Hello everyone.
I’m currently using OpenPGP encryption method for simple chats between clients over my OpenFire server. They use Gajim as their Windows XMPP client and Conversations app for their Android devices.
I’m already aware that OpenPGP is used to cipher/decipher messages passed between my clients, however, I wanted to know does this method of encryption also apply to audio/video calls and not just text/multimedia messages?
Thank you for your attention.
That will depend on the client. but AFAIK audio calls via Gajim are not encrypted(I might be wrong here). and Audio/video calls with Conversations are encrypted with DTLS. however for video calls to be completely 100% shielded you should ativate OMEMO between the clients doing the calls. Conversations have a mechanism that share the DTLS keys via OMEMO(if activated).
If thats not the case, it would be technically possible(improbable/unlikely, but still possible) for a XMPP server admin to MITM the call. Notice that only the XMPP server admin could possibly do that, in your case if you are your own admin you can relax. Calls will be encrypted.
Thank you.
So, does this mean regardless of which encryption method I use for chats in Conversations, it will automatically use DTLS over OMEMO if applicable?
My main concern is about the encryption method itself. If Conversations automatically encrypts call data without any interference, then I won’t bother setting up secret keys for OpenPGP.
All calls utilizing conversations will be encrypted with DTLS. However, if the callers do not utilize OMEMO—for instance, if they are using PGP or not encrypting text messages at all—the keys for the call will be exchanged without encryption. This includes scenarios where PGP is used. Consequently, there is a potential risk that a malicious administrator could intercept these keys and conduct a Man-in-the-Middle (MITM) attack. The risk is absolutely minimal. However exist, Then again if you are the server admin then there is nothing to worry about.