%ents; ]>
Encryption for stateless file sharing This specification provides a protocol for sharing encrypted files using the stateless file sharing protocol (XEP-0447). &LEGALNOTICE; 0448 Experimental Standards Track Standards Council XMPP Core XEP-0001 XEP-0447 esfs &larma; 0.2.0 2022-07-17 lmw
  • Replace the ProtoXEP reference with a reference to the published XEP.
  • Add urn:xmpp:ciphers:aes-256-cbc-pkcs7:0 (same as used in XEP-0384).
0.1.0 2020-11-24 XEP Editor (jsc) Accepted by vote of Council on 2020-11-18. 0.0.1 2020-11-10 lmw

First draft.

End-to-end encrypted messaging is a popular feature within the community. Various protocols like &xep0373; or &xep0384; have been proposed to allow sending encrypted messages. &xep0343; and &xep0391; specify protocols for establishing an encrypted transport using Jingle to share files using &xep0234;.

&xep0447; describes a protocol that can be used to share files, previously uploaded using &xep0363;, but lacks means of encrypting files. This leaves files uploaded using &xep0363; without any standardized means of encrypting them.

This XEP describes a protocol building on top of &xep0447; to allow encrypting files.

This protocol is only meaningful for end-to-end encrypted file sharing when transported as end-to-end encrypted XML, like it's possible using &xep0420;. However, usage without such end-to-end encryption still has its usecase, as it allows sharing files through untrusted intermediaries for as long as the intermediary XMPP servers, if any, are trusted.

Note: To make the examples in this document more readable, no end-to-end encryption is used.

Before sharing the file, the sending entity MUST create random symmetric private key and initialization vector (IV) as required by the selected encryption cipher (see Ciphers). The file is then encrypted using selected encryption cipher and the generated key and IV. After this it can be uploaded using &xep0363; or prepared for any other means of file sharing.

The file is then shared using the protocol described in &xep0447;. The <file/> metadata element still refers to the original file, i.e. it describes the original file name, size and hashes. The <size/> element and one or multiple <hash/> elements are REQUIRED when sending encrypted files.

For the encrypted file, a source is added as an <encrypted/> element to the <sources/>. It carries an attribute cipher with the namespace of the encryption cipher being used. The <encrypted/> element contains a <key/> and an <iv/> element, containing both values as Base64-encoded strings. The <encrypted/> element MAY also include <hash/> elements as described in &xep0300;, referring to the hash of the encrypted file. At last, the <encrypted/> element also includes another <sources/> element as described in &xep0447;, specifying sources to obtain the encrypted file. The outer <sources/> may contain additional sources that directly allow for end-to-end encrypted file transfers, for example &xep0234; using &xep0391;.

image/jpeg summit.jpg 3032449 4096x2160 2XarmwTlNxDAMkvymloX3S5+VbylNrJt/l5QyPa+YoU= 2AfMGH8O7UNPTvUVAM9aK13mpCY= Photo from the summit. SuRJ2agVm/pQbJQlPq/B23Xt1YOOJCcEGJA5HrcYOGQ= T8RDMBaiqn6Ci4Nw BgKI2gp2kNCRsARNvhFmw5kFf9BBo2pTbV2D8XHTMWI= id4cnqqy9/ssfCkM4vYSkiXXrlE= ]]>

On receive of a message including a <file-sharing/> element, that has an <encrypted/> element in its sources, normal processing as described in &xep0447; applies.

When the receiving entity tries to obtain the file from the source described by the <encrypted/> element, it will try to obtain any of its inner sources instead. On success, it decrypts the obtained file using the encryption cipher, private key and IV provided. If the resulting file is larger than the number of bytes specified in the <size/> metadata element, the additional bytes are cut off.

The protocol to attach a source described in &xep0447; can also be used to attach encrypted sources. After receiving a file using encrypted means, it is RECOMMENDED to only attach additional sources that support encryption.

Note The following table was copied from &xep0391;.

In order to encrypt the file, the sending entity must transmit a cipher key to the responder. There are multiple options available:

Namespace Type Length (bits) Parameters
urn:xmpp:ciphers:aes-128-gcm-nopadding:0 AES Key: 128, IV: 96 GCM/NoPadding
urn:xmpp:ciphers:aes-256-gcm-nopadding:0 AES Key: 256, IV: 96 GCM/NoPadding
urn:xmpp:ciphers:aes-256-cbc-pkcs7:0 AES Key: 256, IV: 128 CBC/PKCS#7

For compatibility reasons, it is RECOMMENDED to append the GCM authentication tag to the uploaded file when using any AES cipher with GCM. The GCM authentication tag is not needed when using the protocol described in this document as a hash of the resulting file is transported independently.

Yes.

This document requires no interaction with &IANA;.

The ®ISTRAR; includes 'urn:xmpp:esfs:0' in its registry of protocol namespaces (see &NAMESPACES;).

  • urn:xmpp:esfs:0