat |
+
 ### Gotchas
 
 - **Device key upload before cross-signing**: `keys_upload()` must run before `bootstrap_cross_signing()`, otherwise the server can't find the device for self-signing.