While based on the old eSessions specification, it might well be worth looking at XEP-0200 for full-stanza encryption. ISTR it was implemented by Gajim back in the day, but I may be wrong - this specification was last updated just over a decade ago.#, and my memory really isn't *that* good...
On 4 Jun 2017 16:47, "Fabian Beutel" <fabian.beu...@gmx.de> wrote: > Hey, > > I very much like the idea of having the option to encrypt complete > stanzas! I think this could be implemented transparently and would allow > all kind of jingle session meta data to be secret. > > I wrote about this on this list on two occasions already: > https://mail.jabber.org/pipermail/standards/2016-October/031475.html > https://mail.jabber.org/pipermail/standards/2016-September/031440.html > > > Basically, I would love to see a specification which describes how to > transparently encrypt arbitrary stanzas (or parts of stanzas). > This should be kept in a separate XEP from encrypted > Jingle-Filetransfer, however, the latter could then refer to the > stanza-encryption-XEP for not leaking meta data etc. > > Best regards, > Fabian > > > On 04.06.2017 15:31, Remko Tronçon wrote: > > Hi Vanitasvitae! > > > > I wonder if it would make sense to use something like xmlenc to have a > > 'generic' way to encrypt (parts of) stanzas. This way, you can decouple > > the encryption key info etc. from the things you want to encrypt, and > > you can choose to encrypt entire elements, or just parts of elements. > > > > For example, if you want to encrypt the entire <file> metadata: > > > > <iq> > > <encrypted xmlns='urn:xmpp:omemo:0'> > > <header sid='27183'> > > <key rid='31415'>BASE64ENCODED...</key> > > <key rid='12321'>BASE64ENCODED...</key> > > ... > > </header> > > </encrypted> > > <jingle xmlns='urn:xmpp:jingle:1' > > action='session-initiate' > > initiator='romeo@montague.example/dr4hcr0st3lup4c' > > sid='851ba2'> > > <content creator='initiator' name='a-file-offer' senders='initiator'> > > <description xmlns='urn:xmpp:jingle:apps:encrypted:file-transfer:0'> > > <!-- Encrypt entire file Element (#Element) --> > > <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"; > > Type="http://www.w3.org/2001/04/xmlenc#Element";> > > <EncryptionMethod > > Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> > > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> > > <KeyName>omemo</KeyName> > > </KeyInfo> > > <CipherData> > > > > <CipherValue>/7VSyS4tbcfsq7JYhZRgQE8bNkiyUJKi68FdmdoA2PIRjGumbfI35X2om/ > 4mbfHteCAEBATpsr/l/HvQf7GERGtvmuupNFh7reGeSWl8waj > wwYyfQi9BM6MfjZKi8D9Q94FhWz2p0LMVEjduI9svzKOf/ > uLI3JolK39nH70ezvyYebybpasDxC51SypmVU1p</CipherValue> > > </CipherData> > > </EncryptedData> > > </description> > > </content> > > </jingle> > > </iq> > > > > Or, if you just want to encrypt only parts of the <file> (e.g. not the > hash) > > > > <iq> > > <encrypted xmlns='urn:xmpp:omemo:0'> > > <header sid='27183'> > > <key rid='31415'>BASE64ENCODED...</key> > > <key rid='12321'>BASE64ENCODED...</key> > > ... > > </header> > > </encrypted> > > <jingle xmlns='urn:xmpp:jingle:1' > > action='session-initiate' > > initiator='romeo@montague.example/dr4hcr0st3lup4c' > > sid='851ba2'> > > <content creator='initiator' name='a-file-offer' senders='initiator'> > > <description xmlns='urn:xmpp:jingle:apps:encrypted:file-transfer:0'> > > <file> > > <hash xmlns='urn:xmpp:hashes:2' > > algo='sha-1'>w0mcJylzCn+AfvuGdqkty2+KP48=</hash> > > > > <!-- Encrypt only part of file content (#Content) --> > > <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"; > > Type="http://www.w3.org/2001/04/xmlenc#Content";> > > <EncryptionMethod > > Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> > > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> > > <KeyName>omemo</KeyName> > > </KeyInfo> > > <CipherData> > > > > <CipherValue>/7VSyS4tbcfsq7JYhZRgQE8bNkiyUJKi68FdmdoA2PIRjGumbfI35X2om/ > 4mbfHteCAEBATpsr/l/HvQf7GERGtvmuupNFh7reGeSWl8waj > wwYyfQi9BM6MfjZKi8D9Q94FhWz2p0LMVEjduI9svzKOf/ > uLI3JolK39nH70ezvyYebybpasDxC51SypmVU1p</CipherValue> > > </CipherData> > > </EncryptedData> > > </file> > > </description> > > </content> > > </jingle> > > </iq> > > > > KeyInfo could be used to distinguish where the key material is coming > > from for encryption (e.g. OMEMO element at the top of the IQ). > > > > I'm not saying xmlenc is very elegant, and it's very broad, but it has > > the advantage that you may get an implementation for free in your > > language? It might need some restricting of possible algorithms/keys/... > > for clients that need to implement this themselves if they don't have > > xmlenc available. > > > > Remko > > > > > > _______________________________________________ > > Standards mailing list > > Info: https://mail.jabber.org/mailman/listinfo/standards > > Unsubscribe: standards-unsubscr...@xmpp.org > > _______________________________________________ > > > > _______________________________________________ > Standards mailing list > Info: https://mail.jabber.org/mailman/listinfo/standards > Unsubscribe: standards-unsubscr...@xmpp.org > _______________________________________________ >
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________
