Glacier Messenger 2.3.1 (iOS) introduces group file pinning; allowing users and organizations to upload documents that are only accessible to users within that group.
Uploaded files that are “pinned” to a room, don’t expire, and can be listed/retrieved by the group occupants. The files are encrypted by the server during upload. While browsing the attachments, the client receives the key material necessary to decrypt them.
To retrieve the list of attachments the client queries the list of files attached to a given room by sending an IQ-get to the group.
The server responds with an IQ-result that contains the attachments, each with url, cipher, key, iv, and tag attributes. The url attribute points to the HTTPS URL of the encrypted file, the cipher hard-coded to AES-256-GCM, and the remaining three attributes contain the key material required to decrypt the downloaded file. During the upload process the file is encrypted using AES-256 GCM before storing it.