Goal: low-complexity minimal E2EE library for modern XMPP use cases
Design decisions:
Notation: [b64-xyz]
is the url-safe base64 encoding of xyz
Input:
<message from="bare" to="bare">
<delay .../>
<body>Look at my yak!</body>
<oob url="...yakpic..."/>
</message>
Encryption:
nonce = randombytes_buf(sizeof nonce)
box = crypto_box(msg, nonce, recipient_pk, my_sk)
<message to="recipient">
<box xmlns="urn:xmpp:sex:0" nonce="[b64-nonce]">
[b64-box]
</box>
</message>
Decryption:
msg = crypto_box_open(box,nonce,sender_pk,my_sk)
Encryption:
nonce = randombytes_buf(sizeof nonce)
key = crypto_secretbox_keygen()
sbox = crypto_secretbox_easy(msg, nonce, key)
keynonce[i] = randombytes_buf(sizeof keynonce[i])
keybox[i] = crypto_box(key, keynonce[i], recipient_pk[i], my_sk)
<message to="groupchat">
<multibox xmlns="urn:xmpp:sex:0">
<keybox nonce="[b64-keynonce[0]]">[b64-keybox[0]]</keybox>
...
<keybox nonce="[b64-keynonce[N]]">[b64-keybox[N]]</keybox>
<box nonce="[b64-nonce]">
[b64-sbox]
</box>
</multibox>
</message>
Decryption:
TODO
The key exchange is an optional protocol to reliably transmit a given secret token between two devices. A possible use case is “masturbation”: synchronize your private key from one of your devices to another (have SEX with yourself).
Goal:
There are two entities, “client” and “server” (in libsodium parlance):
Protocol flow:
crypto_kx_keypair(server_pk, server_sk)
crypto_kx_keypair(client_pk, client_sk)
xmpp:serveruser@domain/resource;sex=[b64-server_pk]
crypto_kx_client_session_keys(client_rx, client_tx, client_pk, client_sk, server_pk)
keynonce = randombytes_buf(sizeof keynonce)
keybox = crypto_secretbox_easy(user_pk, keynonce, client_tx)