Hey,
for encrypted HTTP Uploads I'd like to add the following:
If you encrypt the file using standard OpenPGP by encrypting it to some
public key(s) and upload it to the server, you cannot "reuse" the upload
for additional contacts. What I mean by that is, that the set of
recipients is fixed by the time you upload the file. If you want to
share it with additional contacts, or a new contact joins your MIX
channel with that nice encrypted pinned message, you need to re-encrypt
the file and upload it once again. So encrypting files using recipient
public keys is obvious, but has drawbacks.
This can be fixed by not encrypting for recipient public keys, but using
a passphrase instead. In the OpenPGP spec, this is known as using a
Symmetric Key Message Encryption[1]. If you choose a password strong
enough, the encryption is just as safe as if you would encrypt to a
public key (the encryption mechanism for the message body is the same).
However, at this point you can just encrypt the file directly using some
symmetric encryption scheme, so you do not have to depend on a whole
OpenPGP library, which can be quite a bit of added complexity[2].
This is where XEP-0448 fills the gap. It solves your questions about
random file names and how to transfer the decryption key/iv.
Paul
[1];
https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-05.html#name-symmetric-key-message-encry
[2]:
https://blog.jabberhead.tk/2021/04/03/why-signature-verification-in-openpgp-is-hard/
Am 29.04.22 um 14:40 schrieb Martin Dosch:
Dear all,
while looking at XEP-0373 and XEP-0374 I realized that this specs do
not cover HTTP-Upload and MUC. Is anyone working on extending the
specs already or did no-one tackle those gaps yet?
For MUC I (naively?) think it'll be very easy. Just get the public
keys for all participants in an non-anonymous MUC and use all public
keys to encrypt the message.
For HTTP-Upload I see different questions:
- Do we want to encrypt file-uploads with a secret or the public keys
of all recipients?
- Do we want to keep the filename, attach `.pgp` or change it to
`randomstring.pgp`?
- Do we want to stuff the URL in the body like in OMEMO or in some
element in the encrypted payload?
I'm pretty sure that some people already thought about all this (and
probably more) but I wasn't able to find any discussions on the
mailing list.
What do you think?
Best regards,
Martin
_______________________________________________
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: [email protected]
_______________________________________________
_______________________________________________
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: [email protected]
_______________________________________________
