1 SILC - Secure Internet Live Conferencing
2 ========================================
4 SILC (Secure Internet Live Conferencing) is a protocol which provides
5 secure conferencing services in the Internet over insecure channel.
6 SILC is IRC like softwarre although internally they are very different.
7 Biggest similarity between SILC and IRC is that they both provide
8 conferencing services and that SILC has almost same commands as IRC. Other
9 than that they are nothing alike. Biggest differences are that SILC is
10 secure what IRC is not in any way. The network model is also entirely
11 different compared to IRC.
17 The development version is still preliminary version and requires some
18 work to get it working. You should, first of all, check the example
19 configuration files in ./doc/ directory. Change them according to your
25 ./silc -f <config file>
30 ./silcd -f <config file>
37 /SERVER [<server>[:<port>]]
39 Connects to remote SILC server.
43 Changes/sets nickname. Note that in SILC there can be
44 multiple same nicknames. However, the logic on working
45 with multiple nicknames on user interface is pretty much
46 still missing. Also note that nicknames in SILC are
51 Joins to a channel. Channel names start with `#'
56 Leaves the channel. If /leave * is given the client
57 leaves the current channel.
59 /CMODE <channel> +|-<modes> [{ <arguments>}]
61 Changes/sets channel mode. Most of the modes require
62 special privileges, such as channel operator or channel
63 founder privileges to work. The mode is added by adding
64 + before the option(s) and removed by adding - before
65 the option(s). Following modes are available:
67 p Set/unset channel as private channel
68 s Set/unset channel as secret channel
69 k Set/unset that channel uses private channel key
70 i Set/unset channel as invite only channel
71 t Set/unset that only channel operator or
72 founder may set channel topic
73 l <limit> Set/unset channel's user limit
74 a <passphrase> Set/unset passphrase for channel that must
75 be provided when joining to the channel.
76 c <cipher> Set/unset channel's cipher
77 h <hmac> Set/unset channel's hmac
79 Set/unset channel founder authentication.
80 Channel founder may set this mode so that
81 if the client leaves the channel it can
82 claim the founder rights when it returns
83 to the channel. If -pubkey is set then
84 the authentication will be done using the
85 client's public key. You can claim the
86 founder rights using the CUMODE command.
88 Multiple modes can be set/unset at once if the modes does not
89 require any arguments. If mode requires an argument then only
90 one mode can be set at once.
92 /CUMODE <channel> +|-<modes> <nickname>[@<server>] [-pubkey|<passwd>]
94 Changes/set user's mode on a channel. Most of the modes
95 require that the client who changes some client's mode must
96 be channel founder or channel operator. Following channel
97 user modes are available:
99 a <nickname>[@<server>]
101 Set/unset all modes (cannot be used to set
102 both founder and operator rights, can be used
103 only to remove both modes at once).
105 f <nickname>[@<server>] [-pubkey|<password>]
107 Set/Unset channel founder. If the -pubkey
108 option or <password> is provided then the
109 client is claiming the founder rights by
110 providing the channel founder authentication
111 data. If the -pubkey is provided then the
112 authentication is performed using the
113 client's public key. If you are channel
114 founder you can set the channel founder
115 authentication using CMODE command.
117 o <nickname>[@<server>]
119 Set/unset channel operator. Requires that
120 you are channel operator or channel founder.
124 Sets/unsets user mode. Note that some of the modes the
125 client cannot set itself. The following user modes are
129 s Unset server operator privileges
130 r Unset router operator privileges
131 g Set/unset to be gone (or use /AWAY command)
134 /MSG <nickname> <message>
136 Sends private message to remote client. Support for
137 handling multiple same nicknames with /MSG command is
140 /WHOIS <nickname>[@<server>] [<count>]
142 Gives a little information about a client. Support for
143 handling multiple same nicknames with this command is
146 /WHOWAS <nickname>[@<server>] [<count>]
148 Gives a little history information about a client.
150 /INVITE <channel> [<nickname>[@server>]
151 [+|-[<nickname>[@<server>[!<username>[@hostname>]]]]]
153 Invites client to a channel or manages the invite list of
154 the channel. The first <nickname> argument is used if an
155 client is invited to the channel. The second +|-<nickname>
156 argument is used to either add or delete invite from the
157 channel's invite list. Wildcards may be used with this
160 /BAN <channel> [+|-[<nickname>[@<server>[!<username>[@hostname>]]]]]
162 Manages the ban list of the channel. Wildcards may be used
163 with this command. You must be channel operator to be
164 able to use this command.
