OMEMO Multi-End Message and Object Encryption

OMEMO is an XMPP Extension Protocol (XEP) for secure multi-client end-to-end encryption. It is an open standard based on a Double Ratchet and PEP which can be freely used and implemented by anyone. The protocol has been audited by a third party.

Benefits

The OMEMO encryption /oˈmiːmoʊ/ (OMEMO Multi-End Message and Object Encryption) gives you all the advantages you would expect from a modern-day encryption protocol like Future and Forward Secrecy and deniability while allowing you to keep the benefits of message synchronization and offline delivery.

OMEMO not only gives you a better encryption features than OpenPGP and OTR but is also much easier to setup. OMEMO is the encryption you can actually use in your daily life. Turn it on once and forget you ever did.

OMEMO is available right now in the Android XMPP-Client Conversations (Buy on Google Play), the iOS client ChatSecure, or as a plugin for the Desktop client Gajim.

Device Trust

With OMEMO you no longer trust user identities but device identities. If you are communicating with a contact for the first time or if that contact recently got a new device, you will be presented with a fingerprint for that device. You can then either verify that fingerprint out of band (for example via a quick phone call) or, if you are reasonably sure that your transport is secure (for instance if you are chatting on the same, trusted server), you can choose to trust a device on first use. If you have trusted devices of your contact in the past you can also use those devices as a secure channel to verify the fingerprint of a new device by having your contact verify the fingerprint via chat.

Background

OMEMO uses a Double Ratchet to establish secure sessions between every combination of devices for you and your contact. Those sessions are then being used to communicate secure keys to all devices. OMEMO will generate a new key for every message. That key is used to encrypt your message with AES-GCM. The long-lived Double Ratchet sessions in the background deal with the challenges of message reordering, message loss and accidental duplication.

Being built upon PEP (Personal Eventing Protocol) to announce the pre-keys used by the Double Ratchet to establish new sessions, OMEMO requires little to no change to the existing XMPP server infrastructure.

Find more information in XEP-0384: OMEMO Encryption.

Finally I can send encrypted messages to someone who is currently offline, uses mulitple clients and simultaneously receive a copy of that message on all of my devices.

A happy user

It even works for images and other files.

A pleasantly surprised user

No changes were required on our server infrastructure.

A lazy System Administrator

Feature Comparison

# OpenPGP OX OTR OMEMO
Multiple Devices Yes Yes No Yes
Offline Messages / Backlog 5 Yes Yes No Yes
File Transfer Yes No 1 2 No 1 Yes
Verifiability No Yes Yes Yes
Deniability Yes No Yes Yes
Forward Secrecy 3 No No Yes Yes
Server side archive 3 5 Yes Yes No No
Per Message Overhead High High Low Medium 4

1 Not standardized

2 Can fallback to regular OpenPGP

3 The traits server-side archive and forward secrecy are mutually exclusive

4 Overhead increases linearly with number of devices

5 Backlog is the messages you receive on a device that were sent while the device was offline temporarily.
Server-side archive is all messages that were sent before that device ever existed.


Copyright 2014–2019 Daniel Gultsch