@unwanted/matrix-sdk-mini 34.12.0-2 → 34.12.0-4

package/src/client.ts

@@ -20,7 +20,6 @@ limitations under the License.
 
 import { Optional } from "matrix-events-sdk";
 
-import type { IDeviceKeys, IMegolmSessionData, IOneTimeKey } from "./@types/crypto.ts";
 import { ISyncStateData, SetPresence, SyncApi, SyncApiOptions, SyncState } from "./sync.ts";
 import {
     EventStatus,
@@ -34,18 +33,13 @@ import {
 } from "./models/event.ts";
 import { StubStore } from "./store/stub.ts";
 import { Filter, IFilterDefinition, IRoomEventFilter } from "./filter.ts";
-
 import * as utils from "./utils.ts";
-import { noUnsafeEventProps, QueryDict, replaceParam, safeSet, sleep } from "./utils.ts";
+import { noUnsafeEventProps, QueryDict, replaceParam, sleep } from "./utils.ts";
 import { Direction, EventTimeline } from "./models/event-timeline.ts";
 import { IActionsObject, PushProcessor } from "./pushprocessor.ts";
 import { AutoDiscovery, AutoDiscoveryAction } from "./autodiscovery.ts";
-import * as olmlib from "./crypto/olmlib.ts";
-import { decodeBase64, encodeBase64, encodeUnpaddedBase64Url } from "./base64.ts";
-import { IExportedDevice as IExportedOlmDevice } from "./crypto/OlmDevice.ts";
-import { IOlmDevice } from "./crypto/algorithms/megolm.ts";
+import { encodeUnpaddedBase64Url } from "./base64.ts";
 import { TypedReEmitter } from "./ReEmitter.ts";
-import { IRoomEncryption } from "./crypto/RoomList.ts";
 import { logger, Logger } from "./logger.ts";
 import { SERVICE_TYPES } from "./service-types.ts";
 import {
@@ -54,7 +48,6 @@ import {
     FileType,
     HttpApiEvent,
     HttpApiEventHandlerMap,
-    HTTPError,
     IdentityPrefix,
     IHttpOpts,
     IRequestOpts,
@@ -68,38 +61,16 @@ import {
     UploadOpts,
     UploadResponse,
 } from "./http-api/index.ts";
-import {
-    Crypto,
-    CryptoEvent as LegacyCryptoEvent,
-    CryptoEventHandlerMap as LegacyCryptoEventHandlerMap,
-    fixBackupKey,
-    ICheckOwnCrossSigningTrustOpts,
-    IRoomKeyRequestBody,
-} from "./crypto/index.ts";
-import { DeviceInfo } from "./crypto/deviceinfo.ts";
 import { User, UserEvent, UserEventHandlerMap } from "./models/user.ts";
 import { getHttpUriForMxc } from "./content-repo.ts";
 import { SearchResult } from "./models/search-result.ts";
-import { DEHYDRATION_ALGORITHM, IDehydratedDevice, IDehydratedDeviceKeyInfo } from "./crypto/dehydration.ts";
-import {
-    IKeyBackupInfo,
-    IKeyBackupPrepareOpts,
-    IKeyBackupRestoreOpts,
-    IKeyBackupRestoreResult,
-    IKeyBackupRoomSessions,
-    IKeyBackupSession,
-} from "./crypto/keybackup.ts";
 import { IIdentityServerProvider } from "./@types/IIdentityServerProvider.ts";
 import { MatrixScheduler } from "./scheduler.ts";
 import { BeaconEvent, BeaconEventHandlerMap } from "./models/beacon.ts";
 import { AuthDict } from "./interactive-auth.ts";
 import { IMinimalEvent, IRoomEvent, IStateEvent } from "./sync-accumulator.ts";
-import { CrossSigningKey, ICreateSecretStorageOpts, IEncryptedEventInfo, IRecoveryKey } from "./crypto/api.ts";
 import { EventTimelineSet } from "./models/event-timeline-set.ts";
-import { VerificationRequest } from "./crypto/verification/request/VerificationRequest.ts";
-import { VerificationBase as Verification } from "./crypto/verification/Base.ts";
 import * as ContentHelpers from "./content-helpers.ts";
-import { CrossSigningInfo, DeviceTrustLevel, ICacheCallbacks, UserTrustLevel } from "./crypto/CrossSigning.ts";
 import { NotificationCountType, Room, RoomEvent, RoomEventHandlerMap, RoomNameState } from "./models/room.ts";
 import { RoomMemberEvent, RoomMemberEventHandlerMap } from "./models/room-member.ts";
 import { IPowerLevelsContent, RoomStateEvent, RoomStateEventHandlerMap } from "./models/room-state.ts";
@@ -154,11 +125,9 @@ import {
 } from "./@types/partials.ts";
 import { EventMapper, eventMapperFor, MapperOpts } from "./event-mapper.ts";
 import { randomString } from "./randomstring.ts";
-import { BackupManager, IKeyBackup, IKeyBackupCheck, IPreparedKeyBackupVersion, TrustInfo } from "./crypto/backup.ts";
 import { DEFAULT_TREE_POWER_LEVELS_TEMPLATE, MSC3089TreeSpace } from "./models/MSC3089TreeSpace.ts";
 import { ISignatures } from "./@types/signed.ts";
 import { IStore } from "./store/index.ts";
-import { ISecretRequest } from "./crypto/SecretStorage.ts";
 import {
     IEventWithRoomId,
     ISearchRequestBody,
@@ -180,7 +149,6 @@ import {
     RuleId,
 } from "./@types/PushRules.ts";
 import { IThreepid } from "./@types/threepids.ts";
-import { CryptoStore, OutgoingRoomKeyRequest } from "./crypto/store/base.ts";
 import {
     ILoginFlowsResponse,
     IRefreshTokenResponse,
@@ -209,25 +177,6 @@ import { IgnoredInvites } from "./models/invites-ignorer.ts";
 import { UIARequest, UIAResponse } from "./@types/uia.ts";
 import { LocalNotificationSettings } from "./@types/local_notifications.ts";
 import { buildFeatureSupportMap, Feature, ServerSupport } from "./feature.ts";
-import { BackupDecryptor, CryptoBackend } from "./common-crypto/CryptoBackend.ts";
-import { RUST_SDK_STORE_PREFIX } from "./rust-crypto/constants.ts";
-import {
-    BootstrapCrossSigningOpts,
-    CrossSigningKeyInfo,
-    CryptoApi,
-    decodeRecoveryKey,
-    ImportRoomKeysOpts,
-    CryptoEvent,
-    CryptoEventHandlerMap,
-    CryptoCallbacks,
-} from "./crypto-api/index.ts";
-import { DeviceInfoMap } from "./crypto/DeviceList.ts";
-import {
-    AddSecretStorageKeyOpts,
-    SecretStorageKeyDescription,
-    ServerSideSecretStorage,
-    ServerSideSecretStorageImpl,
-} from "./secret-storage.ts";
 import { RegisterRequest, RegisterResponse } from "./@types/registration.ts";
 import { getRelationsThreadFilter } from "./thread-utils.ts";
 import { KnownMembership, Membership } from "./@types/membership.ts";
@@ -235,14 +184,12 @@ import { RoomMessageEventContent, StickerEventContent } from "./@types/events.ts
 import { ImageInfo } from "./@types/media.ts";
 import { Capabilities, ServerCapabilities } from "./serverCapabilities.ts";
 import { sha256 } from "./digest.ts";
-import { keyFromAuthData } from "./common-crypto/key-passphrase.ts";
 
 export type Store = IStore;
 
 export type ResetTimelineCallback = (roomId: string) => boolean;
 
 const SCROLLBACK_DELAY_MS = 3000;
-const TURN_CHECK_INTERVAL = 10 * 60 * 1000; // poll for turn credentials every 10 minutes
 
 export const UNSTABLE_MSC3852_LAST_SEEN_UA = new UnstableValue(
     "last_seen_user_agent",
@@ -250,18 +197,10 @@ export const UNSTABLE_MSC3852_LAST_SEEN_UA = new UnstableValue(
 );
 
 interface IExportedDevice {
-    olmDevice: IExportedOlmDevice;
     userId: string;
     deviceId: string;
 }
 
-export interface IKeysUploadResponse {
-    one_time_key_counts: {
-        // eslint-disable-line camelcase
-        [algorithm: string]: number;
-    };
-}
-
 export interface ICreateClientOpts {
     baseUrl: string;
 
@@ -274,20 +213,6 @@ export interface ICreateClientOpts {
      */
     store?: Store;
 
-    /**
-     * A store to be used for end-to-end crypto session data.
-     * The `createClient` helper will create a default store if needed. Calls the factory supplied to
-     * {@link setCryptoStoreFactory} if unspecified; or if no factory has been
-     * specified, uses a default implementation (indexeddb in the browser,
-     * in-memory otherwise).
-     *
-     * This is only used for the legacy crypto implementation (as used by {@link MatrixClient#initCrypto}),
-     * but if you use the rust crypto implementation ({@link MatrixClient#initRustCrypto}) and the device
-     * previously used legacy crypto (so must be migrated), then this must still be provided, so that the
-     * data can be migrated from the legacy store.
-     */
-    cryptoStore?: CryptoStore;
-
     /**
      * The scheduler to use. If not
      * specified, this client will not retry requests on failure. This client
@@ -392,11 +317,6 @@ export interface ICreateClientOpts {
      */
     verificationMethods?: Array<string>;
 
-    /**
-     * Whether relaying calls through a TURN server should be forced. Default false.
-     */
-    forceTURN?: boolean;
-
     /**
      * Up to this many ICE candidates will be gathered when an incoming call arrives.
      * Gathering does not send data to the caller, but will communicate with the configured TURN
@@ -404,30 +324,14 @@ export interface ICreateClientOpts {
      */
     iceCandidatePoolSize?: number;
 
-    /**
-     * True to advertise support for call transfers to other parties on Matrix calls. Default false.
-     */
-    supportsCallTransfer?: boolean;
-
     /**
      * Whether to allow a fallback ICE server should be used for negotiating a
      * WebRTC connection if the homeserver doesn't provide any servers. Defaults to false.
      */
     fallbackICEServerAllowed?: boolean;
 
-    /**
-     * If true, to-device signalling for group calls will be encrypted
-     * with Olm. Default: true.
-     */
-    useE2eForGroupCall?: boolean;
-
     livekitServiceURL?: string;
 
-    /**
-     * Crypto callbacks provided by the application
-     */
-    cryptoCallbacks?: CryptoCallbacks;
-
     /**
      * Method to generate room names for empty rooms and rooms names based on membership.
      * Defaults to a built-in English handler with basic pluralisation.
@@ -531,7 +435,7 @@ export interface IStartClientOpts {
     slidingSync?: SlidingSync;
 }
 
-export interface IStoredClientOpts extends IStartClientOpts {}
+export interface IStoredClientOpts extends IStartClientOpts { }
 
 export const GET_LOGIN_TOKEN_CAPABILITY = new NamespacedValue(
     "m.get_login_token",
@@ -546,14 +450,6 @@ export const UNSTABLE_MSC4140_DELAYED_EVENTS = "org.matrix.msc4140";
 
 export const UNSTABLE_MSC4133_EXTENDED_PROFILES = "uk.tcpip.msc4133";
 
-enum CrossSigningKeyType {
-    MasterKey = "master_key",
-    SelfSigningKey = "self_signing_key",
-    UserSigningKey = "user_signing_key",
-}
-
-export type CrossSigningKeys = Record<CrossSigningKeyType, CrossSigningKeyInfo>;
-
 export type SendToDeviceContentMap = Map<string, Map<string, Record<string, any>>>;
 
 export interface ISignedKey {
@@ -564,7 +460,6 @@ export interface ISignedKey {
     device_id: string;
 }
 
-export type KeySignatures = Record<string, Record<string, CrossSigningKeyInfo | ISignedKey>>;
 export interface IUploadKeySignaturesResponse {
     failures: Record<
         string,
@@ -626,13 +521,6 @@ export interface IWellKnownConfig<T = IClientWellKnown> {
     server_name?: string;
 }
 
-interface IKeyBackupPath {
-    path: string;
-    queryData?: {
-        version: string;
-    };
-}
-
 interface IMediaConfig {
     [key: string]: any; // extensible
     "m.upload.size"?: number;
@@ -679,12 +567,6 @@ export interface IRequestMsisdnTokenResponse extends IRequestTokenResponse {
     intl_fmt: string;
 }
 
-export interface IUploadKeysRequest {
-    "device_keys"?: Required<IDeviceKeys>;
-    "one_time_keys"?: Record<string, IOneTimeKey>;
-    "org.matrix.msc2732.fallback_keys"?: Record<string, IOneTimeKey>;
-}
-
 export interface IQueryKeysRequest {
     device_keys: { [userId: string]: string[] };
     timeout?: number;
@@ -779,27 +661,6 @@ export interface Keys {
     user_id: string;
 }
 
-export interface SigningKeys extends Keys {
-    signatures: ISignatures;
-}
-
-export interface DeviceKeys {
-    [deviceId: string]: IDeviceKeys & {
-        unsigned?: {
-            device_display_name: string;
-        };
-    };
-}
-
-export interface IDownloadKeyResult {
-    failures: { [serverName: string]: object };
-    device_keys: { [userId: string]: DeviceKeys };
-    // the following three fields were added in 1.1
-    master_keys?: { [userId: string]: Keys };
-    self_signing_keys?: { [userId: string]: SigningKeys };
-    user_signing_keys?: { [userId: string]: SigningKeys };
-}
-
 export interface IClaimOTKsResult {
     failures: { [serverName: string]: object };
     one_time_keys: {
@@ -868,14 +729,6 @@ export interface RoomSummary extends Omit<IPublicRoomsChunkRoom, "canonical_alia
     "im.nheko.summary.encryption"?: string;
 }
 
-interface IRoomKeysResponse {
-    sessions: IKeyBackupRoomSessions;
-}
-
-interface IRoomsKeysResponse {
-    rooms: Record<string, IRoomKeysResponse>;
-}
-
 interface IRoomHierarchy {
     rooms: IHierarchyRoom[];
     next_batch?: string;
@@ -934,26 +787,6 @@ type RoomStateEvents =
     | RoomStateEvent.Update
     | RoomStateEvent.Marker;
 
-type LegacyCryptoEvents =
-    | LegacyCryptoEvent.KeySignatureUploadFailure
-    | LegacyCryptoEvent.KeyBackupStatus
-    | LegacyCryptoEvent.KeyBackupFailed
-    | LegacyCryptoEvent.KeyBackupSessionsRemaining
-    | LegacyCryptoEvent.KeyBackupDecryptionKeyCached
-    | LegacyCryptoEvent.RoomKeyRequest
-    | LegacyCryptoEvent.RoomKeyRequestCancellation
-    | LegacyCryptoEvent.VerificationRequest
-    | LegacyCryptoEvent.VerificationRequestReceived
-    | LegacyCryptoEvent.DeviceVerificationChanged
-    | LegacyCryptoEvent.UserTrustStatusChanged
-    | LegacyCryptoEvent.KeysChanged
-    | LegacyCryptoEvent.Warning
-    | LegacyCryptoEvent.DevicesUpdated
-    | LegacyCryptoEvent.WillUpdateDevices
-    | LegacyCryptoEvent.LegacyCryptoStoreMigrationProgress;
-
-type CryptoEvents = (typeof CryptoEvent)[keyof typeof CryptoEvent];
-
 type MatrixEventEvents = MatrixEventEvent.Decrypted | MatrixEventEvent.Replaced | MatrixEventEvent.VisibilityChange;
 
 type RoomMemberEvents =
@@ -973,8 +806,6 @@ export type EmittedEvents =
     | ClientEvent
     | RoomEvents
     | RoomStateEvents
-    | LegacyCryptoEvents
-    | CryptoEvents
     | MatrixEventEvents
     | RoomMemberEvents
     | UserEvents
@@ -1179,8 +1010,6 @@ export type ClientEventHandlerMap = {
     [ClientEvent.TurnServersError]: (error: Error, fatal: boolean) => void;
 } & RoomEventHandlerMap &
     RoomStateEventHandlerMap &
-    LegacyCryptoEventHandlerMap &
-    CryptoEventHandlerMap &
     MatrixEventHandlerMap &
     RoomMemberEventHandlerMap &
     UserEventHandlerMap &
@@ -1224,18 +1053,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
     public identityServer?: IIdentityServerProvider;
     public http: MatrixHttpApi<IHttpOpts & { onlyData: true }>; // XXX: Intended private, used in code.
 
