Conversation

Notices

1. Embed this notice
   👺防空識別區👹 (adiz@mtl.jinxian.casa)'s status on Wednesday, 14-May-2025 03:20:38 JST 👺防空識別區👹

   • feld
   • m0xEE
   • pwm

   @m0xEE Yeah, media/files sent over HTTP with OMEMO are aesgcm://. @pwm @feld

   • Embed this notice
     👺防空識別區👹 (adiz@mtl.jinxian.casa)'s status on Wednesday, 14-May-2025 03:20:36 JST 👺防空識別區👹

     in reply to

     • feld
     • m0xEE
     • pwm

     @m0xEE You decrypt it locally with a key shared with the file. The file on the server is not secure by itself; It can be downloaded by anyone who knows the URL. ---However, the file is encrypted, and only someone with the key (sent via OMEMO-encrypted XMPP message) can decrypt it. @pwm @feld

     feld likes this.
   • Embed this notice
     m0xEE (m0xee@nosh0b10.m0xee.net)'s status on Wednesday, 14-May-2025 03:20:38 JST m0xEE

     in reply to

     • feld
     • pwm
     @adiz@mtl.jinxian.casa
     I'm just not that knowledgeable about XMPP and not sure what that means 🤪
     Does this mean that the URL is encrypted or that the file has to be downloaded and then decrypted with a key sent over XMPP?
     
     @pwm@darkdork.dev @feld@friedcheese.us
     
   • Embed this notice
     m0xEE (m0xee@nosh0b10.m0xee.net)'s status on Wednesday, 14-May-2025 03:28:08 JST m0xEE

     in reply to

     • feld
     • m0xEE
     • pwm
     @adiz@mtl.jinxian.casa @pwm@darkdork.dev @feld@friedcheese.us
     Ah, I think I've found it: https://xmpp.org/extensions/xep-0448.html
     Yeah, the key seems to be sent over XMPP separately, making HTTP traffic useless even if intercepted. Good enough!