1 SILC - Secure Internet Live Conferencing
2 ========================================
4 SILC (Secure Internet Live Conferencing) is a protocol which provides
5 secure conferencing services in the Internet over insecure channel.
6 SILC is IRC like softwarre although internally they are very different.
7 Biggest similarity between SILC and IRC is that they both provide
8 conferencing services and that SILC has almost same commands as IRC. Other
9 than that they are nothing alike. Biggest differences are that SILC is
10 secure what IRC is not in any way. The network model is also entirely
11 different compared to IRC.
17 After installing the SILC to the system the SILC client is started by
22 If you want to run with specific configuration file give -f option.
24 To run the server you should configure the server first. To run the
25 server give the command:
29 This will launch the server on to the background.
36 /SERVER [<server>[:<port>]]
38 Connects to remote SILC server.
42 Changes/sets nickname. Note that in SILC there can be
43 multiple same nicknames. However, the logic on working
44 with multiple nicknames on user interface is pretty much
45 still missing. Also note that nicknames in SILC are
50 Joins to a channel. Channel names start with `#'
55 Leaves the channel. If /leave * is given the client
56 leaves the current channel.
58 /CMODE <channel> +|-<modes> [{ <arguments>}]
60 Changes/sets channel mode. Most of the modes require
61 special privileges, such as channel operator or channel
62 founder privileges to work. The mode is added by adding
63 + before the option(s) and removed by adding - before
64 the option(s). Following modes are available:
66 p Set/unset channel as private channel
67 s Set/unset channel as secret channel
68 k Set/unset that channel uses private channel key
69 i Set/unset channel as invite only channel
70 t Set/unset that only channel operator or
71 founder may set channel topic
72 l <limit> Set/unset channel's user limit
73 a <passphrase> Set/unset passphrase for channel that must
74 be provided when joining to the channel.
75 c <cipher> Set/unset channel's cipher
76 h <hmac> Set/unset channel's hmac
78 Set/unset channel founder authentication.
79 Channel founder may set this mode so that
80 if the client leaves the channel it can
81 claim the founder rights when it returns
82 to the channel. If -pubkey is set then
83 the authentication will be done using the
84 client's public key. You can claim the
85 founder rights using the CUMODE command.
87 Multiple modes can be set/unset at once if the modes does not
88 require any arguments. If mode requires an argument then only
89 one mode can be set at once.
91 /CUMODE <channel> +|-<modes> <nickname>[@<server>] [-pubkey|<passwd>]
93 Changes/set user's mode on a channel. Most of the modes
94 require that the client who changes some client's mode must
95 be channel founder or channel operator. Following channel
96 user modes are available:
98 a <nickname>[@<server>]
100 Set/unset all modes (cannot be used to set
101 both founder and operator rights, can be used
102 only to remove both modes at once).
104 f <nickname>[@<server>] [-pubkey|<password>]
106 Set/Unset channel founder. If the -pubkey
107 option or <password> is provided then the
108 client is claiming the founder rights by
109 providing the channel founder authentication
110 data. If the -pubkey is provided then the
111 authentication is performed using the
112 client's public key. If you are channel
113 founder you can set the channel founder
114 authentication using CMODE command.
116 o <nickname>[@<server>]
118 Set/unset channel operator. Requires that
119 you are channel operator or channel founder.
123 Sets/unsets user mode. Note that some of the modes the
124 client cannot set itself. The following user modes are
128 s Unset server operator privileges
129 r Unset router operator privileges
130 g Set/unset to be gone (or use /AWAY command)
133 /MSG <nickname> <message>
135 Sends private message to remote client. Support for
136 handling multiple same nicknames with /MSG command is
139 /WHOIS <nickname>[@<server>] [<count>]
141 Gives a little information about a client. Support for
142 handling multiple same nicknames with this command is
145 /WHOWAS <nickname>[@<server>] [<count>]
147 Gives a little history information about a client.
149 /INVITE <channel> [<nickname>[@server>]
150 [+|-[<nickname>[@<server>[!<username>[@hostname>]]]]]
152 Invites client to a channel or manages the invite list of
153 the channel. The first <nickname> argument is used if an
154 client is invited to the channel. The second +|-<nickname>
155 argument is used to either add or delete invite from the
156 channel's invite list. Wildcards may be used with this
159 /BAN <channel> [+|-[<nickname>[@<server>[!<username>[@hostname>]]]]]
161 Manages the ban list of the channel. Wildcards may be used
162 with this command. You must be channel operator to be
163 able to use this command.
