Frequently Asked Questions

This is an excellent question that addresses critical security concerns:

Recommendations for Private Keys:

• Controlled Environment: Private room without untrusted devices, disable Alexa/Google Home, close doors and windows
• Strong Password: Minimum 16 characters with mixed case, numbers, and symbols
• Double Encryption: Encrypt the key file before using SonarLink for critical keys
• Verify HMAC: Always ensure HMAC verification passes 100%

Safer Alternatives for Critical Keys: QR Code mode (screen-to-screen, harder to intercept), USB with encryption, or split secrets (divide into 3 parts, send separately).

SonarLink v1.0 does not include QR code functionality. However, you can use external tools for visual transmission:

Advantages of Audio (SonarLink built-in):

• ✅ Covert transmission - harder to detect
• ✅ Works through walls/barriers
• ✅ No line-of-sight required
• ✅ All-in-one tool (encryption + transmission)

Advantages of QR codes (external tools):

• ✅ 10-40x faster transmission
• ✅ 100% reliability
• ✅ Works in noisy environments
• ✅ Can save QR image for later use

Note on File Transfer via QR Codes: QR codes can hold only up to ~3 KB of data, and under 1 KB is recommended for reliable scanning. They work well for small, offline (air-gapped) transfers, such as keys or short text files. For larger files, include an external link in the QR code, which can be used to download the file.

Recommended approach: Use SonarLink audio for small files (<50KB) or when cameras aren't available. For larger files or when speed matters, encrypt with SonarLink and transfer via external tools.

Yes, with proper procedures. SonarLink's encryption is secure, but corporate use requires additional considerations:

Corporate Best Practices:

• Document all transfers with audit trails
• Use in physically secure locations only
• Enforce strong password policies (16+ characters)
• Implement verification procedures
• Consider compliance requirements (GDPR, HIPAA, etc.)

For ultra-sensitive data: Consider dedicated enterprise file transfer systems with full audit capabilities.

Acoustic transmission has inherent physical limitations:

Current Limitations:

• Speed: ~2.5 minutes for 20KB file (significantly slower than network)
• Reliability: ~39% success rate, heavily dependent on environment
• Distance: Optimal range <1 meter, maximum ~3 meters
• Environment: Requires quiet space for best results
• File Size: Practical limit ~100KB (larger files take too long)

When Acoustic Transfer Makes Sense:

• ✅ No network available or desired
• ✅ Air-gapped systems that cannot connect
• ✅ Small files (<50KB)
• ✅ Security priority over speed
• ✅ Covert operations where visual transfer is risky

Alternative Methods for Larger Files:

• Network transfer: When speed is critical and security permits
• USB drives: For larger files in air-gapped environments
• External QR tools: 10-40x faster for visual transmission

Bottom line: Acoustic transmission is a specialized tool for specific use cases, not a general-purpose file transfer solution.

Phone Calls: ❌ NOT recommended

• Telephone codecs compress audio aggressively
• Frequencies are cut (typically 300-3400 Hz)
• Variable latency and packet loss
• Quality insufficient for reliable decoding

Better Alternative: Send as voice message (WhatsApp, Telegram, Signal) - these send as audio files without real-time compression.

Your Situation	Best Method	Why
🏢 Office, need speed	Network/USB	Much faster for routine work
🔒 Air-gapped systems	SonarLink Audio	No physical media needed
✈️ No network available	SonarLink Audio	Works offline anywhere
🎙️ Under surveillance	SonarLink Audio	Covert, no visual trace
💻 Small config files	SonarLink Audio	Perfect for <20KB files
📦 Large files (>100KB)	USB/Network	Audio too slow
🛂 Border crossing	SonarLink Audio	Nothing to confiscate
📱 Quick document share	Network/Email	Convenience over security

Key principle: Use SonarLink when security, offline capability, or air-gap compliance outweigh the need for speed.

Yes, this is a real risk with audio transmission. A corrupted private key is completely unusable.

Solutions & Best Practices:

1. Test Immediately:

• Transmit the key
• Verify it immediately (try to use it)
• If it works, you know it's valid
• If it fails, retransmit while conditions are still good

2. Optimal Environment:

• Silent room with minimal background noise
• Devices very close (<1 meter)
• Volume at 60-80%
• Quality speakers and microphones

3. Multiple Backups:

• Transmit 2-3 times
• Save all versions
• Use the first one that verifies successfully

The 39% success rate in v1.0 is affected by several environmental and protocol factors:

Main Factors:

• Environmental Noise: Background sounds interfere with acoustic transmission
• Distance: Success rate drops significantly beyond 1 meter
• Audio Hardware: Poor microphone/speaker quality affects decoding
• Reflections: Echo and room acoustics cause interference
• Volume Settings: Too low or too high reduces reliability
• Battery/Power: Devices throttling performance can affect transmission

Excellent Use Cases:

Technically yes, but not recommended in v1.0.

For Large Files:

• Use traditional encrypted USB drives or secure network transfer for files >100KB
• Audio mode becomes impractical beyond 50KB due to time and error probability
• Consider splitting files manually if acoustic transfer is required

Times are based on text files with ~60% compression ratio:

File Size	Audio Transmission	Network (for comparison)
100 bytes	9 seconds	<1 second
1 KB	16 seconds	<1 second
5 KB	43 seconds	<1 second
10 KB	1 min 17 sec	<1 second
20 KB	2 min 25 sec	1-2 seconds
50 KB	5 min 49 sec	2-3 seconds

Note: Already compressed files (JPG, ZIP, MP3) compress poorly and will take longer than estimated times.

Best Performance (Good Compression):

• ✅ Text files (.txt, .log, .csv)
• ✅ Source code (.py, .js, .java, .c)
• ✅ Configuration files (.conf, .ini, .yaml, .json)
• ✅ SSH keys and certificates
• ✅ HTML, CSS, XML files

Poor Performance (Already Compressed):

• ⚠️ Images (JPG, PNG, GIF)
• ⚠️ Videos (MP4, AVI, MKV)
• ⚠️ Archives (ZIP, RAR, 7Z)
• ⚠️ Audio files (MP3, AAC, FLAC)
• ⚠️ Compressed documents (DOCX, PDF)

Why the difference? SonarLink uses gzip compression. Text-based files compress well (~60%), but already-compressed files won't shrink much, leading to longer transmission times.

Immediate Fixes:

A .corrupted file indicates that the transmission was incomplete or tampered with.

What Happened:

• One or more audio chunks were lost or corrupted during transmission
• HMAC verification failed, indicating data integrity issues
• The file was saved with .corrupted extension to alert you

What To Do:

1. Don't use the corrupted file - it may be incomplete or tampered
2. Improve transmission conditions:
   • Move to quieter environment
   • Reduce distance between devices
   • Adjust volume settings
3. Retry the transmission with better conditions
4. Consider QR mode if audio continues to fail

Yes! SonarLink automatically verifies every transmission using HMAC-SHA256.

Automatic Verification:

• Every received file is checked with HMAC-SHA256
• If verification passes → file is saved with original name and is safe to use
• If verification fails → file is saved as .corrupted and should not be used

Manual Verification (for critical files):

1. After transmission completes successfully
2. Immediately test the file (e.g., try to use an SSH key)
3. If it works, you have confirmed the transfer was successful
4. If it doesn't work, retransmit immediately

Best Practice: For critical transfers (private keys, certificates), always perform a functional test immediately after receiving the file.