signal-cli-rest-api icon indicating copy to clipboard operation
signal-cli-rest-api copied to clipboard

Published 20 hours ago verified publisher icon bbernhard

Allow setting --trust-new-identities

Open etlweather opened this issue 3 years ago • 10 comments

Feature Request

Per the signal-cli documentation, one can run it with --trust-new-identities TRUST-MODE. I would like to be able to pass this parameter such that signal-cli-rest-api calls signal-cli with it set.

I can't find how to do that. I looked at the code and I am pretty sure it can't be done as it is right now.

etlweather avatar Apr 25 '22 00:04 etlweather

You are right, that flag isn't exposed yet. But instead you could list all identities via the GET request, iterate over them and you use the trust endpoint (with the trust_all_known_keys flag set to true) to trust all identities. Would that work for your use case or is there a specific reason you would prefer the --trust-new-identities flag over the identities endpoint?

bbernhard avatar Apr 25 '22 17:04 bbernhard

We are doing this for right now, but it is not optimum for us because it means the first message sent in with a new key does not decrypt. We then have to tell the sender to send their message again (after we trusted the new key). It make sense security wise but in reality, all the users do is trust the new key regardless.

etlweather avatar Apr 27 '22 20:04 etlweather

I see. I'll have a look (but it probably takes a bit)

bbernhard avatar May 03 '22 16:05 bbernhard

I think I should be able to have a first version ready in the next few days. Unfortunately this feature is a bit of a pain to test. Do you have a setup where you can easily test this & could you help with testing?

bbernhard avatar May 06 '22 18:05 bbernhard

That's great. I can definitely help testing.

etlweather avatar May 07 '22 00:05 etlweather

There's now a docker image available for testing: bbernhard/signal-cli-rest-api:0.107-dev

The sourcecode can be found in the trust_mode git branch.

The trust mode can be set with the [post] /v1/configuration/<signal number>/settings endpoint. (you only need to set it once per registered signal number; the settings will be persistently stored on the filesystem). Once it is configured, the trust mode will be appended to every signal-cli invocation.

bbernhard avatar May 08 '22 19:05 bbernhard

Awesome. We're going to give it a go. Will let you know.

etlweather avatar May 08 '22 19:05 etlweather

@bbernhard I am helping @etlweather with this and ran this through the scenarios that were previously causing trouble and this seems to be resolved with this update. Thank you very much.

ced-b avatar May 21 '22 21:05 ced-b

Cool! Many thanks for testing! I'll merge the changes then into the master branch - so it will be included in the next productive release.

bbernhard avatar May 22 '22 18:05 bbernhard