-    /**
-     * The libolm crypto implementation, if it is in use.
-     *
-     * @deprecated This should not be used. Instead, use the methods exposed directly on this class or
-     * (where they are available) via {@link getCrypto}.
-     */
-    public crypto?: Crypto; // XXX: Intended private, used in code. Being replaced by cryptoBackend
-
-    private cryptoBackend?: CryptoBackend; // one of crypto or rustCrypto
-    public cryptoCallbacks: CryptoCallbacks; // XXX: Intended private, used in code.
-    public supportsCallTransfer = false; // XXX: Intended private, used in code.
-    public forceTURN = false; // XXX: Intended private, used in code.
     public iceCandidatePoolSize = 0; // XXX: Intended private, used in code.
     public idBaseUrl?: string;
     public baseUrl: string;
@@ -1246,13 +1063,11 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
     // Note: these are all `protected` to let downstream consumers make mistakes if they want to.
     // We don't technically support this usage, but have reasons to do this.
 
-    protected canSupportVoip = false;
     protected peekSync: SyncApi | null = null;
     protected isGuestAccount = false;
     protected ongoingScrollbacks: { [roomId: string]: { promise?: Promise<Room>; errorTs?: number } } = {};
     protected notifTimelineSet: EventTimelineSet | null = null;
     /* @deprecated  */
-    protected cryptoStore?: CryptoStore;
     protected verificationMethods?: string[];
     protected fallbackICEServerAllowed = false;
     protected syncApi?: SlidingSyncSdk | SyncApi;
@@ -1275,10 +1090,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
 
     protected clientWellKnown?: IClientWellKnown;
     protected clientWellKnownPromise?: Promise<IClientWellKnown>;
-    protected turnServers: ITurnServer[] = [];
-    protected turnServersExpiry = 0;
-    protected checkTurnServersIntervalID?: ReturnType<typeof setInterval>;
-    protected exportedOlmDeviceToImport?: IExportedOlmDevice;
     protected txnCtr = 0;
     protected sessionId: string;
 
@@ -1289,12 +1100,9 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
      */
     private eventsBeingEncrypted = new Set<string>();
 
-    private useE2eForGroupCall = true;
     private toDeviceMessageQueue: ToDeviceMessageQueue;
     public livekitServiceURL?: string;
 
-    private _secretStorage: ServerSideSecretStorageImpl;
-
     // A manager for determining which invites should be ignored.
     public readonly ignoredInvites: IgnoredInvites;
 
@@ -1341,20 +1149,18 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
             if (this.deviceId) {
                 this.logger.warn(
                     "not importing device because device ID is provided to " +
-                        "constructor independently of exported data",
+                    "constructor independently of exported data",
                 );
             } else if (this.credentials.userId) {
                 this.logger.warn(
                     "not importing device because user ID is provided to " +
-                        "constructor independently of exported data",
+                    "constructor independently of exported data",
                 );
             } else if (!opts.deviceToImport.deviceId) {
                 this.logger.warn("not importing device because no device ID in exported data");
             } else {
                 this.deviceId = opts.deviceToImport.deviceId;
                 this.credentials.userId = opts.deviceToImport.userId;
-                // will be used during async initialization of the crypto
-                this.exportedOlmDeviceToImport = opts.deviceToImport.olmDevice;
             }
         } else if (opts.pickleKey) {
             this.pickleKey = opts.pickleKey;
@@ -1385,34 +1191,19 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
 
         this.timelineSupport = Boolean(opts.timelineSupport);
 
-        this.cryptoStore = opts.cryptoStore;
         this.verificationMethods = opts.verificationMethods;
-        this.cryptoCallbacks = opts.cryptoCallbacks || {};
 
-        this.forceTURN = opts.forceTURN || false;
         this.iceCandidatePoolSize = opts.iceCandidatePoolSize === undefined ? 0 : opts.iceCandidatePoolSize;
-        this.supportsCallTransfer = opts.supportsCallTransfer || false;
         this.fallbackICEServerAllowed = opts.fallbackICEServerAllowed || false;
         this.isVoipWithNoMediaAllowed = opts.isVoipWithNoMediaAllowed || false;
 
-        if (opts.useE2eForGroupCall !== undefined) this.useE2eForGroupCall = opts.useE2eForGroupCall;
-
         this.livekitServiceURL = opts.livekitServiceURL;
 
         this.roomNameGenerator = opts.roomNameGenerator;
 
         this.toDeviceMessageQueue = new ToDeviceMessageQueue(this);
 
-        // The SDK doesn't really provide a clean way for events to recalculate the push
-        // actions for themselves, so we have to kinda help them out when they are encrypted.
-        // We do this so that push rules are correctly executed on events in their decrypted
-        // state, such as highlights when the user's name is mentioned.
-        this.on(MatrixEventEvent.Decrypted, (event) => {
-            fixNotificationCountOnDecryption(this, event);
-        });
-
         this.ignoredInvites = new IgnoredInvites(this);
-        this._secretStorage = new ServerSideSecretStorageImpl(this, opts.cryptoCallbacks ?? {});
 
         // having lots of event listeners is not unusual. 0 means "unlimited".
         this.setMaxListeners(0);
@@ -1448,15 +1239,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
             this.store.storeUser(new User(userId));
         }
 
-        // periodically poll for turn servers if we support voip
-        if (this.canSupportVoip) {
-            this.checkTurnServersIntervalID = setInterval(() => {
-                this.checkTurnServers();
-            }, TURN_CHECK_INTERVAL);
-            // noinspection ES6MissingAwait
-            this.checkTurnServers();
-        }
-
         if (this.syncApi) {
             // This shouldn't happen since we thought the client was not running
             this.logger.error("Still have sync object whilst not running: stopping old one");
@@ -1485,7 +1267,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
                 this.clientOpts.slidingSync,
                 this,
                 this.clientOpts,
-                this.buildSyncApiOptions(),
             );
         } else {
             this.syncApi = new SyncApi(this, this.clientOpts, this.buildSyncApiOptions());
@@ -1509,8 +1290,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
      */
     protected buildSyncApiOptions(): SyncApiOptions {
         return {
-            crypto: this.crypto,
-            cryptoCallbacks: this.cryptoBackend,
             canResetEntireTimeline: (roomId: string): boolean => {
                 if (!this.canResetTimelineCallback) {
                     return false;
@@ -1525,8 +1304,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
      * clean shutdown.
      */
     public stopClient(): void {
-        this.cryptoBackend?.stop(); // crypto might have been initialised even if the client wasn't fully started
-
         if (!this.clientRunning) return; // already stopped
 
         this.logger.debug("stopping MatrixClient");
@@ -1538,9 +1315,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
 
         this.peekSync?.stopPeeking();
 
-        globalThis.clearInterval(this.checkTurnServersIntervalID);
-        this.checkTurnServersIntervalID = undefined;
-
         if (this.clientWellKnownIntervalID !== undefined) {
             globalThis.clearInterval(this.clientWellKnownIntervalID);
         }
@@ -1550,171 +1324,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         this.serverCapabilitiesService.stop();
     }
 
-    /**
-     * Try to rehydrate a device if available.  The client must have been
-     * initialized with a `cryptoCallback.getDehydrationKey` option, and this
-     * function must be called before initCrypto and startClient are called.
-     *
-     * @returns Promise which resolves to undefined if a device could not be dehydrated, or
-     *     to the new device ID if the dehydration was successful.
-     * @returns Rejects: with an error response.
-     *
-     * @deprecated MSC2697 device dehydration is not supported for rust cryptography.
-     */
-    public async rehydrateDevice(): Promise<string | undefined> {
-        if (this.crypto) {
-            throw new Error("Cannot rehydrate device after crypto is initialized");
-        }
-
-        if (!this.cryptoCallbacks.getDehydrationKey) {
-            return;
-        }
-
-        const getDeviceResult = await this.getDehydratedDevice();
-        if (!getDeviceResult) {
-            return;
-        }
-
-        if (!getDeviceResult.device_data || !getDeviceResult.device_id) {
-            this.logger.info("no dehydrated device found");
-            return;
-        }
-
-        const account = new globalThis.Olm.Account();
-        try {
-            const deviceData = getDeviceResult.device_data;
-            if (deviceData.algorithm !== DEHYDRATION_ALGORITHM) {
-                this.logger.warn("Wrong algorithm for dehydrated device");
-                return;
-            }
-            this.logger.debug("unpickling dehydrated device");
-            const key = await this.cryptoCallbacks.getDehydrationKey(deviceData, (k) => {
-                // copy the key so that it doesn't get clobbered
-                account.unpickle(new Uint8Array(k), deviceData.account);
-            });
-            account.unpickle(key, deviceData.account);
-            this.logger.debug("unpickled device");
-
-            const rehydrateResult = await this.http.authedRequest<{ success: boolean }>(
-                Method.Post,
-                "/dehydrated_device/claim",
-                undefined,
-                {
-                    device_id: getDeviceResult.device_id,
-                },
-                {
-                    prefix: "/_matrix/client/unstable/org.matrix.msc2697.v2",
-                },
-            );
-
-            if (rehydrateResult.success) {
-                this.deviceId = getDeviceResult.device_id;
-                this.logger.info("using dehydrated device");
-                const pickleKey = this.pickleKey || "DEFAULT_KEY";
-                this.exportedOlmDeviceToImport = {
-                    pickledAccount: account.pickle(pickleKey),
-                    sessions: [],
-                    pickleKey: pickleKey,
-                };
-                account.free();
-                return this.deviceId;
-            } else {
-                account.free();
-                this.logger.info("not using dehydrated device");
-                return;
-            }
-        } catch (e) {
-            account.free();
-            this.logger.warn("could not unpickle", e);
-        }
-    }
-
-    /**
-     * Get the current dehydrated device, if any
-     * @returns A promise of an object containing the dehydrated device
-     *
-     * @deprecated MSC2697 device dehydration is not supported for rust cryptography.
-     */
-    public async getDehydratedDevice(): Promise<IDehydratedDevice | undefined> {
-        try {
-            return await this.http.authedRequest<IDehydratedDevice>(
-                Method.Get,
-                "/dehydrated_device",
-                undefined,
-                undefined,
-                {
-                    prefix: "/_matrix/client/unstable/org.matrix.msc2697.v2",
-                },
-            );
-        } catch (e) {
-            this.logger.info("could not get dehydrated device", e);
-            return;
-        }
-    }
-
-    /**
-     * Set the dehydration key.  This will also periodically dehydrate devices to
-     * the server.
-     *
-     * @param key - the dehydration key
-     * @param keyInfo - Information about the key.  Primarily for
-     *     information about how to generate the key from a passphrase.
-     * @param deviceDisplayName - The device display name for the
-     *     dehydrated device.
-     * @returns A promise that resolves when the dehydrated device is stored.
-     *
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public async setDehydrationKey(
-        key: Uint8Array,
-        keyInfo: IDehydratedDeviceKeyInfo,
-        deviceDisplayName?: string,
-    ): Promise<void> {
-        if (!this.crypto) {
-            this.logger.warn("not dehydrating device if crypto is not enabled");
-            return;
-        }
-        return this.crypto.dehydrationManager.setKeyAndQueueDehydration(key, keyInfo, deviceDisplayName);
-    }
-
-    /**
-     * Creates a new MSC2967 dehydrated device (without queuing periodic dehydration)
-     * @param key - the dehydration key
-     * @param keyInfo - Information about the key.  Primarily for
-     *     information about how to generate the key from a passphrase.
-     * @param deviceDisplayName - The device display name for the
-     *     dehydrated device.
-     * @returns the device id of the newly created dehydrated device
-     *
-     * @deprecated Not supported for Rust Cryptography. Prefer {@link CryptoApi.startDehydration}.
-     */
-    public async createDehydratedDevice(
-        key: Uint8Array,
-        keyInfo: IDehydratedDeviceKeyInfo,
-        deviceDisplayName?: string,
-    ): Promise<string | undefined> {
-        if (!this.crypto) {
-            this.logger.warn("not dehydrating device if crypto is not enabled");
-            return;
-        }
-        await this.crypto.dehydrationManager.setKey(key, keyInfo, deviceDisplayName);
-        return this.crypto.dehydrationManager.dehydrateDevice();
-    }
-
-    /** @deprecated Not supported for Rust Cryptography. */
-    public async exportDevice(): Promise<IExportedDevice | undefined> {
-        if (!this.crypto) {
-            this.logger.warn("not exporting device if crypto is not enabled");
-            return;
-        }
-        return {
-            userId: this.credentials.userId!,
-            deviceId: this.deviceId!,
-            // XXX: Private member access.
-            olmDevice: await this.crypto.olmDevice.export(),
-        };
-    }
-
     /**
      * Clear any data out of the persistent stores used by the client.
      *
@@ -1728,48 +1337,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         const promises: Promise<void>[] = [];
 
         promises.push(this.store.deleteAllData());
-        if (this.cryptoStore) {
-            promises.push(this.cryptoStore.deleteAllData());
-        }
-
-        // delete the stores used by the rust matrix-sdk-crypto, in case they were used
-        const deleteRustSdkStore = async (): Promise<void> => {
-            let indexedDB: IDBFactory;
-            try {
-                indexedDB = globalThis.indexedDB;
-                if (!indexedDB) return; // No indexedDB support
-            } catch {
-                // No indexedDB support
-                return;
-            }
-            for (const dbname of [
-                `${RUST_SDK_STORE_PREFIX}::matrix-sdk-crypto`,
-                `${RUST_SDK_STORE_PREFIX}::matrix-sdk-crypto-meta`,
-            ]) {
-                const prom = new Promise((resolve, reject) => {
-                    this.logger.info(`Removing IndexedDB instance ${dbname}`);
-                    const req = indexedDB.deleteDatabase(dbname);
-                    req.onsuccess = (_): void => {
-                        this.logger.info(`Removed IndexedDB instance ${dbname}`);
-                        resolve(0);
-                    };
-                    req.onerror = (e): void => {
-                        // In private browsing, Firefox has a globalThis.indexedDB, but attempts to delete an indexeddb
-                        // (even a non-existent one) fail with "DOMException: A mutation operation was attempted on a
-                        // database that did not allow mutations."
-                        //
-                        // it seems like the only thing we can really do is ignore the error.
-                        this.logger.warn(`Failed to remove IndexedDB instance ${dbname}:`, e);
-                        resolve(0);
-                    };
-                    req.onblocked = (e): void => {
-                        this.logger.info(`cannot yet remove IndexedDB instance ${dbname}`);
-                    };
-                });
-                await prom;
-            }
-        };
-        promises.push(deleteRustSdkStore());
 
         return Promise.all(promises).then(); // .then to fix types
     }
@@ -1838,41 +1405,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         return this.sessionId;
     }
 
