[Standards] Encrypted Jingle File Transfer

Vanitas Vitae vanitasvitae at riseup.net
Sun Jun 4 13:45:28 UTC 2017


Hi Remko!

Thank you for your suggestion. I didn't knew about xmlenc, but it looks
like it is (for now) only available for java, so restricting algorithms
etc. definitely sounds like a good idea.


Am 04.06.2017 um 15:31 schrieb Remko Tronçon:
> Hi Vanitasvitae!
>
> I wonder if it would make sense to use something like xmlenc to have a
> 'generic' way to encrypt (parts of) stanzas. This way, you can
> decouple the encryption key info etc. from the things you want to
> encrypt, and you can choose to encrypt entire elements, or just parts
> of elements. 
>
> For example, if you want to encrypt the entire <file> metadata:
>
> <iq>
>   <encrypted xmlns='urn:xmpp:omemo:0'>
>     <header sid='27183'>
>       <key rid='31415'>BASE64ENCODED...</key>
>       <key rid='12321'>BASE64ENCODED...</key>
>       ...
>     </header>
>   </encrypted>
>   <jingle xmlns='urn:xmpp:jingle:1'
>        action='session-initiate'
>        initiator='romeo at montague.example/dr4hcr0st3lup4c'
>        sid='851ba2'>
>   <content creator='initiator' name='a-file-offer' senders='initiator'>
>     <description xmlns='urn:xmpp:jingle:apps:encrypted:file-transfer:0'>
>       <!-- Encrypt entire file Element (#Element) -->
>       <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"
> Type="http://www.w3.org/2001/04/xmlenc#Element">
>         <EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
>         <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
>           <KeyName>omemo</KeyName>
>         </KeyInfo>
>         <CipherData>
>          
> <CipherValue>/7VSyS4tbcfsq7JYhZRgQE8bNkiyUJKi68FdmdoA2PIRjGumbfI35X2om/4mbfHteCAEBATpsr/l/HvQf7GERGtvmuupNFh7reGeSWl8wajwwYyfQi9BM6MfjZKi8D9Q94FhWz2p0LMVEjduI9svzKOf/uLI3JolK39nH70ezvyYebybpasDxC51SypmVU1p</CipherValue>
>         </CipherData>
>       </EncryptedData> 
>     </description>    
>   </content>
>   </jingle>
> </iq>
>
> Or, if you just want to encrypt only parts of the <file> (e.g. not the
> hash)
>
> <iq>
>   <encrypted xmlns='urn:xmpp:omemo:0'>
>     <header sid='27183'>
>       <key rid='31415'>BASE64ENCODED...</key>
>       <key rid='12321'>BASE64ENCODED...</key>
>       ...
>     </header>
>   </encrypted>
>   <jingle xmlns='urn:xmpp:jingle:1'
>        action='session-initiate'
>        initiator='romeo at montague.example/dr4hcr0st3lup4c'
>        sid='851ba2'>
>   <content creator='initiator' name='a-file-offer' senders='initiator'>
>     <description xmlns='urn:xmpp:jingle:apps:encrypted:file-transfer:0'>
>       <file>
>         <hash xmlns='urn:xmpp:hashes:2'
> algo='sha-1'>w0mcJylzCn+AfvuGdqkty2+KP48=</hash>
>
>         <!-- Encrypt only part of file content (#Content) -->
>         <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"
> Type="http://www.w3.org/2001/04/xmlenc#Content">
>           <EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
>           <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
>             <KeyName>omemo</KeyName>
>           </KeyInfo>
>           <CipherData>
>           
> <CipherValue>/7VSyS4tbcfsq7JYhZRgQE8bNkiyUJKi68FdmdoA2PIRjGumbfI35X2om/4mbfHteCAEBATpsr/l/HvQf7GERGtvmuupNFh7reGeSWl8wajwwYyfQi9BM6MfjZKi8D9Q94FhWz2p0LMVEjduI9svzKOf/uLI3JolK39nH70ezvyYebybpasDxC51SypmVU1p</CipherValue>
>           </CipherData>
>         </EncryptedData> 
>       </file>
>     </description>    
>   </content>
>   </jingle>
> </iq>
>
> KeyInfo could be used to distinguish where the key material is coming
> from for encryption (e.g. OMEMO element at the top of the IQ).
>
> I'm not saying xmlenc is very elegant, and it's very broad, but it has
> the advantage that you may get an implementation for free in your
> language? It might need some restricting of possible
> algorithms/keys/... for clients that need to implement this themselves
> if they don't have xmlenc available.
>
> Remko
>
>
> _______________________________________________
> Standards mailing list
> Info: https://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: Standards-unsubscribe at xmpp.org
> _______________________________________________

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20170604/22323dcf/attachment.html>


More information about the Standards mailing list