-
Notifications
You must be signed in to change notification settings - Fork 88
Commands
TFC is controlled by entering commands into the message entry window of the Transmitter Program.
Display links to the project's homepage and documentation.
Initialize the 'add new contact wizard' and key exchange with new/existing contact.
Cancel queued files to the active contact/group. (Works only during traffic masking.)
Cancel queued messages to the active contact/group.
Clear TFC's screen on all three computers. (Excludes Networked Computer when traffic masking is enabled.)
Switch Receiver Program's window to one that shows its command history.
Resend the Tor Onion Service private key and contact data from Source to Networked Computer. This command is to be used in situations where the Networked Computer or Relay Program running on it had to be restarted.
Exit TFC on all three computers.
Export (n most recent) messages for active contact/group from the encrypted database on Source/Destination Computer. As this will write the specified logs in plaintext, the action must be confirmed by answering y or yes to the confirmation prompt and by entering the master password to authenticate the action.
Send file to the active contact or group.
View the file window on Receiver Program that shows transmission progress of incoming files from contacts. (Only files sent by contacts that use traffic masking are displayed in the file window.)
Display list of TFC commands and their descriptions.
Display log of (n most recent) messages of active contact or group on Receiver Program. This command will also show (n most recent) sent messages for active contact or group on Transmitter Program. Displaying output messages allows users to cross-compare logs and verify e.g. advanced malware on Destination Computer has not changed the content of messages after they were decrypted. Viewing the log file requires entering the master password.
Reinitialize the local key setup.
/logging on enables logging for the active contact/group.
/logging off disables logging for the active contact/group.
/logging on all enables logging for all contacts and groups.
/logging off all disables logging for all contacts and groups.
/msg Alice selects contact with nick Alice.
/msg <account> selects contact with TFC-account <account>.
/msg myGroup selects group myGroup.
Displays list of contacts and settings related to them
- The nickname of the contact
- The truncated TFC account of contact
- The setting on whether messages sent by contact to their window are logged
- The setting on whether files sent by contact are accepted
- The setting on whether notifications about new messages from contact are displayed when another window is active
- The key exchange type and if X448 is used, verification status of the fingerprint for the contact
The command also shows following information about groups
- The name of the group
- The setting on whether messages sent to the group are logged
- The setting on whether notifications about new messages to the group are displayed when another window is active
- The list of group members' nicknames
/nick Alice changes the nick of active contact to Alice.
/nick myGroup changes the nick of active group to myGroup.
/notify on enables new message notification privacy for active contact/group.
/notify off disables new message notification privacy for active contact/group.
/notify on all enables new message notification privacy for all contacts and groups.
/notify off all disables new message notification privacy for all contacts and groups.
When the window notification is enabled, and a message is received to another window, it will be displayed for a brief moment in the active window.
/passwd tx changes the Transmitter Program's master password.
/passwd rx changes the Receiver Program's master password.
Sends a command to the Receiver Program that instructs it to open a file selection prompt. This prompt allows the user to select the PSK file from the contact's removable media, which is then imported.
WARNING! The removable media containing the PSK must be connected to the user's Destination Computer. Accidentally connecting the PSK transmission media to Source Computer can completely break TFC's endpoint security!
Resets the screens of all three computers and erases the ephemeral message log for the active contact/group. This command does not remove logged messages. During traffic masking when this command is issued, the window of Relay Program is not reset, so as not to reveal to an attacker on the Networked Computer when TFC is being used.
/rm Alice removes the contact with the nick Alice.
/rmlogs Alice removes all logs associated with the contact currently associated with the nick Alice.
/rmlogs <account> removes all logs with the account, even if it is no longer a contact in TFC.
/rmlogs myGroup removes all logs associated with the group.
/store on enables file reception for active contact, or members of the active group.
/store off disables file reception for active contact, or members of the active group.
/store on all enables file reception for all contacts.
/store off all disables file reception for all contacts.
Displays list of windows for contacts and groups on Receiver Program that have unread messages.
Displays the public key fingerprints of the user and the contact on Transmitter Program and asks the user to verify them. This command is only available if X448 was used to exchange keys (as opposed to PSKs).
/whisper Hi Bob sends an "off-the-record*" message Hi Bob to the contact. The message will not be logged -- even if the recipient has enabled message logging for the contact -- unless the recipient has modified their Receiver Program: It does not protect the user from the recipient, only from third parties in cases where the recipient can be trusted.
*Nothing to do with the OTR-protocol.