166 /KICK <channel> <nickname>[@<server>] [<comment>]
168 Kicks client from channel. You have to be at least channel
169 operator to be able to kick client from channel. Note:
170 you cannot kick channel founder even if you are channel
175 Pings server. Only locally connected server may be
180 Requests information about a server. If argument is
181 not specified current server is used.
185 Sets away message. When private message is received and
186 away message is set the client automatically replies to
187 the sender with the away message. To remove away message
188 give the command without arguments.
192 Quits session. Connection to remote server is closed.
196 Clears current screen.
200 Shows client version.
202 /OPER <username> [<public key>]
204 Obtains server operator privileges.
206 /SILCOPER <username> [<public key>]
208 Obtains router operator privileges.
210 /KILL <nickname> [<comment>]
212 Router operator can use this command to remove an client
213 from the SILC Network temporarily.
215 /CONNECT <server> [<port>]
217 Connects to server the remote <server>. You must be
218 server operator to be able to do this.
221 /CLOSE <server> [<port>]
223 Closes connection to the <server>. You must be server
224 operator to be able to do this.
228 Shutdowns the server. You must be server operator to be
233 Display the MOTD of the server. If server is not specified
234 the current server is used.
238 Lists all channels in the current server, or the channel
239 specified. If the channel cannot be found then all
242 /KEY msg|channel <nickname|channel>
243 set|unset|list|agreement|negotiate [<arguments>]
245 This command is used to set and unset private keys for
246 channels, set and unset private keys for private messages
247 with remote clients and to send key agreement requests and
248 negotiate the key agreement protocol with remote client.
249 The key agreement is supported only to negotiate private
250 message keys, it currently cannot be used to negotiate
251 private keys for channels, as it is not convenient for that
256 msg The command is performed for private messages
257 affecting the <nickname>.
259 channel The command is performed for channel affecting
265 set [<key> [<cipher>] [<hmac>]]
267 Set the key into use. If the <key> is provided it
268 is used as the key material. If the <key> is not
269 provided the negotiated key material is used. If
270 the negotiation has not been performed this command
273 If the type is `msg' and the <key> is `*' then
274 random key will be generated automatically.
276 The <cipher> may be set for both private message
277 and channel private keys and the <hmac> may be set
278 only to the channel private keys.
282 Unset the key. The private key is not used after
283 this command. The key must be set again or the key
284 material must be re-negotiated to be able to use
285 the private keys again.
287 The channel may have several private keys set. The
288 <number> can be used to indicate what key is being
289 unset. If it is not provided all keys are removed.
292 list List all private keys that has been set.
294 If the type is `msg' and the <nickname> is ´*' then
295 all private message keys that you've set will be
298 agreement [<hostname> [<port>]]
300 Send key agreement request to remote client. If
301 the <hostname> is provided it is sent in the request.
302 The receiver may use the hostname to start the
303 key agreement. If the <port> is also provided your
304 key agreement protocol server is bound to that
305 port. Note that it cannot be privileged port (<1023).
306 If the <hostname> and <port> is not provided then
307 the receiver will never initiate the key agreement.
308 In this case you must start the key agreement after
309 receiving the reply to the request, by giving the
310 /KEYAGR start command.
312 This command may be used to send reply to the
313 remote client. When receiving empty key agreement
314 you can reply to the sender with the hostname and
315 port of your key agreement server with this command.
317 negotiate [<hostname> [<port>]]
319 This may be called to start the key agreement with
320 <nickname>. This command has effect only if the
321 <nickname> has replied to your key agreement request.
322 You will see a notify on the screen when the reply
323 arrives. The <hostname> and <port> is the hostname
324 and port of the remote client's key agreement
327 /ME <channel> <action message>
329 This command is used to send an action to the channel.
330 This equals to CTCP's ACTION (IRC's /ME) command.
332 /NOTICE <channel> <message>
334 This command is used to send for example informational
335 notice messages to the channel.