-    /**
-     * Check if the runtime environment supports VoIP calling.
-     * @returns True if VoIP is supported.
-     */
-    public supportsVoip(): boolean {
-        return this.canSupportVoip;
-    }
-
-    /**
-     * Set whether VoIP calls are forced to use only TURN
-     * candidates. This is the same as the forceTURN option
-     * when creating the client.
-     * @param force - True to force use of TURN servers
-     */
-    public setForceTURN(force: boolean): void {
-        this.forceTURN = force;
-    }
-
-    /**
-     * Set whether to advertise transfer support to other parties on Matrix calls.
-     * @param support - True to advertise the 'm.call.transferee' capability
-     */
-    public setSupportsCallTransfer(support: boolean): void {
-        this.supportsCallTransfer = support;
-    }
-
-    /**
-     * Returns true if to-device signalling for group calls will be encrypted with Olm.
-     * If false, it will be sent unencrypted.
-     * @returns boolean Whether group call signalling will be encrypted
-     */
-    public getUseE2eForGroupCall(): boolean {
-        return this.useE2eForGroupCall;
-    }
-
     public getLivekitServiceURL(): string | undefined {
         return this.livekitServiceURL;
     }
@@ -1930,2079 +1462,89 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
      * Set whether this client is a guest account. <b>This method is experimental
      * and may change without warning.</b>
      * @param guest - True if this is a guest account.
-     * @experimental if the token is a macaroon, it should be encoded in it that it is a 'guest'
-     * access token, which means that the SDK can determine this entirely without
-     * the dev manually flipping this flag.
-     */
-    public setGuest(guest: boolean): void {
-        this.isGuestAccount = guest;
-    }
-
-    /**
-     * Return the provided scheduler, if any.
-     * @returns The scheduler or undefined
-     */
-    public getScheduler(): MatrixScheduler | undefined {
-        return this.scheduler;
-    }
-
-    /**
-     * Retry a backed off syncing request immediately. This should only be used when
-     * the user <b>explicitly</b> attempts to retry their lost connection.
-     * Will also retry any outbound to-device messages currently in the queue to be sent
-     * (retries of regular outgoing events are handled separately, per-event).
-     * @returns True if this resulted in a request being retried.
-     */
-    public retryImmediately(): boolean {
-        // don't await for this promise: we just want to kick it off
-        this.toDeviceMessageQueue.sendQueue();
-        return this.syncApi?.retryImmediately() ?? false;
-    }
-
-    /**
-     * Return the global notification EventTimelineSet, if any
-     *
-     * @returns the globl notification EventTimelineSet
-     */
-    public getNotifTimelineSet(): EventTimelineSet | null {
-        return this.notifTimelineSet;
-    }
-
-    /**
-     * Set the global notification EventTimelineSet
-     *
-     */
-    public setNotifTimelineSet(set: EventTimelineSet): void {
-        this.notifTimelineSet = set;
-    }
-
-    /**
-     * Gets the cached capabilities of the homeserver, returning cached ones if available.
-     * If there are no cached capabilities and none can be fetched, throw an exception.
-     *
-     * @returns Promise resolving with The capabilities of the homeserver
-     */
-    public async getCapabilities(): Promise<Capabilities> {
-        const caps = this.serverCapabilitiesService.getCachedCapabilities();
-        if (caps) return caps;
-        return this.serverCapabilitiesService.fetchCapabilities();
-    }
-
-    /**
-     * Gets the cached capabilities of the homeserver. If none have been fetched yet,
-     * return undefined.
-     *
-     * @returns The capabilities of the homeserver
-     */
-    public getCachedCapabilities(): Capabilities | undefined {
-        return this.serverCapabilitiesService.getCachedCapabilities();
-    }
-
-    /**
-     * Fetches the latest capabilities from the homeserver, ignoring any cached
-     * versions. The newly returned version is cached.
-     *
-     * @returns A promise which resolves to the capabilities of the homeserver
-     */
-    public fetchCapabilities(): Promise<Capabilities> {
-        return this.serverCapabilitiesService.fetchCapabilities();
-    }
-
-    /**
-     * Initialise support for end-to-end encryption in this client, using libolm.
-     *
-     * You should call this method after creating the matrixclient, but *before*
-     * calling `startClient`, if you want to support end-to-end encryption.
-     *
-     * It will return a Promise which will resolve when the crypto layer has been
-     * successfully initialised.
-     *
-     * @deprecated libolm is deprecated. Prefer {@link initRustCrypto}.
-     */
-    public async initCrypto(): Promise<void> {
-        if (this.cryptoBackend) {
-            this.logger.warn("Attempt to re-initialise e2e encryption on MatrixClient");
-            return;
-        }
-
-        if (!this.cryptoStore) {
-            // the cryptostore is provided by sdk.createClient, so this shouldn't happen
-            throw new Error(`Cannot enable encryption: no cryptoStore provided`);
-        }
-
-        this.logger.debug("Crypto: Starting up crypto store...");
-        await this.cryptoStore.startup();
-
-        const userId = this.getUserId();
-        if (userId === null) {
-            throw new Error(
-                `Cannot enable encryption on MatrixClient with unknown userId: ` +
-                    `ensure userId is passed in createClient().`,
-            );
-        }
-        if (this.deviceId === null) {
-            throw new Error(
-                `Cannot enable encryption on MatrixClient with unknown deviceId: ` +
-                    `ensure deviceId is passed in createClient().`,
-            );
-        }
-
-        const crypto = new Crypto(this, userId, this.deviceId, this.store, this.cryptoStore, this.verificationMethods!);
-
-        this.reEmitter.reEmit(crypto, [
-            LegacyCryptoEvent.KeyBackupFailed,
-            LegacyCryptoEvent.KeyBackupSessionsRemaining,
-            LegacyCryptoEvent.RoomKeyRequest,
-            LegacyCryptoEvent.RoomKeyRequestCancellation,
-            LegacyCryptoEvent.Warning,
-            LegacyCryptoEvent.DevicesUpdated,
-            LegacyCryptoEvent.WillUpdateDevices,
-            LegacyCryptoEvent.DeviceVerificationChanged,
-            LegacyCryptoEvent.UserTrustStatusChanged,
-            LegacyCryptoEvent.KeysChanged,
-        ]);
-
-        this.logger.debug("Crypto: initialising crypto object...");
-        await crypto.init({
-            exportedOlmDevice: this.exportedOlmDeviceToImport,
-            pickleKey: this.pickleKey,
-        });
-        delete this.exportedOlmDeviceToImport;
-
-        this.olmVersion = Crypto.getOlmVersion();
-
-        // if crypto initialisation was successful, tell it to attach its event handlers.
-        crypto.registerEventHandlers(this as Parameters<Crypto["registerEventHandlers"]>[0]);
-        this.cryptoBackend = this.crypto = crypto;
-
-        // upload our keys in the background
-        this.crypto.uploadDeviceKeys().catch((e) => {
-            // TODO: throwing away this error is a really bad idea.
-            this.logger.error("Error uploading device keys", e);
-        });
-    }
-
-    /**
-     * Initialise support for end-to-end encryption in this client, using the rust matrix-sdk-crypto.
-     *
-     * An alternative to {@link initCrypto}.
-     *
-     * @param args.useIndexedDB - True to use an indexeddb store, false to use an in-memory store. Defaults to 'true'.
-     * @param args.storageKey - A key with which to encrypt the indexeddb store. If provided, it must be exactly
-     *    32 bytes of data, and must be the same each time the client is initialised for a given device.
-     *    If both this and `storagePassword` are unspecified, the store will be unencrypted.
-     * @param args.storagePassword - An alternative to `storageKey`. A password which will be used to derive a key to
-     *    encrypt the store with. Deriving a key from a password is (deliberately) a slow operation, so prefer
-     *    to pass a `storageKey` directly where possible.
-     *
-     * @returns a Promise which will resolve when the crypto layer has been
-     *    successfully initialised.
-     */
-    public async initRustCrypto(
-        args: {
-            useIndexedDB?: boolean;
-            storageKey?: Uint8Array;
-            storagePassword?: string;
-        } = {},
-    ): Promise<void> {
-        if (this.cryptoBackend) {
-            this.logger.warn("Attempt to re-initialise e2e encryption on MatrixClient");
-            return;
-        }
-
-        const userId = this.getUserId();
-        if (userId === null) {
-            throw new Error(
-                `Cannot enable encryption on MatrixClient with unknown userId: ` +
-                    `ensure userId is passed in createClient().`,
-            );
-        }
-        const deviceId = this.getDeviceId();
-        if (deviceId === null) {
-            throw new Error(
-                `Cannot enable encryption on MatrixClient with unknown deviceId: ` +
-                    `ensure deviceId is passed in createClient().`,
-            );
-        }
-
-        // importing rust-crypto will download the webassembly, so we delay it until we know it will be
-        // needed.
-        this.logger.debug("Downloading Rust crypto library");
-        const RustCrypto = await import("./rust-crypto/index.ts");
-
-        const rustCrypto = await RustCrypto.initRustCrypto({
-            logger: this.logger,
-            http: this.http,
-            userId: userId,
-            deviceId: deviceId,
-            secretStorage: this.secretStorage,
-            cryptoCallbacks: this.cryptoCallbacks,
-            storePrefix: args.useIndexedDB === false ? null : RUST_SDK_STORE_PREFIX,
-            storeKey: args.storageKey,
-            storePassphrase: args.storagePassword,
-
-            legacyCryptoStore: this.cryptoStore,
-            legacyPickleKey: this.pickleKey ?? "DEFAULT_KEY",
-            legacyMigrationProgressListener: (progress: number, total: number): void => {
-                this.emit(CryptoEvent.LegacyCryptoStoreMigrationProgress, progress, total);
-            },
-        });
-
-        rustCrypto.setSupportedVerificationMethods(this.verificationMethods);
-
-        this.cryptoBackend = rustCrypto;
-
-        // attach the event listeners needed by RustCrypto
-        this.on(RoomMemberEvent.Membership, rustCrypto.onRoomMembership.bind(rustCrypto));
-        this.on(ClientEvent.Event, (event) => {
-            rustCrypto.onLiveEventFromSync(event);
-        });
-
-        // re-emit the events emitted by the crypto impl
-        this.reEmitter.reEmit(rustCrypto, [
-            CryptoEvent.VerificationRequestReceived,
-            CryptoEvent.UserTrustStatusChanged,
-            CryptoEvent.KeyBackupStatus,
-            CryptoEvent.KeyBackupSessionsRemaining,
-            CryptoEvent.KeyBackupFailed,
-            CryptoEvent.KeyBackupDecryptionKeyCached,
-            CryptoEvent.KeysChanged,
-            CryptoEvent.DevicesUpdated,
-            CryptoEvent.WillUpdateDevices,
-        ]);
-    }
-
-    /**
-     * Access the server-side secret storage API for this client.
-     */
-    public get secretStorage(): ServerSideSecretStorage {
-        return this._secretStorage;
-    }
-
-    /**
-     * Access the crypto API for this client.
-     *
-     * If end-to-end encryption has been enabled for this client (via {@link initCrypto} or {@link initRustCrypto}),
-     * returns an object giving access to the crypto API. Otherwise, returns `undefined`.
-     */
-    public getCrypto(): CryptoApi | undefined {
-        return this.cryptoBackend;
-    }
-
-    /**
-     * Is end-to-end crypto enabled for this client.
-     * @returns True if end-to-end is enabled.
-     * @deprecated prefer {@link getCrypto}
-     */
-    public isCryptoEnabled(): boolean {
-        return !!this.cryptoBackend;
-    }
-
-    /**
-     * Get the Ed25519 key for this device
-     *
-     * @returns base64-encoded ed25519 key. Null if crypto is
-     *    disabled.
-     *
-     * @deprecated Not supported for Rust Cryptography.Prefer {@link CryptoApi.getOwnDeviceKeys}
-     */
-    public getDeviceEd25519Key(): string | null {
-        return this.crypto?.getDeviceEd25519Key() ?? null;
-    }
-
-    /**
-     * Get the Curve25519 key for this device
-     *
-     * @returns base64-encoded curve25519 key. Null if crypto is
-     *    disabled.
-     *
-     * @deprecated Not supported for Rust Cryptography. Use {@link CryptoApi.getOwnDeviceKeys}
-     */
-    public getDeviceCurve25519Key(): string | null {
-        return this.crypto?.getDeviceCurve25519Key() ?? null;
-    }
-
-    /**
-     * @deprecated Does nothing.
-     */
-    public async uploadKeys(): Promise<void> {
-        this.logger.warn("MatrixClient.uploadKeys is deprecated");
-    }
-
-    /**
-     * Download the keys for a list of users and stores the keys in the session
-     * store.
-     * @param userIds - The users to fetch.
-     * @param forceDownload - Always download the keys even if cached.
-     *
-     * @returns A promise which resolves to a map userId-\>deviceId-\>`DeviceInfo`
-     *
-     * @deprecated Not supported for Rust Cryptography. Prefer {@link CryptoApi.getUserDeviceInfo}
-     */
-    public downloadKeys(userIds: string[], forceDownload?: boolean): Promise<DeviceInfoMap> {
-        if (!this.crypto) {
-            return Promise.reject(new Error("End-to-end encryption disabled"));
-        }
-        return this.crypto.downloadKeys(userIds, forceDownload);
-    }
-
-    /**
-     * Get the stored device keys for a user id
-     *
-     * @param userId - the user to list keys for.
-     *
-     * @returns list of devices
-     * @deprecated Not supported for Rust Cryptography. Prefer {@link CryptoApi.getUserDeviceInfo}
-     */
-    public getStoredDevicesForUser(userId: string): DeviceInfo[] {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.getStoredDevicesForUser(userId) || [];
-    }
-
-    /**
-     * Get the stored device key for a user id and device id
-     *
-     * @param userId - the user to list keys for.
-     * @param deviceId - unique identifier for the device
-     *
-     * @returns device or null
-     * @deprecated Not supported for Rust Cryptography. Prefer {@link CryptoApi.getUserDeviceInfo}
-     */
-    public getStoredDevice(userId: string, deviceId: string): DeviceInfo | null {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.getStoredDevice(userId, deviceId) || null;
-    }
-
-    /**
-     * Mark the given device as verified
-     *
-     * @param userId - owner of the device
-     * @param deviceId - unique identifier for the device or user's
-     * cross-signing public key ID.
-     *
-     * @param verified - whether to mark the device as verified. defaults
-     *   to 'true'.
-     *
-     * @returns
-     *
-     * @remarks
-     * Fires {@link CryptoEvent#DeviceVerificationChanged}
-     */
-    public setDeviceVerified(userId: string, deviceId: string, verified = true): Promise<void> {
-        const prom = this.setDeviceVerification(userId, deviceId, verified, null, null);
-
-        // if one of the user's own devices is being marked as verified / unverified,
-        // check the key backup status, since whether or not we use this depends on
-        // whether it has a signature from a verified device
-        if (userId == this.credentials.userId) {
-            this.checkKeyBackup();
-        }
-        return prom;
-    }
-
-    /**
-     * Mark the given device as blocked/unblocked
-     *
-     * @param userId - owner of the device
-     * @param deviceId - unique identifier for the device or user's
-     * cross-signing public key ID.
-     *
-     * @param blocked - whether to mark the device as blocked. defaults
-     *   to 'true'.
-     *
-     * @returns
-     *
-     * @remarks
-     * Fires {@link LegacyCryptoEvent.DeviceVerificationChanged}
-     *
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public setDeviceBlocked(userId: string, deviceId: string, blocked = true): Promise<void> {
-        return this.setDeviceVerification(userId, deviceId, null, blocked, null);
-    }
-
-    /**
-     * Mark the given device as known/unknown
-     *
-     * @param userId - owner of the device
-     * @param deviceId - unique identifier for the device or user's
-     * cross-signing public key ID.
-     *
-     * @param known - whether to mark the device as known. defaults
-     *   to 'true'.
-     *
-     * @returns
-     *
-     * @remarks
-     * Fires {@link CryptoEvent#DeviceVerificationChanged}
-     *
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public setDeviceKnown(userId: string, deviceId: string, known = true): Promise<void> {
-        return this.setDeviceVerification(userId, deviceId, null, null, known);
-    }
-
-    private async setDeviceVerification(
-        userId: string,
-        deviceId: string,
-        verified?: boolean | null,
-        blocked?: boolean | null,
-        known?: boolean | null,
-    ): Promise<void> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        await this.crypto.setDeviceVerification(userId, deviceId, verified, blocked, known);
-    }
-
-    /**
-     * Request a key verification from another user, using a DM.
-     *
-     * @param userId - the user to request verification with
-     * @param roomId - the room to use for verification
-     *
-     * @returns resolves to a VerificationRequest
-     *    when the request has been sent to the other party.
-     *
-     * @deprecated Not supported for Rust Cryptography. Prefer {@link CryptoApi.requestVerificationDM}.
-     */
-    public requestVerificationDM(userId: string, roomId: string): Promise<VerificationRequest> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.requestVerificationDM(userId, roomId);
-    }
-
-    /**
-     * Finds a DM verification request that is already in progress for the given room id
-     *
-     * @param roomId - the room to use for verification
-     *
-     * @returns the VerificationRequest that is in progress, if any
-     * @deprecated Not supported for Rust Cryptography. Prefer {@link CryptoApi.findVerificationRequestDMInProgress}.
-     */
-    public findVerificationRequestDMInProgress(roomId: string): VerificationRequest | undefined {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        } else if (!this.crypto) {
-            // Hack for element-R to avoid breaking the cypress tests. We can get rid of this once the react-sdk is
-            // updated to use CryptoApi.findVerificationRequestDMInProgress.
-            return undefined;
-        }
-        return this.crypto.findVerificationRequestDMInProgress(roomId);
-    }
-
-    /**
-     * Returns all to-device verification requests that are already in progress for the given user id
-     *
-     * @param userId - the ID of the user to query
-     *
-     * @returns the VerificationRequests that are in progress
-     * @deprecated Not supported for Rust Cryptography. Prefer {@link CryptoApi.getVerificationRequestsToDeviceInProgress}.
-     */
-    public getVerificationRequestsToDeviceInProgress(userId: string): VerificationRequest[] {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.getVerificationRequestsToDeviceInProgress(userId);
-    }
-
-    /**
-     * Request a key verification from another user.
-     *
-     * @param userId - the user to request verification with
-     * @param devices - array of device IDs to send requests to.  Defaults to
-     *    all devices owned by the user
-     *
-     * @returns resolves to a VerificationRequest
-     *    when the request has been sent to the other party.
-     *
-     * @deprecated Not supported for Rust Cryptography. Prefer {@link CryptoApi#requestOwnUserVerification} or {@link CryptoApi#requestDeviceVerification}.
-     */
-    public requestVerification(userId: string, devices?: string[]): Promise<VerificationRequest> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.requestVerification(userId, devices);
-    }
-
-    /**
-     * Begin a key verification.
-     *
-     * @param method - the verification method to use
-     * @param userId - the user to verify keys with
-     * @param deviceId - the device to verify
-     *
-     * @returns a verification object
-     * @deprecated Prefer {@link CryptoApi#requestOwnUserVerification} or {@link CryptoApi#requestDeviceVerification}.
-     */
-    public beginKeyVerification(method: string, userId: string, deviceId: string): Verification<any, any> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.beginKeyVerification(method, userId, deviceId);
-    }
-
-    /**
-     * @deprecated Use {@link MatrixClient#secretStorage} and {@link SecretStorage.ServerSideSecretStorage#checkKey}.
-     */
-    public checkSecretStorageKey(key: Uint8Array, info: SecretStorageKeyDescription): Promise<boolean> {
-        return this.secretStorage.checkKey(key, info);
-    }
-
-    /**
-     * Set the global override for whether the client should ever send encrypted
-     * messages to unverified devices.  This provides the default for rooms which
-     * do not specify a value.
-     *
-     * @param value - whether to blacklist all unverified devices by default
-     *
-     * @deprecated Prefer direct access to {@link CryptoApi.globalBlacklistUnverifiedDevices}:
-     *
-     * ```javascript
-     * client.getCrypto().globalBlacklistUnverifiedDevices = value;
-     * ```
-     */
-    public setGlobalBlacklistUnverifiedDevices(value: boolean): boolean {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        this.cryptoBackend.globalBlacklistUnverifiedDevices = value;
-        return value;
-    }
-
-    /**
-     * @returns whether to blacklist all unverified devices by default
-     *
-     * @deprecated Prefer direct access to {@link CryptoApi.globalBlacklistUnverifiedDevices}:
-     *
-     * ```javascript
-     * value = client.getCrypto().globalBlacklistUnverifiedDevices;
-     * ```
-     */
-    public getGlobalBlacklistUnverifiedDevices(): boolean {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.globalBlacklistUnverifiedDevices;
-    }
-
-    /**
-     * Set whether sendMessage in a room with unknown and unverified devices
-     * should throw an error and not send them message. This has 'Global' for
-     * symmetry with setGlobalBlacklistUnverifiedDevices but there is currently
-     * no room-level equivalent for this setting.
-     *
-     * This API is currently UNSTABLE and may change or be removed without notice.
-     *
-     * It has no effect with the Rust crypto implementation.
-     *
-     * @param value - whether error on unknown devices
-     *
-     * ```ts
-     * client.getCrypto().globalErrorOnUnknownDevices = value;
-     * ```
-     */
-    public setGlobalErrorOnUnknownDevices(value: boolean): void {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        this.cryptoBackend.globalErrorOnUnknownDevices = value;
-    }
-
-    /**
-     * @returns whether to error on unknown devices
-     *
-     * This API is currently UNSTABLE and may change or be removed without notice.
-     */
-    public getGlobalErrorOnUnknownDevices(): boolean {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.globalErrorOnUnknownDevices;
-    }
-
-    /**
-     * Get the ID of one of the user's cross-signing keys
-     *
-     * @param type - The type of key to get the ID of.  One of
-     *     "master", "self_signing", or "user_signing".  Defaults to "master".
-     *
-     * @returns the key ID
-     * @deprecated Not supported for Rust Cryptography. prefer {@link Crypto.CryptoApi#getCrossSigningKeyId}
-     */
-    public getCrossSigningId(type: CrossSigningKey | string = CrossSigningKey.Master): string | null {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.getCrossSigningId(type);
-    }
-
-    /**
-     * Get the cross signing information for a given user.
-     *
-     * The cross-signing API is currently UNSTABLE and may change without notice.
-     *
-     * @param userId - the user ID to get the cross-signing info for.
-     *
-     * @returns the cross signing information for the user.
-     * @deprecated Not supported for Rust Cryptography. Prefer {@link CryptoApi#userHasCrossSigningKeys}
-     */
-    public getStoredCrossSigningForUser(userId: string): CrossSigningInfo | null {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.getStoredCrossSigningForUser(userId);
-    }
-
-    /**
-     * Check whether a given user is trusted.
-     *
-     * The cross-signing API is currently UNSTABLE and may change without notice.
-     *
-     * @param userId - The ID of the user to check.
-     *
-     * @deprecated Use {@link Crypto.CryptoApi.getUserVerificationStatus | `CryptoApi.getUserVerificationStatus`}
-     */
-    public checkUserTrust(userId: string): UserTrustLevel {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.checkUserTrust(userId);
-    }
-
-    /**
-     * Check whether a given device is trusted.
-     *
-     * The cross-signing API is currently UNSTABLE and may change without notice.
-     *
-     * @param userId - The ID of the user whose devices is to be checked.
-     * @param deviceId - The ID of the device to check
-     *
-     * @deprecated Use {@link Crypto.CryptoApi.getDeviceVerificationStatus | `CryptoApi.getDeviceVerificationStatus`}
-     */
-    public checkDeviceTrust(userId: string, deviceId: string): DeviceTrustLevel {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.checkDeviceTrust(userId, deviceId);
-    }
-
-    /**
-     * Check whether one of our own devices is cross-signed by our
-     * user's stored keys, regardless of whether we trust those keys yet.
-     *
-     * @param deviceId - The ID of the device to check
-     *
-     * @returns true if the device is cross-signed
-     *
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public checkIfOwnDeviceCrossSigned(deviceId: string): boolean {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.checkIfOwnDeviceCrossSigned(deviceId);
-    }
-
-    /**
-     * Check the copy of our cross-signing key that we have in the device list and
-     * see if we can get the private key. If so, mark it as trusted.
-     * @param opts - ICheckOwnCrossSigningTrustOpts object
-     *
-     * @deprecated Unneeded for the new crypto
-     */
-    public checkOwnCrossSigningTrust(opts?: ICheckOwnCrossSigningTrustOpts): Promise<void> {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.checkOwnCrossSigningTrust(opts);
-    }
-
-    /**
-     * Checks that a given cross-signing private key matches a given public key.
-     * This can be used by the getCrossSigningKey callback to verify that the
-     * private key it is about to supply is the one that was requested.
-     * @param privateKey - The private key
-     * @param expectedPublicKey - The public key
-     * @returns true if the key matches, otherwise false
-     *
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public checkCrossSigningPrivateKey(privateKey: Uint8Array, expectedPublicKey: string): boolean {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.checkCrossSigningPrivateKey(privateKey, expectedPublicKey);
-    }
-
-    /**
-     * @deprecated Not supported for Rust Cryptography. Prefer {@link CryptoApi#requestDeviceVerification}.
-     */
-    public legacyDeviceVerification(userId: string, deviceId: string, method: string): Promise<VerificationRequest> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.legacyDeviceVerification(userId, deviceId, method);
-    }
-
-    /**
-     * Perform any background tasks that can be done before a message is ready to
-     * send, in order to speed up sending of the message.
-     * @param room - the room the event is in
-     *
-     * @deprecated Prefer {@link CryptoApi.prepareToEncrypt | `CryptoApi.prepareToEncrypt`}:
-     *
-     * ```javascript
-     * client.getCrypto().prepareToEncrypt(room);
-     * ```
-     */
-    public prepareToEncrypt(room: Room): void {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        this.cryptoBackend.prepareToEncrypt(room);
-    }
-
-    /**
-     * Checks if the user has previously published cross-signing keys
-     *
-     * This means downloading the devicelist for the user and checking if the list includes
-     * the cross-signing pseudo-device.
-     *
-     * @deprecated Prefer {@link CryptoApi.userHasCrossSigningKeys | `CryptoApi.userHasCrossSigningKeys`}:
-     *
-     * ```javascript
-     * result = client.getCrypto().userHasCrossSigningKeys();
-     * ```
-     */
-    public userHasCrossSigningKeys(): Promise<boolean> {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.userHasCrossSigningKeys();
-    }
-
-    /**
-     * Checks whether cross signing:
-     * - is enabled on this account and trusted by this device
-     * - has private keys either cached locally or stored in secret storage
-     *
-     * If this function returns false, bootstrapCrossSigning() can be used
-     * to fix things such that it returns true. That is to say, after
-     * bootstrapCrossSigning() completes successfully, this function should
-     * return true.
-     * @returns True if cross-signing is ready to be used on this device
-     * @deprecated Prefer {@link CryptoApi.isCrossSigningReady | `CryptoApi.isCrossSigningReady`}:
-     */
-    public isCrossSigningReady(): Promise<boolean> {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.isCrossSigningReady();
