Mercurial > libervia-backend
comparison doc/libervia-cli/encryption.rst @ 3488:c80a0f864b5d
doc: updated doc following global renaming
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Sun, 21 Mar 2021 18:23:58 +0100 |
| parents | doc/jp/encryption.rst@92f8baec5e4f |
| children | 4705f80b6e23 |
comparison
equal
deleted
inserted
replaced
| 3487:75427f0a5445 | 3488:c80a0f864b5d |
|---|---|
| 1 ======================================== | |
| 2 encryption: encryption sessions handling | |
| 3 ======================================== | |
| 4 | |
| 5 Salut à Toi being an XMPP client does encryption by default between client and server. In | |
| 6 addition, SàT is also capable of doing end-to-end (e2e) encryption, meaning that the | |
| 7 payload of messages are encrypted to be hidden from the servers (and their | |
| 8 administrators). The ``encryption`` commands are here to handle those e2e encryption | |
| 9 sessions and algorithms. | |
| 10 | |
| 11 .. note:: | |
| 12 | |
| 13 For the moment, only one 2 one chat messages can be e2e encrypted | |
| 14 | |
| 15 algorithms | |
| 16 ========== | |
| 17 | |
| 18 Display e2e encryption algorithms available in this instance of Salut à Toi. | |
| 19 | |
| 20 example | |
| 21 ------- | |
| 22 | |
| 23 Show available e2e algorithms:: | |
| 24 | |
| 25 $ li encryption algorithms | |
| 26 | |
| 27 get | |
| 28 === | |
| 29 | |
| 30 Display which encryption session is currently active with the given entity. | |
| 31 | |
| 32 The only required argument is the JID of the entity. | |
| 33 | |
| 34 If not e2e encryption session exist, a message will be displayed and li will exit with a | |
| 35 non zero code: this means that the messages are in clear in the XMPP servers, but normal | |
| 36 XMPP encryption is not affected (message should still be encrypted between client and | |
| 37 server and between servers). | |
| 38 | |
| 39 If an e2e encryption session exist, you'll see the algorithm name and its namespace. In | |
| 40 case of e2e encryption which only works from device to device (e.g. it's the case with | |
| 41 ``OTR`` which doesn't support multiple devices), you'll also see the resources of the | |
| 42 devices where the encryption is active in ``directed_devices`` | |
| 43 | |
| 44 example | |
| 45 ------- | |
| 46 | |
| 47 Check if session is encrypted with Louise:: | |
| 48 | |
| 49 $ li encryption get louise@example.org | |
| 50 | |
| 51 start | |
| 52 ===== | |
| 53 | |
| 54 Start e2e session with an entity. | |
| 55 | |
| 56 You need to specify the JID of the entity you want to start a session with as a positional | |
| 57 argument. | |
| 58 | |
| 59 By default, SàT will select itself the algorithm to use among those available, but you can | |
| 60 specify one using either its name with ``-n NAME, --name NAME`` or its namespace using | |
| 61 ``-N NAMESPACE, --namespace``. ``NAME`` is the short name of the algorithm, e.g. ``omemo`` | |
| 62 while the namespace is the longer (e.g. ``urn:xmpp:otr:0``). | |
| 63 | |
| 64 If an encryption session is started but one with an other algorithm was already there, the | |
| 65 original session will be stopped and replaced by one with the new requested algorithm. You | |
| 66 can change this behaviour by using ``--encrypt-noreplace``: in this case the command will | |
| 67 fail in case of conflict (e2e encryption is requested with a new algorithm while an e2e | |
| 68 encryption session was already started with an other algorithm), and return a non-zero | |
| 69 code. If an e2e encryption session was already started with the requested algorithm, the | |
| 70 command will succeed in all cases and nothing will be changed. | |
| 71 | |
| 72 examples | |
| 73 -------- | |
| 74 | |
| 75 Start e2e encryption with Pierre, using the algorithm selected by SàT:: | |
| 76 | |
| 77 $ li encryption start louise@example.net | |
| 78 | |
| 79 Start an OMEMO session with Louise:: | |
| 80 | |
| 81 $ li encryption start -n omemo louise@example.org | |
| 82 | |
| 83 stop | |
| 84 ==== | |
| 85 | |
| 86 Terminate an e2e session with given entity. The entity must be specified as positional | |
| 87 argument. | |
| 88 | |
| 89 After this command is run, the messages with specified entity will not be e2e encrypted | |
| 90 anymore (but this won't affect encryption between SàT and XMPP server and between XMPP | |
| 91 servers). | |
| 92 | |
| 93 example | |
| 94 ------- | |
| 95 | |
| 96 Stop the e2e encryption session with Pierre:: | |
| 97 | |
| 98 $ li encryption stop pierre@example.net | |
| 99 | |
| 100 trust ui | |
| 101 ======== | |
| 102 | |
| 103 Run the user interface to handle trust with given entity and given algorithm. The user | |
| 104 interface depends on the algorithm used, but it generally shows you the fingerprints | |
| 105 associated with your contact or contact devices, and asks you if you trust them or not. | |
| 106 | |
| 107 The only mandatory argument is the jid of your contact. | |
| 108 | |
| 109 By default the currently active encryption session algorithm is used, but you may manage | |
| 110 trust for another algorithm by using ``-n NAME, --name NAME`` or ``-N NAMESPACE, | |
| 111 --namespace NAMESPACE``. | |
| 112 | |
| 113 .. note:: | |
| 114 | |
| 115 Trusting a contact or a device means that you certify that this contact or device is | |
| 116 the one you want to talk too. You should not trust a device if you have not verified by | |
| 117 an external channel (i.e. not XMPP) the fingerprint. The best way is to verify the | |
| 118 fingerprint physically if possible (i.e. in front of your contact, not with computer | |
| 119 networks in the middle). | |
| 120 | |
| 121 example | |
| 122 ------- | |
| 123 | |
| 124 Manage ``OMEMO`` trust with Louise devices:: | |
| 125 | |
| 126 $ li encryption trust ui -n omemo louise@example.org |