[Standards] Encrypted Jingle File Transfer

Dave Cridland dave at cridland.net
Tue Jun 6 11:02:41 UTC 2017


While based on the old eSessions specification, it might well be worth
looking at XEP-0200 for full-stanza encryption. ISTR it was implemented by
Gajim back in the day, but I may be wrong - this specification was last
updated just over a decade ago.#, and my memory really isn't *that* good...

On 4 Jun 2017 16:47, "Fabian Beutel" <fabian.beutel at gmx.de> wrote:

> Hey,
>
> I very much like the idea of having the option to encrypt complete
> stanzas! I think this could be implemented transparently and would allow
> all kind of jingle session meta data to be secret.
>
> I wrote about this on this list on two occasions already:
> https://mail.jabber.org/pipermail/standards/2016-October/031475.html
> https://mail.jabber.org/pipermail/standards/2016-September/031440.html
>
>
> Basically, I would love to see a specification which describes how to
> transparently encrypt arbitrary stanzas (or parts of stanzas).
> This should be kept in a separate XEP from encrypted
> Jingle-Filetransfer, however, the latter could then refer to the
> stanza-encryption-XEP for not leaking meta data etc.
>
> Best regards,
> Fabian
>
>
> On 04.06.2017 15:31, Remko Tronçon wrote:
> > Hi Vanitasvitae!
> >
> > I wonder if it would make sense to use something like xmlenc to have a
> > 'generic' way to encrypt (parts of) stanzas. This way, you can decouple
> > the encryption key info etc. from the things you want to encrypt, and
> > you can choose to encrypt entire elements, or just parts of elements.
> >
> > For example, if you want to encrypt the entire <file> metadata:
> >
> > <iq>
> >   <encrypted xmlns='urn:xmpp:omemo:0'>
> >     <header sid='27183'>
> >       <key rid='31415'>BASE64ENCODED...</key>
> >       <key rid='12321'>BASE64ENCODED...</key>
> >       ...
> >     </header>
> >   </encrypted>
> >   <jingle xmlns='urn:xmpp:jingle:1'
> >        action='session-initiate'
> >        initiator='romeo at montague.example/dr4hcr0st3lup4c'
> >        sid='851ba2'>
> >   <content creator='initiator' name='a-file-offer' senders='initiator'>
> >     <description xmlns='urn:xmpp:jingle:apps:encrypted:file-transfer:0'>
> >       <!-- Encrypt entire file Element (#Element) -->
> >       <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"
> > Type="http://www.w3.org/2001/04/xmlenc#Element">
> >         <EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
> >         <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> >           <KeyName>omemo</KeyName>
> >         </KeyInfo>
> >         <CipherData>
> >
> > <CipherValue>/7VSyS4tbcfsq7JYhZRgQE8bNkiyUJKi68FdmdoA2PIRjGumbfI35X2om/
> 4mbfHteCAEBATpsr/l/HvQf7GERGtvmuupNFh7reGeSWl8waj
> wwYyfQi9BM6MfjZKi8D9Q94FhWz2p0LMVEjduI9svzKOf/
> uLI3JolK39nH70ezvyYebybpasDxC51SypmVU1p</CipherValue>
> >         </CipherData>
> >       </EncryptedData>
> >     </description>
> >   </content>
> >   </jingle>
> > </iq>
> >
> > Or, if you just want to encrypt only parts of the <file> (e.g. not the
> hash)
> >
> > <iq>
> >   <encrypted xmlns='urn:xmpp:omemo:0'>
> >     <header sid='27183'>
> >       <key rid='31415'>BASE64ENCODED...</key>
> >       <key rid='12321'>BASE64ENCODED...</key>
> >       ...
> >     </header>
> >   </encrypted>
> >   <jingle xmlns='urn:xmpp:jingle:1'
> >        action='session-initiate'
> >        initiator='romeo at montague.example/dr4hcr0st3lup4c'
> >        sid='851ba2'>
> >   <content creator='initiator' name='a-file-offer' senders='initiator'>
> >     <description xmlns='urn:xmpp:jingle:apps:encrypted:file-transfer:0'>
> >       <file>
> >         <hash xmlns='urn:xmpp:hashes:2'
> > algo='sha-1'>w0mcJylzCn+AfvuGdqkty2+KP48=</hash>
> >
> >         <!-- Encrypt only part of file content (#Content) -->
> >         <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"
> > Type="http://www.w3.org/2001/04/xmlenc#Content">
> >           <EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
> >           <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> >             <KeyName>omemo</KeyName>
> >           </KeyInfo>
> >           <CipherData>
> >
> > <CipherValue>/7VSyS4tbcfsq7JYhZRgQE8bNkiyUJKi68FdmdoA2PIRjGumbfI35X2om/
> 4mbfHteCAEBATpsr/l/HvQf7GERGtvmuupNFh7reGeSWl8waj
> wwYyfQi9BM6MfjZKi8D9Q94FhWz2p0LMVEjduI9svzKOf/
> uLI3JolK39nH70ezvyYebybpasDxC51SypmVU1p</CipherValue>
> >           </CipherData>
> >         </EncryptedData>
> >       </file>
> >     </description>
> >   </content>
> >   </jingle>
> > </iq>
> >
> > KeyInfo could be used to distinguish where the key material is coming
> > from for encryption (e.g. OMEMO element at the top of the IQ).
> >
> > I'm not saying xmlenc is very elegant, and it's very broad, but it has
> > the advantage that you may get an implementation for free in your
> > language? It might need some restricting of possible algorithms/keys/...
> > for clients that need to implement this themselves if they don't have
> > xmlenc available.
> >
> > Remko
> >
> >
> > _______________________________________________
> > Standards mailing list
> > Info: https://mail.jabber.org/mailman/listinfo/standards
> > Unsubscribe: Standards-unsubscribe at xmpp.org
> > _______________________________________________
> >
>
> _______________________________________________
> Standards mailing list
> Info: https://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: Standards-unsubscribe at xmpp.org
> _______________________________________________
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20170606/ec9ab950/attachment.html>


More information about the Standards mailing list