I see that there are some old messages from a few years ago regarding encryption of file transfers through openfire.
However, there doesn’t seem to be any recent news on this front.
Are file transfers still unencrypted? I believe Spark/Openfire use Socks5 proxy for file transfers (port 7777).
I know that OTR doesn’t support end to end file transfer encryption (only chat), but I believe there are 2 possible ways around this:
Enable SSL/TLS on the socks server at port 7777 on the opnefire server (is this possible?).
Take advantage of XTLS and incorporate it into openfire and smack, like Gajim has done with its jinlge encrypted file transfer.
Solution 1 may be the easiest to implement although not totally secure since the server can always intercept the files. Still, it is much better than having your sensitive files transit in clear text through the internet.
Solution 2 would be ideal since it allows for end to end encryption with no worries about MiTM.
Anyone know what the status and/or plans are in this regard? I really love openfire and smack but, for me, secure file transfers are a must.
It doesn’t make much sense to encrypt chat but leave file transfers in the clear.