Eyeballing the code in MatrixSDK/Crypto/Recovery/MXRecoveryService.m and MatrixSDK/Crypto/SecretStorage/MXSecretStorage.m, and looking at a rageshake, it looks very much as though we don't validate the entered recovery key against the mac stored in m.secret_storage.key.[key ID] (see https://spec.matrix.org/v1.17/client-server-api/#key-storage).
This means that error reporting to the user is confusing: rather than saying "this is the wrong key", we have much more obscure errors. (Or, in fact, none at all, because it just loops back to "verify your account").
Eyeballing the code in
MatrixSDK/Crypto/Recovery/MXRecoveryService.mandMatrixSDK/Crypto/SecretStorage/MXSecretStorage.m, and looking at a rageshake, it looks very much as though we don't validate the entered recovery key against themacstored inm.secret_storage.key.[key ID](see https://spec.matrix.org/v1.17/client-server-api/#key-storage).This means that error reporting to the user is confusing: rather than saying "this is the wrong key", we have much more obscure errors. (Or, in fact, none at all, because it just loops back to "verify your account").