/whois Alice displays the TFC account of Alice, e.g. u5oeq6iizrunvze266ygugokvj36pelrdv22quzon4j4ppff4fpuojyd
/whois u5oeq6iizrunvze266ygugokvj36pelrdv22quzon4j4ppff4fpuojyd displays the nick of the account, e.g., Alice.
The latter command is useful when the user wants to verify whose account is in question when the Relay Program (that does not know the nicks of contacts) displays a truncated TFC account.
Both nicks and accounts support tab-complete.
Overwrite all TFC user data from all three computers and power systems off. Since this is
a destructive command, the user needs to confirm it by entering Yes to the prompt.
Password is not prompted to avoid failure for wipe during a stressful situation.
/group create myGroup creates empty group myGroup.
/group create myGroup Alice Charlie creates group myGroup with members listed in creation.
When a new group is created, the Transmitter program will send each member an invitation that contains a list of all members user added to the group, as well as the ID (e.g. 2de6sbn1tCH4R) of the group.
When the user receives a group invitation to their Relay Program, they can join the group with
/group join 2de6sbn1tCH4R myGroup Bob Charlie
All contacts that wish to join must manually create a group that uses the same group ID. The name of the group can be chosen by each joining member. In the unlikely event that group ID already exists, one of the groups needs to be re-created.
Hint: The Relay Program knows which of the accounts in group invitations are on the user's contact list. The user does not need to do /whois on every account in the group to get nicks. They can just tab-complete the accounts displayed by Relay Program and Receiver Program will display nicks of added members in Transmitter/Receiver Program group creation notification. Adding contacts to group this way is safe as it's not possible to add unknown accounts to the group, and the software allows the user to remove any unwanted nicks before sending messages to the group. Transmitter Program will not tab-complete or accept unknown members.
WARNING! The user should never join groups the group ID of which was sent to them in a message Receiver Program displays: These group IDs could be used to steal sensitive key data from The Destination Computer. Always use the default way of manually copying the group ID from group invitation message, displayed by the Relay Program on the Networked Computer.
/group add myGroup David adds the contact with nick David to the group.
When a new member is added to an existing group, the Transmitter program will ask if a group management message will be sent to new and existing members so that they can synchronize their groups. As a new member, David will receive an invitation as if a new group was created.
/group rm myGroup David removes the contact with nick David from the group.
When one or more existing members are removed from the group, the Transmitter Program will ask if the user wants to send a list of removed members to the remaining members. Removed members never receive notification about them being removed. What happens during removal is, the Transmitter Program of the user stops sending group messages to that contact, and the Receiver Program of the user stops displaying messages that the removed contact redirects to the group window. Removing a contact from a group does not prevent them from sending private messages to the user (this can be done by removing the contact from TFC), nor does it prevent any other group members from continuing conversation with the removed contact in the group.
/group rm myGroup removes group myGroup.
When a group is removed, the Transmitter Program of the user asks them if it should send a notification to existing group members about the user leaving the group. If a contact sends the user a message about leaving the group, the user(s) must themselves remove the contact from the group to prevent the contact from being able to secretly read messages the user sends to the group. Such "eavesdropping" cannot be prevented as the encryption key is the same as the one used to encrypt private messages to the contact who claimed to have left the group.
Setting names, current and default values, and descriptions can be viewed with command
/settings
Settings can be changed with
/set <setting name> <setting value>
Note that settings that affect serial interfaces require all TFC programs to be restarted. Make sure each program displays a notification that new serial settings will take effect on restart. If you find yourself in a situation where serial settings are out of sync, you can either edit each $HOME/tfc/user_data/*_serial_settings.json file with a text editor, or you can close all three TFC programs, and delete the *_serial_settings.json file on all three computers. This will reset the serial interface settings.
Traffic masking is a special mode of operation for Transmitter Program that protects metadata about the type, quantity and schedule of communication at the inconvenience of having to lock to a single window (i.e. single contact or group) as the recipient.
During traffic masking Transmitter Program will output a constant stream of noise data, into which it inserts file/message packets when due. This prevents even an attacker who remotely compromises the Networked Computer of user from determining if and when, and how much communication takes place, as well as the type (message/file) of communicated data.
Traffic masking is enabled with the command /set traffic_masking True. This deselects the active window and requires the user to choose a contact or group for the duration of traffic masking. Once enabled, traffic masking mode can be disabled with the command /set traffic_masking False that immediately stops outputting the stream of noise messages. Issuing the latter command also deselects the contact.
The transmitter Program will remember the traffic masking setting status across restarts but not the active group for the traffic masking.