feat: Store symmetric key non-redundantly in the database

src/chat/chat_tests.rs

@@ -3081,13 +3081,16 @@ async fn test_encrypt_decrypt_broadcast_integration() -> Result<()> {
     let alice_bob_contact_id = alice.add_or_lookup_contact_id(bob).await;
 
     tcm.section("Create a broadcast channel with Bob, and send a message");
-    let alice_chat_id = create_broadcast(alice, "My Channel".to_string()).await?;
+    let alice_chat_id = create_broadcast_ex(
+        alice,
+        Sync,
+        "My Channel".to_string(),
+        "grpid".to_string(),
+        secret.to_string(),
+    )
+    .await?;
     add_contact_to_chat(alice, alice_chat_id, alice_bob_contact_id).await?;
 
-    let mut alice_chat = Chat::load_from_db(alice, alice_chat_id).await?;
-    alice_chat.param.set(Param::SymmetricKey, secret);
-    alice_chat.update_param(alice).await?;
-
     // TODO the chat_id 10 is magical here:
     bob.sql
         .execute(

src/mimefactory.rs

@@ -1143,7 +1143,7 @@ impl MimeFactory {
                 Loaded::Mdn { .. } => true,
             };
 
-            let symmetric_key = match &self.loaded {
+            let symmetric_key: Option<String> = match &self.loaded {
                 Loaded::Message { chat, .. } if chat.typ == Chattype::OutBroadcast => {
                     // If there is no symmetric key yet
                     // (because this is an old broadcast channel,
@@ -1152,7 +1152,13 @@ impl MimeFactory {
                     // Symmetric encryption exists since 2025-08;
                     // some time after that, we can think about requiring everyone
                     // to switch to symmetrically-encrypted broadcast lists.
-                    chat.param.get(Param::SymmetricKey)
+                    context
+                        .sql
+                        .query_get_value(
+                            "SELECT secret FROM broadcasts_shared_secrets WHERE chat_id=?",
+                            (chat.id,),
+                        )
+                        .await?
                 }
                 _ => None,
             };
@@ -1160,7 +1166,7 @@ impl MimeFactory {
             let encrypted = if let Some(symmetric_key) = symmetric_key {
                 info!(context, "Symmetrically encrypting for broadcast channel.");
                 encrypt_helper
-                    .encrypt_for_broadcast(context, symmetric_key, message, compress)
+                    .encrypt_for_broadcast(context, &symmetric_key, message, compress)
                     .await?
             } else {
                 // Asymmetric encryption

src/param.rs

@@ -172,11 +172,6 @@ pub enum Param {
     /// post something to the mailing list.
     ListPost = b'p',
 
-    /// For Chats of type [`Chattype::OutBroadcast`] and [`Chattype::InBroadcast`]: // TODO (or just OutBroadcast)
-    /// The symmetric key shared among all chat participants,
-    /// used to encrypt and decrypt messages.
-    SymmetricKey = b'z', // TODO remove this
-
     /// For Contacts: If this is the List-Post address of a mailing list, contains
     /// the List-Id of the mailing list (which is also used as the group id of the chat).
     ListId = b's',