339 Fetches remote client's public key.
344 Features to be included into the final release of SILC. [Note that the
345 current Developer's Version does not include all of these features, read
346 TODO file for more information.]
348 o Normal conferencing services such as private messages, channels,
349 channel messages, etc. All traffic is secured and authenticated.
351 o No unique nicknames. There can same nicknames in SILC without
352 collisions. SILC has unique Client ID's, Server ID's and Channel ID's
353 to assure that there are no collisions.
355 o Secure key exchange and authentication protocol. SILC Key Exchange
356 protocol provides key material used in the SILC sessions in secure
357 manner. The protocol is immune for example to man-in-the-middle
358 attacks. The SILC Authentication protocol provides strong
359 authentication. Authentication may be based on passphrase or public
360 key (RSA) authentication. For clients there is an option not to
361 use authentication when connecting to servers.
363 o All traffic is encrypted and authenticated using the best cryptographic
364 algorithms out there. Command messages, private messages and channel
365 messages are all protected by encryption. User can set private keys
366 for both private message and for channels so that even SILC servers do
367 not know the keys. Cipher keys are, by default, 128 bits in length and
368 public keys, by default, 1024 bits in length.
370 o Supports data compression with GZIP to improve performance.
372 o Supports SOCKS4 and SOCKS5 firewall traversal protocols.
374 o SIM (SILC Module) support. Support for loading of shared objects at
375 run-time that provides new and extended features to both SILC client
376 and server. These can provide extra ciphers and extra features to
379 o SILC client can be installed and used without root privileges.
381 o SILC client can be configured by system wide configuration files but
382 with user specific configuration files as well.
388 Even though SILC were just released to the public the idea and the protocol
389 itself is quite old. I got the idea about SILC in its current form in
390 the year 1996 and first lines of codes were written in early 1997. This
391 release is now third rewrite of the SILC. The very first version were
392 written in 1997 and it included SILC client and very very preliminary
393 SILC server. The server actually weren't usable but the client looked
394 pretty much the same as it does now. At that time the SILC also included
395 RSA implementation and 3DES implementation. The random number generator
396 that exists in this current release is actually based on the RNG written
397 in 1997. The RNG written in 1997, on the other hand, were based on
398 the SSH's random number generator. The RNG has been rewritten twice
399 since the first version.
401 I stopped writing the SILC later in 1997 when I got busy at school and
402 in work. The pause lasted several months. The development resumed in
403 1998 when my friend (Juha Räsänen) and I implemented ElGamal algorithm.
404 I rewrote some other parts as well. However, for the same reasons as
405 previously the development stopped again. I resumed the development
406 later in 1998 by doing rewrite of the SILC in C++. This was obviously
407 a mistake but at that time it seemed like a good idea. Again, in the
408 winter 1999 I got very busy writing my thesis and was forced to stop the
409 development again. I also, started a new job in the spring.
411 Later, in 1999, I decided that this time I'm going to make it the right
412 way. C++ was obviously a bad choice so I decided to fall back to plain
413 C language. I also decided to do complete rewrite and started doing
414 more thorough planning of what the SILC actually should include. I also
415 decided that this time it is going to kill me before I stop the
416 development. I started writing SILC in the weekends and actually
417 everytime I had some spare time. I also started a new job but I didn't
418 let that get to my way. The result of this development effort is the
419 release now in public.
421 I've learned a lot by doing the SILC. I guess, when I started it I wasn't
422 that good of a C programmer. That alone was a reason why SILC hasn't
423 seen the day of light before now. My programming style has also changed
424 dramatically during these years. Actually, it has changed couple times
425 since this last rewrite as well. However, the code style of current SILC
426 release is quite consistent (actually the coding style SILC has been
427 written now I've learned in my current job).
429 There is probably over 85% of new code in this third rewrite. Rest has
430 just been copied from the old versions and only minor changes has been
431 made (like changed function names and overall coding style). I've
432 preserved the dates of the old files (dating back to 1997) that has
433 existed in some forms in the old versions. There is a lot of new code but
434 already I see a lot that needs rewriting. The development continues.
440 Feedback and comments are welcome. You can reach me in the following
443 Official SILC project web site is : http://silc.pspt.fi
444 FTP archive for SILC project is : ftp://silc.pspt.fi/pub/silc/
445 Development mailing list address is : silc-devel@lists.sourceforge.net
447 Pekka Riikonen <priikone@poseidon.pspt.fi>