Add new --trust-new-identities global parameter

[signal-cli] / man / signal-cli.1.adoc

/////
vim:set ts=4 sw=4 tw=82 noet:
/////
:quotes.~:

= signal-cli (1)

== Name

signal-cli - A commandline and dbus interface for the Signal messenger

== Synopsis

*signal-cli* [--config CONFIG] [-h | -v | -u USERNAME | --dbus | --dbus-system] command [command-options]

== Description

signal-cli is a commandline interface for libsignal-service-java.
It supports registering, verifying, sending and receiving messages.
For registering you need a phone number where you can receive SMS or incoming calls.
signal-cli was primarily developed to be used on servers to notify admins of important events.
For this use-case, it has a dbus interface, that can be used to send messages from any programming language that has dbus bindings.

For some functionality the Signal protocol requires that all messages have been received from the server.
The `receive` command should be regularly executed. In daemon mode messages are continuously received.

== Options

*-h*, *--help*::
Show help message and quit.

*-v*, *--version*::
Print the version and quit.

*--verbose*::
Raise log level and include lib signal logs.

*--config* CONFIG::
Set the path, where to store the config.
Make sure you have full read/write access to the given directory.
(Default: `$XDG_DATA_HOME/signal-cli` (`$HOME/.local/share/signal-cli`))

*-u* USERNAME, *--username* USERNAME::
Specify your phone number, that will be your identifier.
The phone number must include the country calling code, i.e. the number must start with a "+" sign.

This flag must not be given for the `link` command.
It is optional for the `daemon` command.
For all other commands it is only optional if there is exactly one local user in the
config directory.

*--dbus*::
Make request via user dbus.

*--dbus-system*::
Make request via system dbus.

*-o* OUTPUT-MODE, *--output* OUTPUT-MODE::
Specify if you want commands to output in either "plain-text" mode or in "json". Defaults to "plain-text"

*--trust-new-identities* TRUST-MODE::
Choose when to trust new identities:
- `on-first-use` (default): Trust the first seen identity key from new users,
  changed keys must be verified manually
- `always`: Trust any new identity key without verification
- `never`: Don't trust any unknown identity key, every key must be verified manually

== Commands

=== register

Register a phone number with SMS or voice verification.
Use the verify command to complete the verification.

*-v*, *--voice*::
The verification should be done over voice, not SMS.

*--captcha*::
The captcha token, required if registration failed with a captcha required error.
To get the token, go to https://signalcaptchas.org/registration/generate.html
Check the developer tools for a redirect starting with signalcaptcha://
Everything after signalcaptcha:// is the captcha token.

=== verify

Verify the number using the code received via SMS or voice.

VERIFICATIONCODE::
The verification code.

*-p* PIN, *--pin* PIN::
The registration lock PIN, that was set by the user.
Only required if a PIN was set.

=== unregister

Disable push support for this device, i.e. this device won't receive any more messages.
If this is the master device, other users can't send messages to this number anymore.
Use "updateAccount" to undo this.
To remove a linked device, use "removeDevice" from the master device.

*--delete-account*::
Delete account completely from server. Cannot be undone without loss. You will
have to be readded to each group.

CAUTION: Only delete your account if you won't use this number again!

=== updateAccount

Update the account attributes on the signal server.
Can fix problems with receiving messages.

=== setPin

Set a registration lock pin, to prevent others from registering this number.

REGISTRATION_LOCK_PIN::
The registration lock PIN, that will be required for new registrations (resets after 7 days of inactivity)

=== removePin

Remove the registration lock pin.

=== link

Link to an existing device, instead of registering a new number.
This shows a "tsdevice:/…" URI. If you want to connect to another signal-cli instance, you can just use this URI.
If you want to link to an Android/iOS device, create a QR code with the URI (e.g. with qrencode) and scan that in the Signal app.

*-n* NAME, *--name* NAME::
Optionally specify a name to describe this new device.
By default "cli" will be used.

=== addDevice

Link another device to this device.
Only works, if this is the master device.

*--uri* URI::
Specify the uri contained in the QR code shown by the new device.
You will need the full uri enclosed in quotation marks, such as "tsdevice:/?uuid=....."

=== listDevices

Show a list of linked devices.

=== removeDevice

Remove a linked device.
Only works, if this is the master device.

*-d* DEVICE_ID, *--device-id* DEVICE_ID::
Specify the device you want to remove.
Use listDevices to see the deviceIds.

=== getUserStatus

Uses a list of phone numbers to determine the statuses of those users.
Shows if they are registered on the Signal Servers or not.
In json mode this is outputted as a list of objects.

[NUMBER [NUMBER ...]]::
One or more numbers to check.

=== send

Send a message to another user or group.

RECIPIENT::
Specify the recipients’ phone number.

*-g* GROUP, *--group-id* GROUP::
Specify the recipient group ID in base64 encoding.

*-m* MESSAGE, *--message* MESSAGE::
Specify the message, if missing, standard input is used.

*-a* [ATTACHMENT [ATTACHMENT ...]], *--attachment* [ATTACHMENT [ATTACHMENT ...]]::
Add one or more files as attachment.