-    }
-
-    /**
-     * Bootstrap cross-signing by creating keys if needed. If everything is already
-     * set up, then no changes are made, so this is safe to run to ensure
-     * cross-signing is ready for use.
-     *
-     * This function:
-     * - creates new cross-signing keys if they are not found locally cached nor in
-     *   secret storage (if it has been set up)
-     *
-     * @deprecated Prefer {@link CryptoApi.bootstrapCrossSigning | `CryptoApi.bootstrapCrossSigning`}.
-     */
-    public bootstrapCrossSigning(opts: BootstrapCrossSigningOpts): Promise<void> {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.bootstrapCrossSigning(opts);
-    }
-
-    /**
-     * Whether to trust a others users signatures of their devices.
-     * If false, devices will only be considered 'verified' if we have
-     * verified that device individually (effectively disabling cross-signing).
-     *
-     * Default: true
-     *
-     * @returns True if trusting cross-signed devices
-     *
-     * @deprecated Prefer {@link CryptoApi.getTrustCrossSignedDevices | `CryptoApi.getTrustCrossSignedDevices`}.
-     */
-    public getCryptoTrustCrossSignedDevices(): boolean {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.getTrustCrossSignedDevices();
-    }
-
-    /**
-     * See getCryptoTrustCrossSignedDevices
-     *
-     * @param val - True to trust cross-signed devices
-     *
-     * @deprecated Prefer {@link CryptoApi.setTrustCrossSignedDevices | `CryptoApi.setTrustCrossSignedDevices`}.
-     */
-    public setCryptoTrustCrossSignedDevices(val: boolean): void {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        this.cryptoBackend.setTrustCrossSignedDevices(val);
-    }
-
-    /**
-     * Counts the number of end to end session keys that are waiting to be backed up
-     * @returns Promise which resolves to the number of sessions requiring backup
-     *
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public countSessionsNeedingBackup(): Promise<number> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.countSessionsNeedingBackup();
-    }
-
-    /**
-     * Get information about the encryption of an event
-     *
-     * @param event - event to be checked
-     * @returns The event information.
-     * @deprecated Prefer {@link Crypto.CryptoApi.getEncryptionInfoForEvent | `CryptoApi.getEncryptionInfoForEvent`}.
-     */
-    public getEventEncryptionInfo(event: MatrixEvent): IEncryptedEventInfo {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.getEventEncryptionInfo(event);
-    }
-
-    /**
-     * Create a recovery key from a user-supplied passphrase.
-     *
-     * The Secure Secret Storage API is currently UNSTABLE and may change without notice.
-     *
-     * @param password - Passphrase string that can be entered by the user
-     *     when restoring the backup as an alternative to entering the recovery key.
-     *     Optional.
-     * @returns Object with public key metadata, encoded private
-     *     recovery key which should be disposed of after displaying to the user,
-     *     and raw private key to avoid round tripping if needed.
-     *
-     * @deprecated Prefer {@link CryptoApi.createRecoveryKeyFromPassphrase | `CryptoApi.createRecoveryKeyFromPassphrase`}.
-     */
-    public createRecoveryKeyFromPassphrase(password?: string): Promise<IRecoveryKey> {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.createRecoveryKeyFromPassphrase(password);
-    }
-
-    /**
-     * Checks whether secret storage:
-     * - is enabled on this account
-     * - is storing cross-signing private keys
-     * - is storing session backup key (if enabled)
-     *
-     * If this function returns false, bootstrapSecretStorage() can be used
-     * to fix things such that it returns true. That is to say, after
-     * bootstrapSecretStorage() completes successfully, this function should
-     * return true.
-     *
-     * @returns True if secret storage is ready to be used on this device
-     * @deprecated Prefer {@link CryptoApi.isSecretStorageReady | `CryptoApi.isSecretStorageReady`}.
-     */
-    public isSecretStorageReady(): Promise<boolean> {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.isSecretStorageReady();
-    }
-
-    /**
-     * Bootstrap Secure Secret Storage if needed by creating a default key. If everything is
-     * already set up, then no changes are made, so this is safe to run to ensure secret
-     * storage is ready for use.
-     *
-     * This function
-     * - creates a new Secure Secret Storage key if no default key exists
-     *   - if a key backup exists, it is migrated to store the key in the Secret
-     *     Storage
-     * - creates a backup if none exists, and one is requested
-     * - migrates Secure Secret Storage to use the latest algorithm, if an outdated
-     *   algorithm is found
-     *
-     * @deprecated Use {@link CryptoApi.bootstrapSecretStorage | `CryptoApi.bootstrapSecretStorage`}.
-     */
-    public bootstrapSecretStorage(opts: ICreateSecretStorageOpts): Promise<void> {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.bootstrapSecretStorage(opts);
-    }
-
-    /**
-     * Add a key for encrypting secrets.
-     *
-     * The Secure Secret Storage API is currently UNSTABLE and may change without notice.
-     *
-     * @param algorithm - the algorithm used by the key
-     * @param opts - the options for the algorithm.  The properties used
-     *     depend on the algorithm given.
-     * @param keyName - the name of the key.  If not given, a random name will be generated.
-     *
-     * @returns An object with:
-     *     keyId: the ID of the key
-     *     keyInfo: details about the key (iv, mac, passphrase)
-     *
-     * @deprecated Use {@link MatrixClient#secretStorage} and {@link SecretStorage.ServerSideSecretStorage#addKey}.
-     */
-    public addSecretStorageKey(
-        algorithm: string,
-        opts: AddSecretStorageKeyOpts,
-        keyName?: string,
-    ): Promise<{ keyId: string; keyInfo: SecretStorageKeyDescription }> {
-        return this.secretStorage.addKey(algorithm, opts, keyName);
-    }
-
-    /**
-     * Check whether we have a key with a given ID.
-     *
-     * The Secure Secret Storage API is currently UNSTABLE and may change without notice.
-     *
-     * @param keyId - The ID of the key to check
-     *     for. Defaults to the default key ID if not provided.
-     * @returns Whether we have the key.
-     *
-     * @deprecated Use {@link MatrixClient#secretStorage} and {@link SecretStorage.ServerSideSecretStorage#hasKey}.
-     */
-    public hasSecretStorageKey(keyId?: string): Promise<boolean> {
-        return this.secretStorage.hasKey(keyId);
-    }
-
-    /**
-     * Store an encrypted secret on the server.
-     *
-     * The Secure Secret Storage API is currently UNSTABLE and may change without notice.
-     *
-     * @param name - The name of the secret
-     * @param secret - The secret contents.
-     * @param keys - The IDs of the keys to use to encrypt the secret or null/undefined
-     *     to use the default (will throw if no default key is set).
-     *
-     * @deprecated Use {@link MatrixClient#secretStorage} and {@link SecretStorage.ServerSideSecretStorage#store}.
-     */
-    public storeSecret(name: string, secret: string, keys?: string[]): Promise<void> {
-        return this.secretStorage.store(name, secret, keys);
-    }
-
-    /**
-     * Get a secret from storage.
-     *
-     * The Secure Secret Storage API is currently UNSTABLE and may change without notice.
-     *
-     * @param name - the name of the secret
-     *
-     * @returns the contents of the secret
-     *
-     * @deprecated Use {@link MatrixClient#secretStorage} and {@link SecretStorage.ServerSideSecretStorage#get}.
-     */
-    public getSecret(name: string): Promise<string | undefined> {
-        return this.secretStorage.get(name);
-    }
-
-    /**
-     * Check if a secret is stored on the server.
-     *
-     * The Secure Secret Storage API is currently UNSTABLE and may change without notice.
-     *
-     * @param name - the name of the secret
-     * @returns map of key name to key info the secret is encrypted
-     *     with, or null if it is not present or not encrypted with a trusted
-     *     key
-     *
-     * @deprecated Use {@link MatrixClient#secretStorage} and {@link SecretStorage.ServerSideSecretStorage#isStored}.
-     */
-    public isSecretStored(name: string): Promise<Record<string, SecretStorageKeyDescription> | null> {
-        return this.secretStorage.isStored(name);
-    }
-
-    /**
-     * Request a secret from another device.
-     *
-     * The Secure Secret Storage API is currently UNSTABLE and may change without notice.
-     *
-     * @param name - the name of the secret to request
-     * @param devices - the devices to request the secret from
-     *
-     * @returns the secret request object
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public requestSecret(name: string, devices: string[]): ISecretRequest {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.requestSecret(name, devices);
-    }
-
-    /**
-     * Get the current default key ID for encrypting secrets.
-     *
-     * The Secure Secret Storage API is currently UNSTABLE and may change without notice.
-     *
-     * @returns The default key ID or null if no default key ID is set
-     *
-     * @deprecated Use {@link MatrixClient#secretStorage} and {@link SecretStorage.ServerSideSecretStorage#getDefaultKeyId}.
-     */
-    public getDefaultSecretStorageKeyId(): Promise<string | null> {
-        return this.secretStorage.getDefaultKeyId();
-    }
-
-    /**
-     * Set the current default key ID for encrypting secrets.
-     *
-     * The Secure Secret Storage API is currently UNSTABLE and may change without notice.
-     *
-     * @param keyId - The new default key ID
-     *
-     * @deprecated Use {@link MatrixClient#secretStorage} and {@link SecretStorage.ServerSideSecretStorage#setDefaultKeyId}.
-     */
-    public setDefaultSecretStorageKeyId(keyId: string): Promise<void> {
-        return this.secretStorage.setDefaultKeyId(keyId);
-    }
-
-    /**
-     * Checks that a given secret storage private key matches a given public key.
-     * This can be used by the getSecretStorageKey callback to verify that the
-     * private key it is about to supply is the one that was requested.
-     *
-     * The Secure Secret Storage API is currently UNSTABLE and may change without notice.
-     *
-     * @param privateKey - The private key
-     * @param expectedPublicKey - The public key
-     * @returns true if the key matches, otherwise false
-     *
-     * @deprecated The use of asymmetric keys for SSSS is deprecated.
-     *     Use {@link SecretStorage.ServerSideSecretStorage#checkKey} for symmetric keys.
-     */
-    public checkSecretStoragePrivateKey(privateKey: Uint8Array, expectedPublicKey: string): boolean {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.checkSecretStoragePrivateKey(privateKey, expectedPublicKey);
-    }
-
-    /**
-     * Get e2e information on the device that sent an event
-     *
-     * @param event - event to be checked
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public async getEventSenderDeviceInfo(event: MatrixEvent): Promise<DeviceInfo | null> {
-        if (!this.crypto) {
-            return null;
-        }
-        return this.crypto.getEventSenderDeviceInfo(event);
-    }
-
-    /**
-     * Check if the sender of an event is verified
-     *
-     * @param event - event to be checked
-     *
-     * @returns true if the sender of this event has been verified using
-     * {@link MatrixClient#setDeviceVerified}.
-     *
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public async isEventSenderVerified(event: MatrixEvent): Promise<boolean> {
-        const device = await this.getEventSenderDeviceInfo(event);
-        if (!device) {
-            return false;
-        }
-        return device.isVerified();
-    }
-
-    /**
-     * Get outgoing room key request for this event if there is one.
-     * @param event - The event to check for
-     *
-     * @returns A room key request, or null if there is none
-     *
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public getOutgoingRoomKeyRequest(event: MatrixEvent): Promise<OutgoingRoomKeyRequest | null> {
-        if (!this.crypto) {
-            throw new Error("End-to-End encryption disabled");
-        }
-        const wireContent = event.getWireContent();
-        const requestBody: IRoomKeyRequestBody = {
-            session_id: wireContent.session_id,
-            sender_key: wireContent.sender_key,
-            algorithm: wireContent.algorithm,
-            room_id: event.getRoomId()!,
-        };
-        if (!requestBody.session_id || !requestBody.sender_key || !requestBody.algorithm || !requestBody.room_id) {
-            return Promise.resolve(null);
-        }
-        return this.crypto.cryptoStore.getOutgoingRoomKeyRequest(requestBody);
-    }
-
-    /**
-     * Cancel a room key request for this event if one is ongoing and resend the
-     * request.
-     * @param event - event of which to cancel and resend the room
-     *                            key request.
-     * @returns A promise that will resolve when the key request is queued
-     *
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public cancelAndResendEventRoomKeyRequest(event: MatrixEvent): Promise<void> {
-        if (!this.crypto) {
-            throw new Error("End-to-End encryption disabled");
-        }
-        return event.cancelAndResendKeyRequest(this.crypto, this.getUserId()!);
-    }
-
-    /**
-     * Enable end-to-end encryption for a room. This does not modify room state.
-     * Any messages sent before the returned promise resolves will be sent unencrypted.
-     * @param roomId - The room ID to enable encryption in.
-     * @param config - The encryption config for the room.
-     * @returns A promise that will resolve when encryption is set up.
-     *
-     * @deprecated Not supported for Rust Cryptography. To enable encryption in a room, send an `m.room.encryption`
-     * state event.
-     */
-    public setRoomEncryption(roomId: string, config: IRoomEncryption): Promise<void> {
-        if (!this.crypto) {
-            throw new Error("End-to-End encryption disabled");
-        }
-        return this.crypto.setRoomEncryption(roomId, config);
-    }
-
-    /**
-     * Whether encryption is enabled for a room.
-     * @param roomId - the room id to query.
-     * @returns whether encryption is enabled.
-     *
-     * @deprecated Not correctly supported for Rust Cryptography. Use {@link CryptoApi.isEncryptionEnabledInRoom} and/or
-     *    {@link Room.hasEncryptionStateEvent}.
-     */
-    public isRoomEncrypted(roomId: string): boolean {
-        const room = this.getRoom(roomId);
-        if (!room) {
-            // we don't know about this room, so can't determine if it should be
-            // encrypted. Let's assume not.
-            return false;
-        }
-
-        // if there is an 'm.room.encryption' event in this room, it should be
-        // encrypted (independently of whether we actually support encryption)
-        if (room.hasEncryptionStateEvent()) {
-            return true;
-        }
-
-        // we don't have an m.room.encrypted event, but that might be because
-        // the server is hiding it from us. Check the store to see if it was
-        // previously encrypted.
-        return this.crypto?.isRoomEncrypted(roomId) ?? false;
-    }
-
-    /**
-     * Encrypts and sends a given object via Olm to-device messages to a given
-     * set of devices.
-     *
-     * @param userDeviceInfoArr - list of deviceInfo objects representing the devices to send to
-     *
-     * @param payload - fields to include in the encrypted payload
-     *
-     * @returns Promise which
-     *     resolves once the message has been encrypted and sent to the given
-     *     userDeviceMap, and returns the `{ contentMap, deviceInfoByDeviceId }`
-     *     of the successfully sent messages.
-     *
-     * @deprecated Instead use {@link CryptoApi.encryptToDeviceMessages} followed by {@link queueToDevice}.
-     */
-    public encryptAndSendToDevices(userDeviceInfoArr: IOlmDevice<DeviceInfo>[], payload: object): Promise<void> {
-        if (!this.crypto) {
-            throw new Error("End-to-End encryption disabled");
-        }
-        return this.crypto.encryptAndSendToDevices(userDeviceInfoArr, payload);
-    }
-
-    /**
-     * Forces the current outbound group session to be discarded such
-     * that another one will be created next time an event is sent.
-     *
-     * @param roomId - The ID of the room to discard the session for
-     *
-     * @deprecated Prefer {@link CryptoApi.forceDiscardSession | `CryptoApi.forceDiscardSession`}:
-     */
-    public forceDiscardSession(roomId: string): void {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-End encryption disabled");
-        }
-        this.cryptoBackend.forceDiscardSession(roomId);
-    }
-
-    /**
-     * Get a list containing all of the room keys
-     *
-     * This should be encrypted before returning it to the user.
-     *
-     * @returns a promise which resolves to a list of session export objects
-     *
-     * @deprecated Prefer {@link CryptoApi.exportRoomKeys | `CryptoApi.exportRoomKeys`}:
-     *
-     * ```javascript
-     * sessionData = await client.getCrypto().exportRoomKeys();
-     * ```
-     */
-    public exportRoomKeys(): Promise<IMegolmSessionData[]> {
-        if (!this.cryptoBackend) {
-            return Promise.reject(new Error("End-to-end encryption disabled"));
-        }
-        return this.cryptoBackend.exportRoomKeys();
-    }
-
-    /**
-     * Import a list of room keys previously exported by exportRoomKeys
-     *
-     * @param keys - a list of session export objects
-     * @param opts - options object
-     *
-     * @returns a promise which resolves when the keys have been imported
-     *
-     * @deprecated Prefer {@link CryptoApi.importRoomKeys | `CryptoApi.importRoomKeys`}:
-     * ```javascript
-     *  await client.getCrypto()?.importRoomKeys([..]);
-     * ```
-     */
-    public importRoomKeys(keys: IMegolmSessionData[], opts?: ImportRoomKeysOpts): Promise<void> {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.importRoomKeys(keys, opts);
-    }
-
-    /**
-     * Force a re-check of the local key backup status against
-     * what's on the server.
-     *
-     * @returns Object with backup info (as returned by
-     *     getKeyBackupVersion) in backupInfo and
-     *     trust information (as returned by isKeyBackupTrusted)
-     *     in trustInfo.
-     *
-     * @deprecated Prefer {@link Crypto.CryptoApi.checkKeyBackupAndEnable}.
-     */
-    public checkKeyBackup(): Promise<IKeyBackupCheck | null> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.backupManager.checkKeyBackup();
-    }
-
-    /**
-     * Get information about the current key backup from the server.
-     *
-     * Performs some basic validity checks on the shape of the result, and raises an error if it is not as expected.
-     *
-     * **Note**: there is no (supported) way to distinguish between "failure to talk to the server" and "another client
-     * uploaded a key backup version using an algorithm I don't understand.
-     *
-     * @returns Information object from API, or null if no backup is present on the server.
-     *
-     * @deprecated Prefer {@link CryptoApi.getKeyBackupInfo}.
-     */
-    public async getKeyBackupVersion(): Promise<IKeyBackupInfo | null> {
-        let res: IKeyBackupInfo;
-        try {
-            res = await this.http.authedRequest<IKeyBackupInfo>(
-                Method.Get,
-                "/room_keys/version",
-                undefined,
-                undefined,
-                { prefix: ClientPrefix.V3 },
-            );
-        } catch (e) {
-            if ((<MatrixError>e).errcode === "M_NOT_FOUND") {
-                return null;
-            } else {
-                throw e;
-            }
-        }
-        BackupManager.checkBackupVersion(res);
-        return res;
-    }
-
-    /**
-     * @param info - key backup info dict from getKeyBackupVersion()
-     *
-     * @deprecated Not supported for Rust Cryptography. Prefer {@link CryptoApi.isKeyBackupTrusted | `CryptoApi.isKeyBackupTrusted`}.
-     */
-    public isKeyBackupTrusted(info: IKeyBackupInfo): Promise<TrustInfo> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.backupManager.isKeyBackupTrusted(info);
-    }
-
-    /**
-     * @returns true if the client is configured to back up keys to
-     *     the server, otherwise false. If we haven't completed a successful check
-     *     of key backup status yet, returns null.
-     *
-     * @deprecated Not supported for Rust Cryptography. Prefer direct access to {@link Crypto.CryptoApi.getActiveSessionBackupVersion}:
-     *
-     * ```javascript
-     * let enabled = (await client.getCrypto().getActiveSessionBackupVersion()) !== null;
-     * ```
-     */
-    public getKeyBackupEnabled(): boolean | null {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.backupManager.getKeyBackupEnabled();
-    }
-
-    /**
-     * Enable backing up of keys, using data previously returned from
-     * getKeyBackupVersion.
-     *
-     * @param info - Backup information object as returned by getKeyBackupVersion
-     * @returns Promise which resolves when complete.
-     *
-     * @deprecated Do not call this directly. Instead call {@link Crypto.CryptoApi.checkKeyBackupAndEnable}.
-     */
-    public enableKeyBackup(info: IKeyBackupInfo): Promise<void> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-
-        return this.crypto.backupManager.enableKeyBackup(info);
-    }
-
-    /**
-     * Disable backing up of keys.
-     *
-     * @deprecated Not supported for Rust Cryptography. It should be unnecessary to disable key backup.
-     */
-    public disableKeyBackup(): void {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-
-        this.crypto.backupManager.disableKeyBackup();
-    }
-
-    /**
-     * Set up the data required to create a new backup version.  The backup version
-     * will not be created and enabled until createKeyBackupVersion is called.
-     *
-     * @param password - Passphrase string that can be entered by the user
-     *     when restoring the backup as an alternative to entering the recovery key.
-     *     Optional.
-     *
-     * @returns Object that can be passed to createKeyBackupVersion and
-     *     additionally has a 'recovery_key' member with the user-facing recovery key string.
-     *
-     * @deprecated Not supported for Rust cryptography. Use {@link Crypto.CryptoApi.resetKeyBackup | `CryptoApi.resetKeyBackup`}.
-     */
-    public async prepareKeyBackupVersion(
-        password?: string | Uint8Array | null,
-        opts: IKeyBackupPrepareOpts = { secureSecretStorage: false },
-    ): Promise<Pick<IPreparedKeyBackupVersion, "algorithm" | "auth_data" | "recovery_key">> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-
-        // eslint-disable-next-line camelcase
-        const { algorithm, auth_data, recovery_key, privateKey } =
-            await this.crypto.backupManager.prepareKeyBackupVersion(password);
-
-        if (opts.secureSecretStorage) {
-            await this.secretStorage.store("m.megolm_backup.v1", encodeBase64(privateKey));
-            this.logger.info("Key backup private key stored in secret storage");
-        }
-
-        return {
-            algorithm,
-            /* eslint-disable camelcase */
-            auth_data,
-            recovery_key,
-            /* eslint-enable camelcase */
-        };
-    }
-
-    /**
-     * Check whether the key backup private key is stored in secret storage.
-     * @returns map of key name to key info the secret is
-     *     encrypted with, or null if it is not present or not encrypted with a
-     *     trusted key
-     */
-    public isKeyBackupKeyStored(): Promise<Record<string, SecretStorageKeyDescription> | null> {
-        return Promise.resolve(this.secretStorage.isStored("m.megolm_backup.v1"));
-    }
-
-    /**
-     * Create a new key backup version and enable it, using the information return
-     * from prepareKeyBackupVersion.
-     *
-     * @param info - Info object from prepareKeyBackupVersion
-     * @returns Object with 'version' param indicating the version created
-     *
-     * @deprecated Use {@link Crypto.CryptoApi.resetKeyBackup | `CryptoApi.resetKeyBackup`}.
-     */
-    public async createKeyBackupVersion(info: IKeyBackupInfo): Promise<IKeyBackupInfo> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-
-        await this.crypto.backupManager.createKeyBackupVersion(info);
-
-        const data = {
-            algorithm: info.algorithm,
-            auth_data: info.auth_data,
-        };
-
-        // Sign the backup auth data with the device key for backwards compat with
-        // older devices with cross-signing. This can probably go away very soon in
-        // favour of just signing with the cross-singing master key.
-        // XXX: Private member access
-        await this.crypto.signObject(data.auth_data);
-
-        if (
-            this.cryptoCallbacks.getCrossSigningKey &&
-            // XXX: Private member access
-            this.crypto.crossSigningInfo.getId()
-        ) {
-            // now also sign the auth data with the cross-signing master key
-            // we check for the callback explicitly here because we still want to be able
-            // to create an un-cross-signed key backup if there is a cross-signing key but
-            // no callback supplied.
-            // XXX: Private member access
-            await this.crypto.crossSigningInfo.signObject(data.auth_data, "master");
-        }
-
-        const res = await this.http.authedRequest<IKeyBackupInfo>(Method.Post, "/room_keys/version", undefined, data);
-
-        // We could assume everything's okay and enable directly, but this ensures
-        // we run the same signature verification that will be used for future
-        // sessions.
-        await this.checkKeyBackup();
-        if (!this.getKeyBackupEnabled()) {
-            this.logger.error("Key backup not usable even though we just created it");
-        }
-
-        return res;
-    }
-
-    /**
-     * @deprecated Use {@link Crypto.CryptoApi.deleteKeyBackupVersion | `CryptoApi.deleteKeyBackupVersion`}.
-     */
-    public async deleteKeyBackupVersion(version: string): Promise<void> {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-
-        await this.cryptoBackend.deleteKeyBackupVersion(version);
-    }
-
-    private makeKeyBackupPath(roomId?: string, sessionId?: string, version?: string): IKeyBackupPath {
-        let path: string;
-        if (sessionId !== undefined) {
-            path = utils.encodeUri("/room_keys/keys/$roomId/$sessionId", {
-                $roomId: roomId!,
-                $sessionId: sessionId,
-            });
-        } else if (roomId !== undefined) {
-            path = utils.encodeUri("/room_keys/keys/$roomId", {
-                $roomId: roomId,
-            });
-        } else {
-            path = "/room_keys/keys";
-        }
-        const queryData = version === undefined ? undefined : { version };
-        return { path, queryData };
-    }
-
-    /**
-     * Back up session keys to the homeserver.
-     * @param roomId - ID of the room that the keys are for Optional.
-     * @param sessionId - ID of the session that the keys are for Optional.
-     * @param version - backup version Optional.
-     * @param data - Object keys to send
-     * @returns a promise that will resolve when the keys
-     * are uploaded
-     *
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public sendKeyBackup(
-        roomId: undefined,
-        sessionId: undefined,
-        version: string | undefined,
-        data: IKeyBackup,
-    ): Promise<void>;
-    public sendKeyBackup(
-        roomId: string,
-        sessionId: undefined,
-        version: string | undefined,
-        data: IKeyBackup,
-    ): Promise<void>;
-    public sendKeyBackup(
-        roomId: string,
-        sessionId: string,
-        version: string | undefined,
-        data: IKeyBackup,
-    ): Promise<void>;
-    public async sendKeyBackup(
-        roomId: string | undefined,
-        sessionId: string | undefined,
-        version: string | undefined,
-        data: IKeyBackup,
-    ): Promise<void> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-
-        const path = this.makeKeyBackupPath(roomId!, sessionId!, version);
-        await this.http.authedRequest(Method.Put, path.path, path.queryData, data, { prefix: ClientPrefix.V3 });
-    }
-
-    /**
-     * Marks all group sessions as needing to be backed up and schedules them to
-     * upload in the background as soon as possible.
-     *
-     * @deprecated Not supported for Rust Cryptography. This is done automatically as part of
-     * {@link CryptoApi.resetKeyBackup}, so there is probably no need to call this manually.
+     * @experimental if the token is a macaroon, it should be encoded in it that it is a 'guest'
+     * access token, which means that the SDK can determine this entirely without
+     * the dev manually flipping this flag.
      */
-    public async scheduleAllGroupSessionsForBackup(): Promise<void> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-
-        await this.crypto.backupManager.scheduleAllGroupSessionsForBackup();
+    public setGuest(guest: boolean): void {
+        this.isGuestAccount = guest;
     }
 
