What's new in v0.4 - Encrypted file and directory transfer

Feb 14, 2022

Outside of sending and receiving messages from other people, one of the most common things you might want to do in a messenger is to send files of different kinds. And of course, if you are using a messenger client that allows you to encrypt all your communication, you would also imagine that you should be able to send files and directories in a safe and secure way. Sadly, the protocols used in CoyIM (primarily XMPP) does not have good support for sending encrypted content. And there exists no standard for how to encrypt files and directories using OTR. So, CoyIM did not actually support any kind of file transfer for a long time. The reason for this was that we did not want to add an insecure way of sending files and directories, and in that way fooling our users - especially not when there exists ways of doing it that should be compatible with XMPP.

Many of the clients that support OTR also had support for file transfer. But without warning to the user, the files would be transferred completely in the clear. I myself, and many other security conscious individuals, had to come up with a method where we first encrypted the file with an outside program, such as GPG, and then send this encrypted file, and finally sent the key in the main conversation window, making sure it was encrypted. But we could only use this method because we know what we were doing. This kind of approach is simply not possible for most people, leaving a dangerous security hole in most desktop clients.

In the new version of CoyIM, version 0.4 - which is coming in February 2022, we have added complete support for sending files. But not only that, we also allow the transfer of directories. That might not sound very revolutionary, but none of the existing desktop clients allow you to do this. If you are talking to a person on another client, that does not support the transfer of directories, CoyIM will automatically create a zip file with the content of the directory, and send that. In this way, even a person that does not have a client that supports directories can still receive them - and the hassle of having to do the operations manually is removed.

CoyIM uses XMPP for chat, and we use the same protocol to implement file transfer, which means that it is compatible with other clients that support file transfer. We have one slow method (known as IBB) which all clients and servers will support, but we also support a significantly faster method for transfer called bytestream proxies. This method will only be used if the server supports it. But all of this is completely transparent to the user. CoyIM will choose the right method to use. One additional detail - some clients have trouble with their implementation of bytestream proxies - so that you might end up revealing your own IP address by using this feature. In CoyIM we still use Tor for this transfer, avoiding this kind of risk as well.

If you know anything about XMPP, you might be aware that there exists two completely different ways of doing file transfer. The old method is called Stream Initiation (SI) and the new one is called Jingle. In CoyIM we decided to implement Stream Initiation, and not Jingle. This might sound like a weird choice - why wouldn’t we use the new standard? The answer is simple: complexity. Jingle is a significantly more complex standard, and we would have to add much more code to support it. But we wouldn’t have gained any additional functionality compared to SI. So, as always with CoyIM, when we can choose to reduce the amount of complexity for a feature, we do it. If this choice would have meant that you would be restricted in what clients you could transfer files to, we might have made a different choice. But the truth is that all XMPP clients out there actually support Stream Initiation, so we are not limiting ourselves with this choice.

So what about encryption? Well, this is where things get a bit complex. As mentioned above, no-one seems to have made a client that supports file transfer with encryption using OTR. But this ended up being quite simple. Technically speaking, we use the “extra symmetric key” feature of OTR (which can be found in the “Extra symmetric key” section in the protocol description here: https://otr.cypherpunks.ca/Protocol-v3-4.1.1.html), which allows you at any point in a conversation to get key material that is derived from the current state of the conversation - and which the other side in the conversation can recover as well. This key can be used to encrypt material, and then the other side can decrypt it, using their copy of the symmetric key. In order to preserve all the security properties of OTR, we encrypt the file using AES in CTR mode, and then run an HMAC-SHA256 over the content. The AES key and the HMAC key are both derived from the symmetric key. Then, as a final step, we also reveal the MAC key, in order to retain deniability.

This might sound complicated. But the gist of it is that you can comfortable send and receive files and directories using CoyIM, and the material will be safe, secure and private in the same way. In fact, CoyIM will automatically recognize when it can use encryption to send material. And if it can’t, it will first warn the user and ask for confirmation that you want to send the material in the clear. Overall, the file transfer experience has been designed to be as easy to understand and use as possible. You shouldn’t have to work as a security professional to safely transfer files.

This feature is one of the most important ones in the new version of 0.4. It is something we are extremely proud of, and we urge you to try it out. At the same time, we want to give a word of warning. Don’t send files with other clients unless you are absolutely sure they do it in a safe and secure way.