OMEMO is an XMPP Extension Protocol (XEP) for secure multi-client end-to-end encryption. It is an open standard based on a Double Ratchet and PEP which can be freely used and implemented by anyone. The protocol has been audited by a third party.
The OMEMO encryption /oˈmiːmoʊ/ (OMEMO Multi-End Message and Object Encryption) gives you all the advantages you would expect from a modern-day encryption protocol like Future and Forward Secrecy and deniability while allowing you to keep the benefits of message synchronization and offline delivery.
OMEMO not only gives you a better encryption features than OpenPGP and OTR but is also much easier to setup. OMEMO is the encryption you can actually use in your daily life. Turn it on once and forget you ever did.
With OMEMO you no longer trust user identities but device identities. If you are communicating with a contact for the first time or if that contact recently got a new device, you will be presented with a fingerprint for that device. You can then either verify that fingerprint out of band (for example via a quick phone call) or, if you are reasonably sure that your transport is secure (for instance if you are chatting on the same, trusted server), you can choose to trust a device on first use. If you have trusted devices of your contact in the past you can also use those devices as a secure channel to verify the fingerprint of a new device by having your contact verify the fingerprint via chat.
OMEMO uses a Double Ratchet to establish secure sessions between every combination of devices for you and your contact. Those sessions are then being used to communicate secure keys to all devices. OMEMO will generate a new key for every message. That key is used to encrypt your message with AES-GCM. The long-lived Double Ratchet sessions in the background deal with the challenges of message reordering, message loss and accidental duplication.
Being built upon PEP (Personal Eventing Protocol) to announce the pre-keys used by the Double Ratchet to establish new sessions, OMEMO requires little to no change to the existing XMPP server infrastructure.
Finally I can send encrypted messages to someone who is currently offline, uses mulitple clients and simultaneously receive a copy of that message on all of my devices.
It even works for images and other files.
No changes were required on our server infrastructure.
|Offline Messages / Backlog 5||Yes||Yes||No||Yes|
|File Transfer||Yes||No 1 2||No 1||Yes|
|Forward Secrecy 3||No||No||Yes||Yes|
|Server side archive 3 5||Yes||Yes||No||No|
|Per Message Overhead||High||High||Low||Medium 4|
1 Not standardized
2 Can fallback to regular OpenPGP
3 The traits server-side archive and forward secrecy are mutually exclusive
4 Overhead increases linearly with number of devices
5 Backlog is the messages you receive on a device that were sent while the device was offline temporarily.
Server-side archive is all messages that were sent before that device ever existed.
Copyright 2014–2017 Daniel Gultsch