     /**
-     * Marks all group sessions as needing to be backed up without scheduling
-     * them to upload in the background.
-     *
-     * (This is done automatically as part of {@link CryptoApi.resetKeyBackup},
-     * so there is probably no need to call this manually.)
-     *
-     * @returns Promise which resolves to the number of sessions requiring a backup.
-     * @deprecated Not supported for Rust Cryptography.
+     * Return the provided scheduler, if any.
+     * @returns The scheduler or undefined
      */
-    public flagAllGroupSessionsForBackup(): Promise<number> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-
-        return this.crypto.backupManager.flagAllGroupSessionsForBackup();
+    public getScheduler(): MatrixScheduler | undefined {
+        return this.scheduler;
     }
 
     /**
-     * Return true if recovery key is valid.
-     * Try to decode the recovery key and check if it's successful.
-     * @param recoveryKey
-     * @deprecated Use {@link decodeRecoveryKey} directly
+     * Retry a backed off syncing request immediately. This should only be used when
+     * the user <b>explicitly</b> attempts to retry their lost connection.
+     * Will also retry any outbound to-device messages currently in the queue to be sent
+     * (retries of regular outgoing events are handled separately, per-event).
+     * @returns True if this resulted in a request being retried.
      */
-    public isValidRecoveryKey(recoveryKey: string): boolean {
-        try {
-            decodeRecoveryKey(recoveryKey);
-            return true;
-        } catch {
-            return false;
-        }
+    public retryImmediately(): boolean {
+        // don't await for this promise: we just want to kick it off
+        this.toDeviceMessageQueue.sendQueue();
+        return this.syncApi?.retryImmediately() ?? false;
     }
 