*--note-to-self*::
Send the message to self without notification.

*-e*, *--end-session*::
Clear session state and send end session message.

=== sendReaction

Send reaction to a previously received or sent message.

RECIPIENT::
Specify the recipients’ phone number.

*-g* GROUP, *--group-id* GROUP::
Specify the recipient group ID in base64 encoding.

*-e* EMOJI, *--emoji* EMOJI::
Specify the emoji, should be a single unicode grapheme cluster.

*-a* NUMBER, *--target-author* NUMBER::
Specify the number of the author of the message to which to react.

*-t* TIMESTAMP, *--target-timestamp* TIMESTAMP::
Specify the timestamp of the message to which to react.

*-r*, *--remove*::
Remove a reaction.

=== sendReceipt

Send a read or viewed receipt to a previously received message.

RECIPIENT::
Specify the sender’s phone number.

*-t* TIMESTAMP, *--target-timestamp* TIMESTAMP::
Specify the timestamp of the message to which to react.

*--type* TYPE::
Specify the receipt type, either `read` (the default) or `viewed`.

=== sendTyping

Send typing message to trigger a typing indicator for the recipient.
Indicator will be shown for 15seconds unless a typing STOP message is sent first.

RECIPIENT::
Specify the recipients’ phone number.

*-g* GROUP, *--group-id* GROUP::
Specify the recipient group ID in base64 encoding.

*-s*, *--stop*::
Send a typing STOP message.

=== remoteDelete

Remotely delete a previously sent message.

RECIPIENT::
Specify the recipients’ phone number.

*-g* GROUP, *--group-id* GROUP::
Specify the recipient group ID in base64 encoding.

*-t* TIMESTAMP, *--target-timestamp* TIMESTAMP::
Specify the timestamp of the message to delete.

=== receive

Query the server for new messages.
New messages are printed on standard output and attachments are downloaded to the config directory.
In json mode this is outputted as one json object per line.

*-t* TIMEOUT, *--timeout* TIMEOUT::
Number of seconds to wait for new messages (negative values disable timeout).
Default is 5 seconds.
*--ignore-attachments*::
Don’t download attachments of received messages.

=== joinGroup

Join a group via an invitation link.

*--uri*::
The invitation link URI (starts with `https://signal.group/#`)

=== updateGroup

Create or update a group.
If the user is a pending member, this command will accept the group invitation.

*-g* GROUP, *--group-id* GROUP::
Specify the recipient group ID in base64 encoding.
If not specified, a new group with a new random ID is generated.

*-n* NAME, *--name* NAME::
Specify the new group name.

*-d* DESCRIPTION, *--description* DESCRIPTION::
Specify the new group description.

*-a* AVATAR, *--avatar* AVATAR::
Specify a new group avatar image file.

*-m* [MEMBER [MEMBER ...]], *--member* [MEMBER [MEMBER ...]]::
Specify one or more members to add to the group.

*-r* [MEMBER [MEMBER ...]], *--remove-member* [MEMBER [MEMBER ...]]::
Specify one or more members to remove from the group

*--admin* [MEMBER [MEMBER ...]]::
Specify one or more members to make a group admin

*--remove-admin* [MEMBER [MEMBER ...]]::
Specify one or more members to remove group admin privileges

*--reset-link*::
Reset group link and create new link password

*--link* LINK_STATE::
Set group link state: `enabled`, `enabled-with-approval`, `disabled`

*--set-permission-add-member* PERMISSION::
Set permission to add new group members: `every-member`, `only-admins`

*--set-permission-edit-details* PERMISSION::
Set permission to edit group details: `every-member`, `only-admins`

*--set-permission-send-messages* PERMISSION::
Set permission to send messages in group: `every-member`, `only-admins`
Groups where only admins can send messages are also called announcement groups

*-e* EXPIRATION_SECONDS, *--expiration* EXPIRATION_SECONDS::
Set expiration time of messages (seconds).
To disable expiration set expiration time to 0.

=== quitGroup

Send a quit group message to all group members and remove self from member list.
If the user is a pending member, this command will decline the group invitation.

*-g* GROUP, *--group-id* GROUP::
Specify the recipient group ID in base64 encoding.

*--delete*::
Delete local group data completely after quitting group.

=== listGroups

Show a list of known groups and related information.
In json mode this is outputted as an list of objects and is always in detailed mode.

*-d*, *--detailed*::
Include the list of members of each group and the group invite link.

=== listContacts

Show a list of known contacts with names.

=== listIdentities

List all known identity keys and their trust status, fingerprint and safety number.

*-n* NUMBER, *--number* NUMBER::
Only show identity keys for the given phone number.

=== trust

Set the trust level of a given number.
The first time a key for a number is seen, it is trusted by default (TOFU).
If the key changes, the new key must be trusted manually.

number::
Specify the phone number, for which to set the trust.

*-a*, *--trust-all-known-keys*::
Trust all known keys of this user, only use this for testing.

*-v* VERIFIED_SAFETY_NUMBER, *--verified-safety-number* VERIFIED_SAFETY_NUMBER::
Specify the safety number of the key, only use this option if you have verified the safety number.