165 /KICK <channel> <nickname>[@<server>] [<comment>]
167 Kicks client from channel. You have to be at least channel
168 operator to be able to kick client from channel. Note:
169 you cannot kick channel founder even if you are channel
174 Pings server. Only locally connected server may be
179 Requests information about a server. If argument is
180 not specified current server is used.
184 Sets away message. When private message is received and
185 away message is set the client automatically replies to
186 the sender with the away message. To remove away message
187 give the command without arguments.
191 Quits session. Connection to remote server is closed.
195 Clears current screen.
199 Shows client version.
201 /OPER <username> [<public key>]
203 Obtains server operator privileges.
205 /SILCOPER <username> [<public key>]
207 Obtains router operator privileges.
209 /KILL <nickname> [<comment>]
211 Router operator can use this command to remove an client
212 from the SILC Network temporarily.
214 /CONNECT <server> [<port>]
216 Connects to server the remote <server>. You must be
217 server operator to be able to do this.
220 /CLOSE <server> [<port>]
222 Closes connection to the <server>. You must be server
223 operator to be able to do this.
227 Shutdowns the server. You must be server operator to be
232 Display the MOTD of the server. If server is not specified
233 the current server is used.
237 Lists all channels in the current server, or the channel
238 specified. If the channel cannot be found then all
241 /KEY msg|channel <nickname|channel>
242 set|unset|list|agreement|negotiate [<arguments>]
244 This command is used to set and unset private keys for
245 channels, set and unset private keys for private messages
246 with remote clients and to send key agreement requests and
247 negotiate the key agreement protocol with remote client.
248 The key agreement is supported only to negotiate private
249 message keys, it currently cannot be used to negotiate
250 private keys for channels, as it is not convenient for that
255 msg The command is performed for private messages
256 affecting the <nickname>.
258 channel The command is performed for channel affecting
264 set [<key> [<cipher>] [<hmac>]]
266 Set the key into use. If the <key> is provided it
267 is used as the key material. If the <key> is not
268 provided the negotiated key material is used. If
269 the negotiation has not been performed this command
272 If the type is `msg' and the <key> is `*' then
273 random key will be generated automatically.
275 The <cipher> may be set for both private message
276 and channel private keys and the <hmac> may be set
277 only to the channel private keys.
281 Unset the key. The private key is not used after
282 this command. The key must be set again or the key
283 material must be re-negotiated to be able to use
284 the private keys again.
286 The channel may have several private keys set. The
287 <number> can be used to indicate what key is being
288 unset. If it is not provided all keys are removed.
291 list List all private keys that has been set.
293 If the type is `msg' and the <nickname> is ´*' then
294 all private message keys that you've set will be
297 agreement [<hostname> [<port>]]
299 Send key agreement request to remote client. If
300 the <hostname> is provided it is sent in the request.
301 The receiver may use the hostname to start the
302 key agreement. If the <port> is also provided your
303 key agreement protocol server is bound to that
304 port. Note that it cannot be privileged port (<1023).
305 If the <hostname> and <port> is not provided then
306 the receiver will never initiate the key agreement.
307 In this case you must start the key agreement after
308 receiving the reply to the request, by giving the
309 /KEYAGR start command.
311 This command may be used to send reply to the
312 remote client. When receiving empty key agreement
313 you can reply to the sender with the hostname and
314 port of your key agreement server with this command.
316 negotiate [<hostname> [<port>]]
318 This may be called to start the key agreement with
319 <nickname>. This command has effect only if the
320 <nickname> has replied to your key agreement request.
321 You will see a notify on the screen when the reply
322 arrives. The <hostname> and <port> is the hostname
323 and port of the remote client's key agreement
326 /ME <channel> <action message>
328 This command is used to send an action to the channel.
329 This equals to CTCP's ACTION (IRC's /ME) command.
331 /NOTICE <channel> <message>
333 This command is used to send for example informational
334 notice messages to the channel.
338 Fetches remote client's public key.
343 Features to be included into the final release of SILC. [Note that the
344 current Developer's Version does not include all of these features, read
345 TODO file for more information.]
347 o Normal conferencing services such as private messages, channels,
348 channel messages, etc. All traffic is secured and authenticated.