     /**
-     * Get the raw key for a key backup from the password
-     * Used when migrating key backups into SSSS
-     *
-     * The cross-signing API is currently UNSTABLE and may change without notice.
+     * Return the global notification EventTimelineSet, if any
      *
-     * @param password - Passphrase
-     * @param backupInfo - Backup metadata from `checkKeyBackup`
-     * @returns key backup key
-     * @deprecated Deriving a backup key from a passphrase is not part of the matrix spec. Instead, a random key is generated and stored/shared via 4S.
+     * @returns the globl notification EventTimelineSet
      */
-    public keyBackupKeyFromPassword(password: string, backupInfo: IKeyBackupInfo): Promise<Uint8Array> {
-        return keyFromAuthData(backupInfo.auth_data, password);
+    public getNotifTimelineSet(): EventTimelineSet | null {
+        return this.notifTimelineSet;
     }
 
     /**
-     * Get the raw key for a key backup from the recovery key
-     * Used when migrating key backups into SSSS
-     *
-     * The cross-signing API is currently UNSTABLE and may change without notice.
+     * Set the global notification EventTimelineSet
      *
-     * @param recoveryKey - The recovery key
-     * @returns key backup key
-     * @deprecated Use {@link decodeRecoveryKey} directly
      */
-    public keyBackupKeyFromRecoveryKey(recoveryKey: string): Uint8Array {
-        return decodeRecoveryKey(recoveryKey);
+    public setNotifTimelineSet(set: EventTimelineSet): void {
+        this.notifTimelineSet = set;
     }
 