=== updateProfile

Update the profile information shown to message recipients.
The profile is stored encrypted on the Signal servers.
The decryption key is sent with every outgoing messages to contacts and included
in every group.

*--given-name* NAME, *--name* NAME::
New (given) name.

*--family-name* FAMILY_NAME::
New family name.

*--about* ABOUT_TEXT::
New profile status text.

*--about-emoji* EMOJI::
New profile status emoji.

*--avatar* AVATAR_FILE::
Path to the new avatar image file.

*--remove-avatar*::
Remove the avatar

=== updateContact

Update the info associated to a number on our contact list.
This change is only local but can be synchronized to other devices by using `sendContacts` (see below).
If the contact doesn't exist yet, it will be added.

NUMBER::
Specify the contact phone number.

*-n*, *--name*::
Specify the new name for this contact.

*-e*, *--expiration* EXPIRATION_SECONDS::
Set expiration time of messages (seconds).
To disable expiration set expiration time to 0.

=== block

Block the given contacts or groups (no messages will be received).
This change is only local but can be synchronized to other devices by using `sendContacts` (see below).

[CONTACT [CONTACT ...]]::
Specify the phone numbers of contacts that should be blocked.

*-g* [GROUP [GROUP ...]], *--group-id* [GROUP [GROUP ...]]::
Specify the group IDs that should be blocked in base64 encoding.

=== unblock

Unblock the given contacts or groups (messages will be received again).
This change is only local but can be synchronized to other devices by using `sendContacts` (see below).

[CONTACT [CONTACT ...]]::
Specify the phone numbers of contacts that should be unblocked.

*-g* [GROUP [GROUP ...]], *--group-id* [GROUP [GROUP ...]]::
Specify the group IDs that should be unblocked in base64 encoding.

=== sendContacts

Send a synchronization message with the local contacts list to all linked devices.
This command should only be used if this is the master device.

=== sendSyncRequest

Send a synchronization request message to the master device (for group, contacts, ...).
The master device will respond with synchronization messages with full contact and
group lists.

=== uploadStickerPack

Upload a new sticker pack, consisting of a manifest file and the sticker images.
Images must conform to the following specification: (see https://support.signal.org/hc/en-us/articles/360031836512-Stickers#sticker_reqs )
- Static stickers in PNG or WebP format
- Animated stickers in APNG format,
- Maximum file size for a sticker file is 300KiB
- Image resolution of 512 x 512 px

The required manifest.json has the following format:

[source,json]
----
{
  "title": "<STICKER_PACK_TITLE>",
  "author": "<STICKER_PACK_AUTHOR>",
  "cover": { // Optional cover, by default the first sticker is used as cover
    "file": "<name of image file, mandatory>",
    "contentType": "<optional>",
    "emoji": "<optional>"
  },
  "stickers": [
    {
      "file": "<name of image file, mandatory>",
      "contentType": "<optional>",
      "emoji": "<optional>"
    }
    ...
  ]
}
----

PATH::
The path of the manifest.json or a zip file containing the sticker pack you wish to upload.

=== daemon

signal-cli can run in daemon mode and provides an experimental dbus interface.
If no `-u` username is given, all local users will be exported as separate dbus
objects under the same bus name.

*--system*::
Use DBus system bus instead of user bus.
*--ignore-attachments*::
Don’t download attachments of received messages.

== Examples

Register a number (with SMS verification)::
signal-cli -u USERNAME register

Verify the number using the code received via SMS or voice::
signal-cli -u USERNAME verify CODE

Send a message to one or more recipients::
signal-cli -u USERNAME send -m "This is a message" [RECIPIENT [RECIPIENT ...]] [-a [ATTACHMENT [ATTACHMENT ...]]]

Pipe the message content from another process::
uname -a | signal-cli -u USERNAME send [RECIPIENT [RECIPIENT ...]]

Create a group::
signal-cli -u USERNAME updateGroup -n "Group name" -m [MEMBER [MEMBER ...]]

Add member to a group::
signal-cli -u USERNAME updateGroup -g GROUP_ID -m "NEW_MEMBER"

Accept a group invitation::
signal-cli -u USERNAME updateGroup -g GROUP_ID

Leave a group::
signal-cli -u USERNAME quitGroup -g GROUP_ID

Send a message to a group::
signal-cli -u USERNAME send -m "This is a message" -g GROUP_ID

Trust new key, after having verified it::
signal-cli -u USERNAME trust -v SAFETY_NUMBER NUMBER

Trust new key, without having verified it. Only use this if you don't care about security::
signal-cli -u USERNAME trust -a NUMBER

== Exit codes
* *1*: Error is probably caused and fixable by the user
* *2*: Some unexpected error
* *3*: Server or IO error
* *4*: Sending failed due to untrusted key

== Files

The password and cryptographic keys are created when registering and stored in the current users home directory, the directory can be changed with *--config*:

`$XDG_DATA_HOME/signal-cli/` (`$HOME/.local/share/signal-cli/`)

== Authors

Maintained by AsamK <asamk@gmx.de>, who is assisted by other open source contributors.
For more information about signal-cli development, see
<https://github.com/AsamK/signal-cli>.