Encrypted file and directory transfer

When using chat clients that support encrypted communication, people will generally assume that transfer of files and directories is also encrypted. We have seen this innumerable times. But sadly, even if you are using OTR, these transfer mechanisms will send the data in a completely unprotected form. Sometimes, the connection for sending the files will not even be done using transport security, leaving the content completely open to the whole world to see. When working with sensitive material, this is simply not acceptable. In many communities where people are away of this limitation, the workaround is to use a separate program to first encrypt the file with a password, and then send the file in a regular way, and the password over the encrypted commnuication channel. But this adds a lot of steps, can be complicated to get right, and is easy to forget.

For this reason, CoyIM will always try to first use an encrypted method to transfer files and directories. If that is not possible - for example, if the other person is using a client that doesn’t support this method - CoyIM will warn very clearly about the lack of encryption before sending anything.

When we started the work of developing this feature, we tried to find existing standards for how to do it. However, this doesn’t seem to exist in the XMPP community. So we developed our own method, based on standard techniques. We are actively working to publish this method as a standard as well, so that other communities can also have support for this powerful technique.

Technically speaking, this method is an extension of Stream Initiation - XEP-0095 and SI File Transfer - XEP-0096. CoyIM adds two new SI profiles, called http://jabber.org/protocol/si/profile/encrypted-data-transfer and http://jabber.org/protocol/si/profile/directory-transfer. The latter is a convenience method that will pack up a directory and optionally encrypt it for sending. If the other party supports these methods, that means we can send something encrypted. If a user wants to send a directory, but the other side doesn’t support this SI profile, CoyIM will simply pack the directory in a zip-file and send that file using the regular SI File Transfer profile. The sending of the actual data will be done using the bytestreams - XEP-0065 method if possible, but can also fall back on using IBB - XEP-0047. Before sending, a 16 byte IV will be generated. Then, the Extra Symmetric Key feature of OTR is used to generate an encryption key and a MAC key. The data will be encrypted using AES-128 with the CTR cipher mode, and a HMAC-SHA-256 tag will be calculated and sent for the data. Once the transfer is done, the MAC key will be revealed. With this combination of features, the file transfer will retain the deniability properties of the original OTR channel.

From the users perspective, all of this should be completely transparent. CoyIM will simply send data in an encrypted format if it’s possible, and otherwise warn the user. This is something that radically increases the security and privacy of the chat client community, and an innovation we hope that others will adopt as well.