RepoMirrors/kill9
1
0
Fork 0
mirror of git://git.qorg11.net/kill9.git synced 2025-02-17 05:38:09 +00:00
Code Issues Projects Releases Wiki Activity

Added info about omemo upload files

Browse Source
This commit is contained in:
qorg11 2020-12-31 22:40:03 +01:00
parent cfd0205a95
commit 47b32500fc
No known key found for this signature in database
GPG Key ID: 343FC20A4ACA62B9
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
harmful/software/xmpp.md
View File

@ -20,3 +20,21 @@ thankfully, new clients are adding some "verified" keys, and it will
warn you when a message was send from an untrusted key, or you'll warn you when a message was send from an untrusted key, or you'll
simply won't recieve messages from untrusted keys simply won't recieve messages from untrusted keys
## File encryption
When you upload something using http_upload using omemo, the file is
encrypted, but using AES *symmetric* cryptography, rather than
recipient's public key and your public key. As it is symmetric
cryptography the passphrase is stored somewhere else, in this case, it
is stored **in the URI**. Meaning that if an attacker could get the
URI you've sent, they could get the file.
Obviously, this is not likely to happen because the message with the
URI is encrypted with TLS and OMEMO, but I think the file should've be
encrypted with recipient's public key.
The reason of this (i think) is that so you can use another tools to
download omemo files. Like omemo-wget.
Anyways, if you want to share files and get encrypted on-the-go you
can always use pgp.