     /**
-     * Restore from an existing key backup via a passphrase.
-     *
-     * @param password - Passphrase
-     * @param targetRoomId - Room ID to target a specific room.
-     * Restores all rooms if omitted.
-     * @param targetSessionId - Session ID to target a specific session.
-     * Restores all sessions if omitted.
-     * @param backupInfo - Backup metadata from `getKeyBackupVersion` or `checkKeyBackup`.`backupInfo`
-     * @param opts - Optional params such as callbacks
-     * @returns Status of restoration with `total` and `imported`
-     * key counts.
+     * Gets the cached capabilities of the homeserver, returning cached ones if available.
+     * If there are no cached capabilities and none can be fetched, throw an exception.
      *
-     * @deprecated Prefer {@link CryptoApi.restoreKeyBackupWithPassphrase | `CryptoApi.restoreKeyBackupWithPassphrase`}.
-     */
-    public async restoreKeyBackupWithPassword(
-        password: string,
-        targetRoomId: undefined,
-        targetSessionId: undefined,
-        backupInfo: IKeyBackupInfo,
-        opts: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult>;
-    /**
-     * @deprecated Prefer {@link CryptoApi.restoreKeyBackupWithPassphrase | `CryptoApi.restoreKeyBackupWithPassphrase`}.
-     */
-    public async restoreKeyBackupWithPassword(
-        password: string,
-        targetRoomId: string,
-        targetSessionId: undefined,
-        backupInfo: IKeyBackupInfo,
-        opts: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult>;
-    /**
-     * @deprecated Prefer {@link CryptoApi.restoreKeyBackupWithPassphrase | `CryptoApi.restoreKeyBackupWithPassphrase`}.
-     */
-    public async restoreKeyBackupWithPassword(
-        password: string,
-        targetRoomId: string,
-        targetSessionId: string,
-        backupInfo: IKeyBackupInfo,
-        opts: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult>;
-    /**
-     * @deprecated Prefer {@link CryptoApi.restoreKeyBackupWithPassphrase | `CryptoApi.restoreKeyBackupWithPassphrase`}.
+     * @returns Promise resolving with The capabilities of the homeserver
      */
-    public async restoreKeyBackupWithPassword(
-        password: string,
-        targetRoomId: string | undefined,
-        targetSessionId: string | undefined,
-        backupInfo: IKeyBackupInfo,
-        opts: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult> {
-        const privKey = await keyFromAuthData(backupInfo.auth_data, password);
-        return this.restoreKeyBackup(privKey, targetRoomId!, targetSessionId!, backupInfo, opts);
-    }
-
-    /**
-     * Restore from an existing key backup via a private key stored in secret
-     * storage.
-     *
-     * @param backupInfo - Backup metadata from `checkKeyBackup`
-     * @param targetRoomId - Room ID to target a specific room.
-     * Restores all rooms if omitted.
-     * @param targetSessionId - Session ID to target a specific session.
-     * Restores all sessions if omitted.
-     * @param opts - Optional params such as callbacks
-     * @returns Status of restoration with `total` and `imported`
-     * key counts.
-     *
-     * @deprecated Prefer {@link CryptoApi.restoreKeyBackup | `CryptoApi.restoreKeyBackup`}.
-     */
-    public async restoreKeyBackupWithSecretStorage(
-        backupInfo: IKeyBackupInfo,
-        targetRoomId?: string,
-        targetSessionId?: string,
-        opts?: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult> {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        const storedKey = await this.secretStorage.get("m.megolm_backup.v1");
-
-        // ensure that the key is in the right format.  If not, fix the key and
-        // store the fixed version
-        const fixedKey = fixBackupKey(storedKey);
-        if (fixedKey) {
-            const keys = await this.secretStorage.getKey();
-            await this.secretStorage.store("m.megolm_backup.v1", fixedKey, [keys![0]]);
-        }
-
-        const privKey = decodeBase64(fixedKey || storedKey!);
-        return this.restoreKeyBackup(privKey, targetRoomId!, targetSessionId!, backupInfo, opts);
-    }
-
-    /**
-     * Restore from an existing key backup via an encoded recovery key.
-     *
-     * @param recoveryKey - Encoded recovery key
-     * @param targetRoomId - Room ID to target a specific room.
-     * Restores all rooms if omitted.
-     * @param targetSessionId - Session ID to target a specific session.
-     * Restores all sessions if omitted.
-     * @param backupInfo - Backup metadata from `checkKeyBackup`
-     * @param opts - Optional params such as callbacks
-
-     * @returns Status of restoration with `total` and `imported`
-     * key counts.
-     *
-     * @deprecated Prefer {@link CryptoApi.restoreKeyBackup | `CryptoApi.restoreKeyBackup`}.
-     */
-    public restoreKeyBackupWithRecoveryKey(
-        recoveryKey: string,
-        targetRoomId: undefined,
-        targetSessionId: undefined,
-        backupInfo: IKeyBackupInfo,
-        opts?: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult>;
-    /**
-     * @deprecated Prefer {@link CryptoApi.restoreKeyBackup | `CryptoApi.restoreKeyBackup`}.
-     */
-    public restoreKeyBackupWithRecoveryKey(
-        recoveryKey: string,
-        targetRoomId: string,
-        targetSessionId: undefined,
-        backupInfo: IKeyBackupInfo,
-        opts?: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult>;
-    /**
-     * @deprecated Prefer {@link CryptoApi.restoreKeyBackup | `CryptoApi.restoreKeyBackup`}.
-     */
-    public restoreKeyBackupWithRecoveryKey(
-        recoveryKey: string,
-        targetRoomId: string,
-        targetSessionId: string,
-        backupInfo: IKeyBackupInfo,
-        opts?: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult>;
-    /**
-     * @deprecated Prefer {@link CryptoApi.restoreKeyBackup | `CryptoApi.restoreKeyBackup`}.
-     */
-    public restoreKeyBackupWithRecoveryKey(
-        recoveryKey: string,
-        targetRoomId: string | undefined,
-        targetSessionId: string | undefined,
-        backupInfo: IKeyBackupInfo,
-        opts?: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult> {
-        const privKey = decodeRecoveryKey(recoveryKey);
-        return this.restoreKeyBackup(privKey, targetRoomId!, targetSessionId!, backupInfo, opts);
-    }
-
-    /**
-     * Restore from an existing key backup via a private key stored locally
-     * @param targetRoomId
-     * @param targetSessionId
-     * @param backupInfo
-     * @param opts
-     *
-     * @deprecated Prefer {@link CryptoApi.restoreKeyBackup | `CryptoApi.restoreKeyBackup`}.
-     */
-    public async restoreKeyBackupWithCache(
-        targetRoomId: undefined,
-        targetSessionId: undefined,
-        backupInfo: IKeyBackupInfo,
-        opts?: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult>;
-    /**
-     * @deprecated Prefer {@link CryptoApi.restoreKeyBackup | `CryptoApi.restoreKeyBackup`}.
-     */
-    public async restoreKeyBackupWithCache(
-        targetRoomId: string,
-        targetSessionId: undefined,
-        backupInfo: IKeyBackupInfo,
-        opts?: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult>;
-    /**
-     * @deprecated Prefer {@link CryptoApi.restoreKeyBackup | `CryptoApi.restoreKeyBackup`}.
-     */
-    public async restoreKeyBackupWithCache(
-        targetRoomId: string,
-        targetSessionId: string,
-        backupInfo: IKeyBackupInfo,
-        opts?: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult>;
-    /**
-     * @deprecated Prefer {@link CryptoApi.restoreKeyBackup | `CryptoApi.restoreKeyBackup`}.
-     */
-    public async restoreKeyBackupWithCache(
-        targetRoomId: string | undefined,
-        targetSessionId: string | undefined,
-        backupInfo: IKeyBackupInfo,
-        opts?: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult> {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        const privKey = await this.cryptoBackend.getSessionBackupPrivateKey();
-        if (!privKey) {
-            throw new Error("Couldn't get key");
-        }
-        return this.restoreKeyBackup(privKey, targetRoomId!, targetSessionId!, backupInfo, opts);
-    }
-
-    private async restoreKeyBackup(
-        privKey: ArrayLike<number>,
-        targetRoomId: undefined,
-        targetSessionId: undefined,
-        backupInfo: IKeyBackupInfo,
-        opts?: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult>;
-    private async restoreKeyBackup(
-        privKey: ArrayLike<number>,
-        targetRoomId: string,
-        targetSessionId: undefined,
-        backupInfo: IKeyBackupInfo,
-        opts?: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult>;
-    private async restoreKeyBackup(
-        privKey: ArrayLike<number>,
-        targetRoomId: string,
-        targetSessionId: string,
-        backupInfo: IKeyBackupInfo,
-        opts?: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult>;
-    private async restoreKeyBackup(
-        privKey: ArrayLike<number>,
-        targetRoomId: string | undefined,
-        targetSessionId: string | undefined,
-        backupInfo: IKeyBackupInfo,
-        opts?: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult> {
-        const cacheCompleteCallback = opts?.cacheCompleteCallback;
-        const progressCallback = opts?.progressCallback;
-
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-
-        if (!backupInfo.version) {
-            throw new Error("Backup version must be defined");
-        }
-        const backupVersion = backupInfo.version!;
-
-        let totalKeyCount = 0;
-        let totalFailures = 0;
-        let totalImported = 0;
-
-        const path = this.makeKeyBackupPath(targetRoomId, targetSessionId, backupVersion);
-
-        const backupDecryptor = await this.cryptoBackend.getBackupDecryptor(backupInfo, privKey);
-
-        const untrusted = !backupDecryptor.sourceTrusted;
-
-        try {
-            if (!(privKey instanceof Uint8Array)) {
-                // eslint-disable-next-line @typescript-eslint/no-base-to-string
-                throw new Error(`restoreKeyBackup expects Uint8Array, got ${privKey}`);
-            }
-            // Cache the key, if possible.
-            // This is async.
-            this.cryptoBackend
-                .storeSessionBackupPrivateKey(privKey, backupVersion)
-                .catch((e) => {
-                    this.logger.warn("Error caching session backup key:", e);
-                })
-                .then(cacheCompleteCallback);
-
-            if (progressCallback) {
-                progressCallback({
-                    stage: "fetch",
-                });
-            }
-
-            const res = await this.http.authedRequest<IRoomsKeysResponse | IRoomKeysResponse | IKeyBackupSession>(
-                Method.Get,
-                path.path,
-                path.queryData,
-                undefined,
-                { prefix: ClientPrefix.V3 },
-            );
-
-            // We have finished fetching the backup, go to next step
-            if (progressCallback) {
-                progressCallback({
-                    stage: "load_keys",
-                });
-            }
-
-            if ((res as IRoomsKeysResponse).rooms) {
-                // We have a full backup here, it can get quite big, so we need to decrypt and import it in chunks.
-
-                // Get the total count as a first pass
-                totalKeyCount = this.getTotalKeyCount(res as IRoomsKeysResponse);
-                // Now decrypt and import the keys in chunks
-                await this.handleDecryptionOfAFullBackup(
-                    res as IRoomsKeysResponse,
-                    backupDecryptor,
-                    200,
-                    async (chunk) => {
-                        // We have a chunk of decrypted keys: import them
-                        try {
-                            const backupVersion = backupInfo.version!;
-                            await this.cryptoBackend!.importBackedUpRoomKeys(chunk, backupVersion, {
-                                untrusted,
-                            });
-                            totalImported += chunk.length;
-                        } catch (e) {
-                            totalFailures += chunk.length;
-                            // We failed to import some keys, but we should still try to import the rest?
-                            // Log the error and continue
-                            logger.error("Error importing keys from backup", e);
-                        }
-
-                        if (progressCallback) {
-                            progressCallback({
-                                total: totalKeyCount,
-                                successes: totalImported,
-                                stage: "load_keys",
-                                failures: totalFailures,
-                            });
-                        }
-                    },
-                );
-            } else if ((res as IRoomKeysResponse).sessions) {
-                // For now we don't chunk for a single room backup, but we could in the future.
-                // Currently it is not used by the application.
-                const sessions = (res as IRoomKeysResponse).sessions;
-                totalKeyCount = Object.keys(sessions).length;
-                const keys = await backupDecryptor.decryptSessions(sessions);
-                for (const k of keys) {
-                    k.room_id = targetRoomId!;
-                }
-                await this.cryptoBackend.importBackedUpRoomKeys(keys, backupVersion, {
-                    progressCallback,
-                    untrusted,
-                });
-                totalImported = keys.length;
-            } else {
-                totalKeyCount = 1;
-                try {
-                    const [key] = await backupDecryptor.decryptSessions({
-                        [targetSessionId!]: res as IKeyBackupSession,
-                    });
-                    key.room_id = targetRoomId!;
-                    key.session_id = targetSessionId!;
-
-                    await this.cryptoBackend.importBackedUpRoomKeys([key], backupVersion, {
-                        progressCallback,
-                        untrusted,
-                    });
-                    totalImported = 1;
-                } catch (e) {
-                    this.logger.debug("Failed to decrypt megolm session from backup", e);
-                }
-            }
-        } finally {
-            backupDecryptor.free();
-        }
-
-        /// in case entering the passphrase would add a new signature?
-        await this.cryptoBackend.checkKeyBackupAndEnable();
-
-        return { total: totalKeyCount, imported: totalImported };
+    public async getCapabilities(): Promise<Capabilities> {
+        const caps = this.serverCapabilitiesService.getCachedCapabilities();
+        if (caps) return caps;
+        return this.serverCapabilitiesService.fetchCapabilities();
     }
 
     /**
-     * This method calculates the total number of keys present in the response of a `/room_keys/keys` call.
-     *
-     * @param res - The response from the server containing the keys to be counted.
+     * Gets the cached capabilities of the homeserver. If none have been fetched yet,
+     * return undefined.
      *
-     * @returns The total number of keys in the backup.
+     * @returns The capabilities of the homeserver
      */
-    private getTotalKeyCount(res: IRoomsKeysResponse): number {
-        const rooms = res.rooms;
-        let totalKeyCount = 0;
-        for (const roomData of Object.values(rooms)) {
-            if (!roomData.sessions) continue;
-            totalKeyCount += Object.keys(roomData.sessions).length;
-        }
-        return totalKeyCount;
+    public getCachedCapabilities(): Capabilities | undefined {
+        return this.serverCapabilitiesService.getCachedCapabilities();
     }
 
     /**
-     * This method handles the decryption of a full backup, i.e a call to `/room_keys/keys`.
-     * It will decrypt the keys in chunks and call the `block` callback for each chunk.
-     *
-     * @param res - The response from the server containing the keys to be decrypted.
-     * @param backupDecryptor - An instance of the BackupDecryptor class used to decrypt the keys.
-     * @param chunkSize - The size of the chunks to be processed at a time.
-     * @param block - A callback function that is called for each chunk of keys.
+     * Fetches the latest capabilities from the homeserver, ignoring any cached
+     * versions. The newly returned version is cached.
      *
-     * @returns A promise that resolves when the decryption is complete.
+     * @returns A promise which resolves to the capabilities of the homeserver
      */
-    private async handleDecryptionOfAFullBackup(
-        res: IRoomsKeysResponse,
-        backupDecryptor: BackupDecryptor,
-        chunkSize: number,
-        block: (chunk: IMegolmSessionData[]) => Promise<void>,
-    ): Promise<void> {
-        const rooms = (res as IRoomsKeysResponse).rooms;
-
-        let groupChunkCount = 0;
-        let chunkGroupByRoom: Map<string, IKeyBackupRoomSessions> = new Map();
-
-        const handleChunkCallback = async (roomChunks: Map<string, IKeyBackupRoomSessions>): Promise<void> => {
-            const currentChunk: IMegolmSessionData[] = [];
-            for (const roomId of roomChunks.keys()) {
-                const decryptedSessions = await backupDecryptor.decryptSessions(roomChunks.get(roomId)!);
-                for (const sessionId in decryptedSessions) {
-                    const k = decryptedSessions[sessionId];
-                    k.room_id = roomId;
-                    currentChunk.push(k);
-                }
-            }
-            await block(currentChunk);
-        };
-
-        for (const [roomId, roomData] of Object.entries(rooms)) {
-            if (!roomData.sessions) continue;
-
-            chunkGroupByRoom.set(roomId, {});
-
-            for (const [sessionId, session] of Object.entries(roomData.sessions)) {
-                const sessionsForRoom = chunkGroupByRoom.get(roomId)!;
-                sessionsForRoom[sessionId] = session;
-                groupChunkCount += 1;
-                if (groupChunkCount >= chunkSize) {
-                    // We have enough chunks to decrypt
-                    await handleChunkCallback(chunkGroupByRoom);
-                    chunkGroupByRoom = new Map();
-                    // There might be remaining keys for that room, so add back an entry for the current room.
-                    chunkGroupByRoom.set(roomId, {});
-                    groupChunkCount = 0;
-                }
-            }
-        }
-
-        // Handle remaining chunk if needed
-        if (groupChunkCount > 0) {
-            await handleChunkCallback(chunkGroupByRoom);
-        }
+    public fetchCapabilities(): Promise<Capabilities> {
+        return this.serverCapabilitiesService.fetchCapabilities();
     }
 
-    public deleteKeysFromBackup(roomId: undefined, sessionId: undefined, version?: string): Promise<void>;
-    public deleteKeysFromBackup(roomId: string, sessionId: undefined, version?: string): Promise<void>;
-    public deleteKeysFromBackup(roomId: string, sessionId: string, version?: string): Promise<void>;
-    public async deleteKeysFromBackup(roomId?: string, sessionId?: string, version?: string): Promise<void> {
-        const path = this.makeKeyBackupPath(roomId!, sessionId!, version);
-        await this.http.authedRequest(Method.Delete, path.path, path.queryData, undefined, { prefix: ClientPrefix.V3 });
+    /**
+     * @deprecated Does nothing.
+     */
+    public async uploadKeys(): Promise<void> {
+        this.logger.warn("MatrixClient.uploadKeys is deprecated");
     }
 
     /**
@@ -4678,18 +2220,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         }
 
         try {
-            let cancelled: boolean;
             this.eventsBeingEncrypted.add(event.getId()!);
-            try {
-                await this.encryptEventIfNeeded(event, room ?? undefined);
-            } finally {
-                cancelled = !this.eventsBeingEncrypted.delete(event.getId()!);
-            }
-
-            if (cancelled) {
-                // cancelled via MatrixClient::cancelPendingEvent
-                return {} as ISendEventResponse;
-            }
 
             // encryptEventIfNeeded may have updated the status from SENDING to ENCRYPTING. If so, we need
             // to put it back.
@@ -4740,70 +2271,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         }
     }
 