350 o No unique nicknames. There can same nicknames in SILC without
351 collisions. SILC has unique Client ID's, Server ID's and Channel ID's
352 to assure that there are no collisions.
354 o Secure key exchange and authentication protocol. SILC Key Exchange
355 protocol provides key material used in the SILC sessions in secure
356 manner. The protocol is immune for example to man-in-the-middle
357 attacks. The SILC Authentication protocol provides strong
358 authentication. Authentication may be based on passphrase or public
359 key (RSA) authentication. For clients there is an option not to
360 use authentication when connecting to servers.
362 o All traffic is encrypted and authenticated using the best cryptographic
363 algorithms out there. Command messages, private messages and channel
364 messages are all protected by encryption. User can set private keys
365 for both private message and for channels so that even SILC servers do
366 not know the keys. Cipher keys are, by default, 128 bits in length and
367 public keys, by default, 1024 bits in length.
369 o Supports data compression with GZIP to improve performance.
371 o Supports SOCKS4 and SOCKS5 firewall traversal protocols.
373 o SIM (SILC Module) support. Support for loading of shared objects at
374 run-time that provides new and extended features to both SILC client
375 and server. These can provide extra ciphers and extra features to
378 o SILC client can be installed and used without root privileges.
380 o SILC client can be configured by system wide configuration files but
381 with user specific configuration files as well.
387 Even though SILC were released in summer 2000 to the public the idea and
388 the protocol itself is quite old. I got the idea about SILC in its
389 current form in the year 1996 and first lines of codes were written in
390 early 1997. This release is now third rewrite of the SILC. The very first
391 version were written in 1997 and it included SILC client and very very
392 preliminary SILC server. The server actually weren't usable but the
393 client looked pretty much the same as it does now. At that time the SILC
394 also included RSA implementation and 3DES implementation. The random
395 number generator that exists in this current release is actually based on
396 the RNG written in 1997. The RNG written in 1997, on the other hand, were
397 based on the SSH's random number generator. The RNG has been rewritten
398 twice since the first version.
400 I stopped writing the SILC later in 1997 when I got busy at school and in
401 work. The pause lasted several months. The development resumed in 1998
402 when my friend (Juha Räsänen) and I implemented ElGamal algorithm. I
403 rewrote some other parts as well. However, for the same reasons as
404 previously the development stopped again. I resumed the development later
405 in 1998 by doing rewrite of the SILC in C++. This was obviously a mistake
406 but at that time it seemed like a good idea. Again, in the winter 1999 I
407 got very busy writing my thesis and was forced to stop the development
408 again. I also, started a new job in the spring.
410 Later, in 1999, I decided that this time I'm going to make it the right
411 way. C++ was obviously a bad choice so I decided to fall back to plain C
412 language. I also decided to do complete rewrite and started doing more
413 thorough planning of what the SILC actually should include. I also
414 decided that this time it is going to kill me before I stop the
415 development. I started writing SILC in the weekends and actually
416 everytime I had some spare time. I also started a new job but I didn't
417 let that get to my way. The result of this development effort is the
418 release now in public.
420 I've learned a lot by doing the SILC. I guess, when I started it I wasn't
421 that good of a C programmer. That alone was a reason why SILC hasn't seen
422 the day of light before now. My programming style has also changed
423 dramatically during these years. Actually, it has changed couple times
424 since this last rewrite as well. However, the code style of current SILC
425 release is quite consistent (actually the coding style SILC has been
426 written now I've learned in my current job).
428 There is probably over 85% of new code in this third rewrite. Rest has
429 just been copied from the old versions and only minor changes has been
430 made (like changed function names and overall coding style). I've
431 preserved the dates of the old files (dating back to 1997) that has
432 existed in some forms in the old versions. There is a lot of new code but
433 already I see a lot that needs rewriting. The development continues.
439 Feedback and comments are welcome. Bug reports should be sent to the
440 development mailing list.
442 Official SILC project web site : http://silcnet.org/
443 FTP archive for SILC project : ftp://silc.pspt.fi/pub/silc/
444 Development mailing list address : silc-devel@lists.sourceforge.net
446 Pekka Riikonen <priikone@poseidon.pspt.fi>