comparison doc/jp/encryption.rst @ 3041:72583524cfd3

doc (jp): jp commands are now fully documented: rel 232
author Goffi <goffi@goffi.org>
date Tue, 01 Oct 2019 22:49:06 +0200
parents
children 92f8baec5e4f
comparison
equal deleted inserted replaced
3040:fee60f17ebac 3041:72583524cfd3
1 ========================================
2 encryption: encryption sessions handling
3 ========================================
4
5 Salut à Toi being an XMPP client does encryption by default between client and server. In
6 addition, SàT is also capable of doing end-to-end (e2e) encryption, meaning that the
7 payload of messages are encrypted to be hidden from the servers (and their
8 administrators). The ``encryption`` commands are here to handle those e2e encryption
9 sessions and algorithms.
10
11 .. note::
12
13 For the moment, only one 2 one chat messages can be e2e encrypted
14
15 algorithms
16 ==========
17
18 Display e2e encryption algorithms available in this instance of Salut à Toi.
19
20 example
21 -------
22
23 Show available e2e algorithms::
24
25 $ jp encryption algorithms
26
27 get
28 ===
29
30 Display which encryption session is currently active with the given entity.
31
32 The only required argument is the JID of the entity.
33
34 If not e2e encryption session exist, a message will be displayed and jp will exit with a
35 non zero code: this means that the messages are in clear in the XMPP servers, but normal
36 XMPP encryption is not affected (message should still be encrypted between client and
37 server and between servers).
38
39 If an e2e encryption session exist, you'll see the algorithm name and its namespace. In
40 case of e2e encryption which only works from device to device (e.g. it's the case with
41 ``OTR`` which doesn't support multiple devices), you'll also see the resources of the
42 devices where the encryption is active in ``directed_devices``
43
44 example
45 -------
46
47 Check if session is encrypted with Louise::
48
49 $ jp encryption get louise@example.org
50
51 start
52 =====
53
54 Start e2e session with an entity.
55
56 You need to specify the JID of the entity you want to start a session with as a positional
57 argument.
58
59 By default, SàT will select itself the algorithm to use among those available, but you can
60 specify one using either its name with ``-n NAME, --name NAME`` or its namespace using
61 ``-N NAMESPACE, --namespace``. ``NAME`` is the short name of the algorithm, e.g. ``omemo``
62 while the namespace is the longer (e.g. ``urn:xmpp:otr:0``).
63
64 If an encryption session is started but one with an other algorithm was already there, the
65 original session will be stopped and replaced by one with the new requested algorithm. You
66 can change this behaviour by using ``--encrypt-noreplace``: in this case the command will
67 fail in case of conflict (e2e encryption is requested with a new algorithm while an e2e
68 encryption session was already started with an other algorithm), and return a non-zero
69 code. If an e2e encryption session was already started with the requested algorithm, the
70 command will succeed in all cases an nothing will be changed.
71
72 examples
73 --------
74
75 Start e2e encryption with Pierre, using the algorithm selected by SàT::
76
77 $ jp encryption start louise@example.net
78
79 Start an OMEMO session with Louise::
80
81 $ jp encryption start -n omemo louise@example.org
82
83 stop
84 ====
85
86 Terminate an e2e session with given entity. The entity must be specified as positional
87 argument.
88
89 After this command is run, the messages with specified entity will not be e2e encrypted
90 anymore (but this won't affect encryption between SàT and XMPP server and between XMPP
91 servers).
92
93 example
94 -------
95
96 Stop the e2e encryption session with Pierre::
97
98 $ jp encryption stop pierre@example.net
99
100 trust ui
101 ========
102
103 Run the user interface to handle trust with given entity and given algorithm. The user
104 interface depends of the algorithm used, but it generally shows you the fingerprints
105 associated with your contact or contact devices, and asks you if you trust them or not.
106
107 The only mandatory argument is the jid of your contact.
108
109 By default the currently active encryption session algorithm is used, but you may manage
110 trust for an other algorithm by using ``-n NAME, --name NAME`` or ``-N NAMESPACE,
111 --namespace NAMESPACE``.
112
113 .. note::
114
115 Trusting a contact or a device means that you certify that this contact or device is
116 the one you want to talk too. You should not trust a device if you have not verified by
117 an external channel (i.e. not XMPP) the fingerprint. The best way is to verify the
118 fingerprint physically if possible (i.e. in front of your contact, not with computer
119 networks in the middle).
120
121 example
122 -------
123
124 Manage ``OMEMO`` trust with Louise devices::
125
126 $ jp encryption trust ui -n omemo louise@example.org