-    private async encryptEventIfNeeded(event: MatrixEvent, room?: Room): Promise<void> {
-        // If the room is unknown, we cannot encrypt for it
-        if (!room) return;
-
-        if (!(await this.shouldEncryptEventForRoom(event, room))) return;
-
-        if (!this.cryptoBackend && this.usingExternalCrypto) {
-            // The client has opted to allow sending messages to encrypted
-            // rooms even if the room is encrypted, and we haven't set up
-            // crypto. This is useful for users of matrix-org/pantalaimon
-            return;
-        }
-
-        if (!this.cryptoBackend) {
-            throw new Error("This room is configured to use encryption, but your client does not support encryption.");
-        }
-
-        this.updatePendingEventStatus(room, event, EventStatus.ENCRYPTING);
-        await this.cryptoBackend.encryptEvent(event, room);
-    }
-
-    /**
-     * Determine whether a given event should be encrypted when we send it to the given room.
-     *
-     * This takes into account event type and room configuration.
-     */
-    private async shouldEncryptEventForRoom(event: MatrixEvent, room: Room): Promise<boolean> {
-        if (event.isEncrypted()) {
-            // this event has already been encrypted; this happens if the
-            // encryption step succeeded, but the send step failed on the first
-            // attempt.
-            return false;
-        }
-
-        if (event.getType() === EventType.Reaction) {
-            // For reactions, there is a very little gained by encrypting the entire
-            // event, as relation data is already kept in the clear. Event
-            // encryption for a reaction effectively only obscures the event type,
-            // but the purpose is still obvious from the relation data, so nothing
-            // is really gained. It also causes quite a few problems, such as:
-            //   * triggers notifications via default push rules
-            //   * prevents server-side bundling for reactions
-            // The reaction key / content / emoji value does warrant encrypting, but
-            // this will be handled separately by encrypting just this value.
-            // See https://github.com/matrix-org/matrix-doc/pull/1849#pullrequestreview-248763642
-            return false;
-        }
-
-        if (event.isRedaction()) {
-            // Redactions do not support encryption in the spec at this time.
-            // Whilst it mostly worked in some clients, it wasn't compliant.
-            return false;
-        }
-
-        // If the room has an m.room.encryption event, we should encrypt.
-        if (room.hasEncryptionStateEvent()) return true;
-
-        // If we have a crypto impl, and *it* thinks we should encrypt, then we should.
-        if (await this.cryptoBackend?.isEncryptionEnabledInRoom(room.roomId)) return true;
-
-        // Otherwise, no need to encrypt.
-        return false;
-    }
-
     /**
      * Returns the eventType that should be used taking encryption into account
      * for a given eventType.
@@ -4924,7 +2391,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
             if (this.canSupport.get(Feature.RelationBasedRedactions) === ServerSupport.Unsupported) {
                 throw new Error(
                     "Server does not support relation based redactions " +
-                        `roomId ${roomId} eventId ${eventId} txnId: ${txnId} threadId ${threadId}`,
+                    `roomId ${roomId} eventId ${eventId} txnId: ${txnId} threadId ${threadId}`,
                 );
             }
 
@@ -6046,7 +3513,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         if (!this.timelineSupport) {
             throw new Error(
                 "timeline support is disabled. Set the 'timelineSupport'" +
-                    " parameter to true when creating MatrixClient to enable it.",
+                " parameter to true when creating MatrixClient to enable it.",
             );
         }
 
@@ -6289,7 +3756,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         if (!this.timelineSupport) {
             throw new Error(
                 "timeline support is disabled. Set the 'timelineSupport'" +
-                    " parameter to true when creating MatrixClient to enable it.",
+                " parameter to true when creating MatrixClient to enable it.",
             );
         }
 
@@ -7379,84 +4846,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         }
     };
 
-    /**
-     * @returns Promise which resolves: ITurnServerResponse object
-     * @returns Rejects: with an error response.
-     */
-    public turnServer(): Promise<ITurnServerResponse> {
-        return this.http.authedRequest(Method.Get, "/voip/turnServer");
-    }
-
-    /**
-     * Get the TURN servers for this homeserver.
-     * @returns The servers or an empty list.
-     */
-    public getTurnServers(): ITurnServer[] {
-        return this.turnServers || [];
-    }
-
-    /**
-     * Get the unix timestamp (in milliseconds) at which the current
-     * TURN credentials (from getTurnServers) expire
-     * @returns The expiry timestamp in milliseconds
-     */
-    public getTurnServersExpiry(): number {
-        return this.turnServersExpiry;
-    }
-
-    public get pollingTurnServers(): boolean {
-        return this.checkTurnServersIntervalID !== undefined;
-    }
-
-    // XXX: Intended private, used in code.
-    public async checkTurnServers(): Promise<boolean | undefined> {
-        if (!this.canSupportVoip) {
-            return;
-        }
-
-        let credentialsGood = false;
-        const remainingTime = this.turnServersExpiry - Date.now();
-        if (remainingTime > TURN_CHECK_INTERVAL) {
-            this.logger.debug("TURN creds are valid for another " + remainingTime + " ms: not fetching new ones.");
-            credentialsGood = true;
-        } else {
-            this.logger.debug("Fetching new TURN credentials");
-            try {
-                const res = await this.turnServer();
-                if (res.uris) {
-                    this.logger.debug("Got TURN URIs: " + res.uris + " refresh in " + res.ttl + " secs");
-                    // map the response to a format that can be fed to RTCPeerConnection
-                    const servers: ITurnServer = {
-                        urls: res.uris,
-                        username: res.username,
-                        credential: res.password,
-                    };
-                    this.turnServers = [servers];
-                    // The TTL is in seconds but we work in ms
-                    this.turnServersExpiry = Date.now() + res.ttl * 1000;
-                    credentialsGood = true;
-                    this.emit(ClientEvent.TurnServers, this.turnServers);
-                }
-            } catch (err) {
-                this.logger.error("Failed to get TURN URIs", err);
-                if ((<HTTPError>err).httpStatus === 403) {
-                    // We got a 403, so there's no point in looping forever.
-                    this.logger.info("TURN access unavailable for this account: stopping credentials checks");
-                    if (this.checkTurnServersIntervalID !== null) {
-                        globalThis.clearInterval(this.checkTurnServersIntervalID);
-                    }
-                    this.checkTurnServersIntervalID = undefined;
-                    this.emit(ClientEvent.TurnServersError, <HTTPError>err, true); // fatal
-                } else {
-                    // otherwise, if we failed for whatever reason, try again the next time we're called.
-                    this.emit(ClientEvent.TurnServersError, <Error>err, false); // non-fatal
-                }
-            }
-        }
-
-        return credentialsGood;
-    }
-
     /**
      * Set whether to allow a fallback ICE server should be used for negotiating a
      * WebRTC connection if the homeserver doesn't provide any servers. Defaults to
@@ -7798,8 +5187,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         let events = result.chunk.map(mapper);
 
         if (fetchedEventType === EventType.RoomMessageEncrypted) {
-            const allEvents = originalEvent ? events.concat(originalEvent) : events;
-            await Promise.all(allEvents.map((e) => this.decryptEventIfNeeded(e)));
             if (eventType !== null) {
                 events = events.filter((e) => e.getType() === eventType);
             }
@@ -7816,17 +5203,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         };
     }
 
-    /**
-     * The app may wish to see if we have a key cached without
-     * triggering a user interaction.
-     *
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public getCrossSigningCacheCallbacks(): ICacheCallbacks | undefined {
-        // XXX: Private member access
-        return this.crypto?.crossSigningInfo.getCacheCallbacks();
-    }
-
     /**
      * Generates a random string suitable for use as a client secret. <strong>This
      * method is experimental and may change.</strong>
@@ -7842,15 +5218,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
      * @returns A decryption promise
      */
     public decryptEventIfNeeded(event: MatrixEvent, options?: IDecryptOptions): Promise<void> {
-        if (event.shouldAttemptDecryption() && this.isCryptoEnabled()) {
-            event.attemptDecryption(this.cryptoBackend!, options);
-        }
-
-        if (event.isBeingDecrypted()) {
-            return event.getDecryptionPromise()!;
-        } else {
-            return Promise.resolve();
-        }
+        return Promise.resolve();
     }
 
     private termsUrlForService(serviceType: SERVICE_TYPES, baseUrl: string): URL {
@@ -8163,17 +5531,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
      * @returns Promise which resolves: On success, the empty object `{}`
      */
     public async logout(stopClient = false): Promise<{}> {
-        if (this.crypto?.backupManager?.getKeyBackupEnabled()) {
-            try {
-                while ((await this.crypto.backupManager.backupPendingKeys(200)) > 0);
-            } catch (err) {
-                this.logger.error(
-                    "Key backup request failed when logging out. Some keys may be missing from backup",
-                    err,
-                );
-            }
-        }
-
         if (stopClient) {
             this.stopClient();
             this.http.abort();
@@ -9218,87 +6575,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         return this.http.authedRequest(Method.Post, "/search", queryParams, body, { abortSignal });
     }
 
-    /**
-     * Upload keys
-     *
-     * @param content -  body of upload request
-     *
-     * @param opts - this method no longer takes any opts,
-     *  used to take opts.device_id but this was not removed from the spec as a redundant parameter
-     *
-     * @returns Promise which resolves: result object. Rejects: with
-     *     an error response ({@link MatrixError}).
-     */
-    public uploadKeysRequest(content: IUploadKeysRequest, opts?: void): Promise<IKeysUploadResponse> {
-        return this.http.authedRequest(Method.Post, "/keys/upload", undefined, content);
-    }
-
-    public uploadKeySignatures(content: KeySignatures): Promise<IUploadKeySignaturesResponse> {
-        return this.http.authedRequest(Method.Post, "/keys/signatures/upload", undefined, content);
-    }
-
-    /**
-     * Download device keys
-     *
-     * @param userIds -  list of users to get keys for
-     *
-     * @param token - sync token to pass in the query request, to help
-     *   the HS give the most recent results
-     *
-     * @returns Promise which resolves: result object. Rejects: with
-     *     an error response ({@link MatrixError}).
-     */
-    public downloadKeysForUsers(userIds: string[], { token }: { token?: string } = {}): Promise<IDownloadKeyResult> {
-        const content: IQueryKeysRequest = {
-            device_keys: {},
-        };
-        if (token !== undefined) {
-            content.token = token;
-        }
-        userIds.forEach((u) => {
-            content.device_keys[u] = [];
-        });
-
-        return this.http.authedRequest(Method.Post, "/keys/query", undefined, content);
-    }
-
-    /**
-     * Claim one-time keys
-     *
-     * @param devices -  a list of [userId, deviceId] pairs
-     *
-     * @param keyAlgorithm -  desired key type
-     *
-     * @param timeout - the time (in milliseconds) to wait for keys from remote
-     *     servers
-     *
-     * @returns Promise which resolves: result object. Rejects: with
-     *     an error response ({@link MatrixError}).
-     */
-    public claimOneTimeKeys(
-        devices: [string, string][],
-        keyAlgorithm = "signed_curve25519",
-        timeout?: number,
-    ): Promise<IClaimOTKsResult> {
-        const queries: Record<string, Record<string, string>> = {};
-
-        if (keyAlgorithm === undefined) {
-            keyAlgorithm = "signed_curve25519";
-        }
-
-        for (const [userId, deviceId] of devices) {
-            const query = queries[userId] || {};
-            safeSet(queries, userId, query);
-            safeSet(query, deviceId, keyAlgorithm);
-        }
-        const content: IClaimKeysRequest = { one_time_keys: queries };
-        if (timeout) {
-            content.timeout = timeout;
-        }
-        const path = "/keys/claim";
-        return this.http.authedRequest(Method.Post, path, undefined, content);
-    }
-
     /**
      * Ask the server for a list of users who have changed their device lists
      * between a pair of sync tokens
@@ -9316,15 +6592,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         return this.http.authedRequest(Method.Get, "/keys/changes", qps);
     }
 
-    public uploadDeviceSigningKeys(auth?: AuthDict, keys?: CrossSigningKeys): Promise<{}> {
-        // API returns empty object
-        const data = Object.assign({}, keys);
-        if (auth) Object.assign(data, { auth });
-        return this.http.authedRequest(Method.Post, "/keys/device_signing/upload", undefined, data, {
-            prefix: ClientPrefix.Unstable,
-        });
-    }
-
     /**
      * Register with an identity server using the OpenID token from the user's
      * Homeserver, which can be retrieved via
@@ -9652,10 +6919,10 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         identityAccessToken: string,
     ): Promise<
         | {
-              address: string;
-              medium: string;
-              mxid: string;
-          }
+            address: string;
+            medium: string;
+            mxid: string;
+        }
         | {}
     > {
         // Note: we're using the V2 API by calling this function, but our
@@ -9953,13 +7220,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
                         [UNSTABLE_MSC3088_ENABLED.name]: true,
                     },
                 },
-                {
-                    type: EventType.RoomEncryption,
-                    state_key: "",
-                    content: {
-                        algorithm: olmlib.MEGOLM_ALGORITHM,
-                    },
-                },
             ],
         });
         return new MSC3089TreeSpace(this, roomId);
@@ -10179,88 +7439,6 @@ function getUnstableDelayQueryOpts(delayOpts: SendDelayedEventRequestOpts): Quer
     );
 }
 
-/**
- * recalculates an accurate notifications count on event decryption.
- * Servers do not have enough knowledge about encrypted events to calculate an
- * accurate notification_count
- */
-export function fixNotificationCountOnDecryption(cli: MatrixClient, event: MatrixEvent): void {
-    const ourUserId = cli.getUserId();
-    const eventId = event.getId();
-
-    const room = cli.getRoom(event.getRoomId());
-    if (!room || !ourUserId || !eventId) return;
-
-    // Due to threads, we can get relation events (eg. edits & reactions) that never get
-    // added to a timeline and so cannot be found in their own room (their edit / reaction
-    // still applies to the event it needs to, so it doesn't matter too much). However, if
-    // we try to process notification about this event, we'll get very confused because we
-    // won't be able to find the event in the room, so will assume it must be unread, even
-    // if it's actually read. We therefore skip anything that isn't in the room. This isn't
-    // *great*, so if we can fix the homeless events (eg. with MSC4023) then we should probably
-    // remove this workaround.
-    if (!room.findEventById(eventId)) {
-        logger.info(`Decrypted event ${event.getId()} is not in room ${room.roomId}: ignoring`);
-        return;
-    }
-
-    const isThreadEvent = !!event.threadRootId && !event.isThreadRoot;
-
-    let hasReadEvent;
-    if (isThreadEvent) {
-        const thread = room.getThread(event.threadRootId);
-        hasReadEvent = thread
-            ? thread.hasUserReadEvent(ourUserId, eventId)
-            : // If the thread object does not exist in the room yet, we don't
-              // want to calculate notification for this event yet. We have not
-              // restored the read receipts yet and can't accurately calculate
-              // notifications at this stage.
-              //
-              // This issue can likely go away when MSC3874 is implemented
-              true;
-    } else {
-        hasReadEvent = room.hasUserReadEvent(ourUserId, eventId);
-    }
-
-    if (hasReadEvent) {
-        // If the event has been read, ignore it.
-        return;
-    }
-
-    const actions = cli.getPushActionsForEvent(event, true);
-
-    // Ensure the unread counts are kept up to date if the event is encrypted
-    // We also want to make sure that the notification count goes up if we already
-    // have encrypted events to avoid other code from resetting 'highlight' to zero.
-    const newHighlight = !!actions?.tweaks?.highlight;
-
-    if (newHighlight) {
-        // TODO: Handle mentions received while the client is offline
-        // See also https://github.com/vector-im/element-web/issues/9069
-        const newCount = room.getUnreadCountForEventContext(NotificationCountType.Highlight, event) + 1;
-        if (isThreadEvent) {
-            room.setThreadUnreadNotificationCount(event.threadRootId, NotificationCountType.Highlight, newCount);
-        } else {
-            room.setUnreadNotificationCount(NotificationCountType.Highlight, newCount);
-        }
-    }
-
-    // `notify` is used in practice for incrementing the total count
-    const newNotify = !!actions?.notify;
-
-    // The room total count is NEVER incremented by the server for encrypted rooms. We basically ignore
-    // the server here as it's always going to tell us to increment for encrypted events.
-    if (newNotify) {
-        // Total count is used to typically increment a room notification counter, but not loudly highlight it.
-        const newCount = room.getUnreadCountForEventContext(NotificationCountType.Total, event) + 1;
-        if (isThreadEvent) {
-            room.setThreadUnreadNotificationCount(event.threadRootId, NotificationCountType.Total, newCount);
-        } else {
-            room.setUnreadNotificationCount(NotificationCountType.Total, newCount);
-        }
-    }
-}
-
 /**
  * Given an event, figure out the thread ID we should use for it in a receipt.
  *