- &xep-sfs; describes a protocol that can be used to share files, previously uploaded using &xep0363;, but lacks means of encrypting files. + &xep0447; describes a protocol that can be used to share files, previously uploaded using &xep0363;, but lacks means of encrypting files. This leaves files uploaded using &xep0363; without any standardized means of encrypting them.
-This XEP describes a protocol building on top of &xep-sfs; to allow encrypting files.
+This XEP describes a protocol building on top of &xep0447; to allow encrypting files.
- The file is then shared using the protocol described in &xep-sfs;. + The file is then shared using the protocol described in &xep0447;. The <file/> metadata element still refers to the original file, i.e. it describes the original file name, size and hashes. The <size/> element and one or multiple <hash/> elements are REQUIRED when sending encrypted files.
- For the encrypted file, a source is added as an <encrypted/> element to the <sources/>. It carries an attribute cipher with the namespace of the encryption cipher being used. The <encrypted/> element contains a <key/> and an <iv/> element, containing both values as Base64-encoded strings. The <encrypted/> element MAY also include <hash/> elements as described in &xep0300;, referring to the hash of the encrypted file. At last, the <encrypted/> element also includes another <sources/> element as described in &xep-sfs;, specifying sources to obtain the encrypted file. + For the encrypted file, a source is added as an <encrypted/> element to the <sources/>. It carries an attribute cipher with the namespace of the encryption cipher being used. The <encrypted/> element contains a <key/> and an <iv/> element, containing both values as Base64-encoded strings. The <encrypted/> element MAY also include <hash/> elements as described in &xep0300;, referring to the hash of the encrypted file. At last, the <encrypted/> element also includes another <sources/> element as described in &xep0447;, specifying sources to obtain the encrypted file. The outer <sources/> may contain additional sources that directly allow for end-to-end encrypted file transfers, for example &xep0234; using &xep0391;.
On receive of a message including a <file-sharing/> element, that has an <encrypted/> element in its sources, normal processing as described in &xep-sfs; applies.
+On receive of a message including a <file-sharing/> element, that has an <encrypted/> element in its sources, normal processing as described in &xep0447; applies.
When the receiving entity tries to obtain the file from the source described by the <encrypted/> element, it will try to obtain any of its inner sources instead. On success, it decrypts the obtained file using the encryption cipher, private key and IV provided. @@ -119,7 +124,7 @@ Note to editor: Remove xep-sfs entity declared below and change all references f
- The protocol to attach a source described in &xep-sfs; can also be used to attach encrypted sources. + The protocol to attach a source described in &xep0447; can also be used to attach encrypted sources. After receiving a file using encrypted means, it is RECOMMENDED to only attach additional sources that support encryption.
For compatibility reasons, it is RECOMMENDED to append the GCM authentication tag to the uploaded file when using any AES cipher with GCM. The GCM authentication tag is not needed when using the protocol described in this document as a hash of the resulting file is transported independently.