[Standards] Encrypted Jingle File Transfer

Vanitas Vitae vanitasvitae at riseup.net
Sun Jun 4 13:01:45 UTC 2017


Hi!

As part of my GSoC project I'd like to think of a way to enable
end-to-end encrypted Jingle file transfer. It should be possible for
participants to exchange files encrypted by exchanging a key using the
encryption scheme of their choice (OMEMO, OpenPGP, OTR...).

Some nice-to-have properties I can think of are:

 1. authenticity and integrity (recipient must be sure, the content was
    sent by the sender and has not been tampered with)
 2. All known transport methods can be used
 3. no leaking of metadata about the file (filename, size, extension,
    type, hash etc.)

First of all I have to point out that I'm pretty new to the XMPP
community, so there are most definitely things I forgot/did not think of :)
I threw together a naive first approach to solve the problem and
sketched it out as session-initiate jingle elements.
The main idea is, that the session-initiate stanza contains an AES key
used to decrypt the file that will be sent during the session.
This key is - along with metadata about the file - encrypted using the
encryption method of choice. The recipient would decrypt the key and
information, than the user would accept the transfer and later use the
key to decrypt the file.


  ##OpenPGP##
<jingle xmlns='urn:xmpp:jingle:1'
       action='session-initiate'
       initiator='romeo at montague.example/dr4hcr0st3lup4c'
       sid='851ba2'>
  <content creator='initiator' name='a-file-offer' senders='initiator'>
    <description xmlns='urn:xmpp:jingle:apps:encrypted:file-transfer:0'>
      <file>
        <signcrypt xmlns='urn:xmpp:openpgp:0'>
          <to jid='juliet at example.org'/>
          <time stamp='2014-07-10T17:06:00+02:00'/>
          <payload>
            <body xmlns='jabber:client'>
              BASE64-ENCODED-ENCRYPTED-METADATA
            </body>
          </payload>
        </signcrypt>
         </file>
    </description>
  </content>
</jingle>
 
  ##OMEMO##
<jingle xmlns='urn:xmpp:jingle:1'
       action='session-initiate'
       initiator='romeo at montague.example/dr4hcr0st3lup4c'
       sid='851ba2'>
  <content creator='initiator' name='a-file-offer' senders='initiator'>
    <description xmlns='urn:xmpp:jingle:apps:encrypted:file-transfer:0'>
      <file>
        <encrypted xmlns='urn:xmpp:omemo:0'>
          <header sid='27183'>
            <key rid='31415'>BASE64ENCODED...</key>
            <key rid='12321'>BASE64ENCODED...</key>
            <!-- ... -->
            <iv>BASE64ENCODED...</iv>
          </header>
          <payload>
            BASE64-ENCODED-ENCRYPTED-METADATA
          </payload>
        </encrypted>
      </file>
    </description>    
  </content>
</jingle>
 
 
Decrypted BASE64-ENCODED-ENCRYPTED-METADATA string is of the following form:
 
#######################################
KEY-TYPE=AES-GCM-256\n 
  (or whatever)
FILE-KEY=BASE64-ENCODED-AES-KEY-FOR-THE-FILE\n
ADD=ADDITIONAL-PARAMETERS\n 
  (iv, salt etc.)
META=BASE64-ENCODED-XML-DESCRIPTION-ELEMENT 
  (<description xmlns=’urn:xmpp:jingle:apps:file-transfer:5’>)
#######################################
 
 
Notes:
 - There are certainly issues with XML (Namespaces etc.) since I have no
clue what I'm doing and how to do stuff properly
 - Multiple layers of B64 -> Overhead. Better solution?
 - Crypto-XEP unusual behavior (eg. payload != body of message...)
 - Crypto MUST ensure authenticity (signatures or encrypted authtag...)

What do you think of my sketch? Please let me know about all the things
I have forgotten/not considered :)
I also created this pad to keep track of development:
https://piratenpad.de/p/Encrypted_Jingle_File_Transfer

Greetings Vanitasvitae
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20170604/4ab9f0da/attachment.html>


More information about the Standards mailing list