2 <b><big>Frequently Asked Questions</big></b>
4 <a href="#f1_0" class="normal">1. General Questions</a><br />
5 <a href="#f1_10" class="normal">
6 1.1 What is SILC?</a><br />
7 <a href="#f1_20" class="normal">
8 1.2 When was SILC Project started?</a><br />
9 <a href="#f1_30" class="normal">
10 1.3 Why SILC in the first place?</a><br />
11 <a href="#f1_40" class="normal">
12 1.4 What license covers the SILC release?</a><br />
13 <a href="#f1_50" class="normal">
14 1.5 Why SILC? Why not IRC3?</a><br />
15 <a href="#f1_55" class="normal">
16 1.6 What platforms SILC supports?</a><br />
17 <a href="#f1_59" class="normal">
18 1.7 How do you pronounce SILC?</a><br />
19 <a href="#f1_60" class="normal">
20 1.8 Where can I find more information?</a><br />
21 <a href="#f1_70" class="normal">
22 1.9 I would like to help out, what can I do?</a>
25 <a href="#f2_0" class="normal">2. Protocol Questions</a><br />
26 <a href="#f2_10" class="normal">
27 2.1 What is the status of SILC protocol in the IETF?</a><br />
28 <a href="#f2_20" class="normal">
29 2.2 How much the SILC protocol is based on IRC?</a><br />
30 <a href="#f2_30" class="normal">
31 2.3 Why use SILC? Why not IRC with SSL?</a><br />
32 <a href="#f2_40" class="normal">
33 2.4 Can I talk from SILC network to IRC network?</a><br />
34 <a href="#f2_45" class="normal">
35 2.5 Does SILC support file transfer?</a><br />
36 <a href="#f2_46" class="normal">
37 2.6 Does SILC support DCC or alike?</a><br />
38 <a href="#f2_47" class="normal">
39 2.7 I am behind a firewall, can I use SILC?</a><br />
40 <a href="#f2_50" class="normal">
41 2.8 How secure SILC really is?</a><br />
42 <a href="#f2_60" class="normal">
43 2.9 Does SILC support instant messaging?</a><br />
44 <a href="#f2_70" class="normal">
45 2.10 Why SILC does not have LINKS command like in IRC?</a><br />
46 <a href="#f2_80" class="normal">
47 2.11 What does the session detaching/resuming mean?</a><br />
48 <a href="#f2_90" class="normal">
49 2.12 Is anyone outside a channel able to see the channel messages?</a><br />
50 <a href="#f2_95" class="normal">
51 2.13 How can I register my channel in SILC?</a><br />
52 <a href="#f2_100" class="normal">
53 2.14 Is it true that all messages are encrypted in SILC?</a><br />
54 <a href="#f2_110" class="normal">
55 2.15 Can server or SILC operator gain operator mode on a channel?</a><br />
56 <a href="#f2_120" class="normal">
57 2.16 Channel name doesn't have #-character or does it?</a><br />
58 <a href="#f2_130" class="normal">
59 2.17 Does SILC support moderated channels?</a><br />
60 <a href="#f2_140" class="normal">
61 2.18 What does the "watching" mean?</a><br />
62 <a href="#f2_150" class="normal">
63 2.19 Is it possible to reject watching?</a><br />
64 <a href="#f2_160" class="normal">
65 2.20 Is it possible to block private messages?</a><br />
66 <a href="#f2_170" class="normal">
67 2.21 Is it possible to block channel messages?</a><br />
68 <a href="#f2_180" class="normal">
69 2.22 Is it possible to block invites?</a><br />
70 <a href="#f2_190" class="normal">
71 2.23 Does SILC support multimedia messages, like video/audio streaming?</a><br />
72 <a href="#f2_200" class="normal">
73 2.24 Is it possible to send picture/image messages?</a><br />
74 <a href="#f2_205" class="normal">
75 2.25 What kind of presence modes SILC support?</a><br />
76 <a href="#f2_210" class="normal">
77 2.26 Does SILC support anonymity?</a><br />
78 <a href="#f2_220" class="normal">
79 2.27 Does SILC support services?</a><br />
80 <a href="#f2_230" class="normal">
81 2.28 I have suggestions to SILC Protocol, what can I do?</a>
84 <a href="#f3_0" class="normal">3. Client Questions</a><br />
85 <a href="#f3_10" class="normal">
86 3.1 Where can I find SILC clients?</a><br />
87 <a href="#f3_20" class="normal">
88 3.2 Can I use SILC with IRC client and vice versa?</a><br />
89 <a href="#f3_25" class="normal">
90 3.3 The default theme sucks, where can I find a better one?</a><br />
91 <a href="#f3_30" class="normal">
92 3.4 How do I send a private message?</a><br />
93 <a href="#f3_40" class="normal">
94 3.5 How do I negotiate secret key with another user?</a><br />
95 <a href="#f3_50" class="normal">
96 3.6 How do I negotiate secret keys behind a NAT?</a><br />
97 <a href="#f3_60" class="normal">
98 3.7 How do I change channel modes?</a><br />
99 <a href="#f3_70" class="normal">
100 3.8 What does the founder mode on channel mean, and how do I set it?</a><br />
101 <a href="#f3_80" class="normal">
102 3.9 I am founder of invite only channel, how can I join the channel after I have left it?</a><br />
103 <a href="#f3_90" class="normal">
104 3.10 How can I op or deop somebody on channel?</a><br />
105 <a href="#f3_100" class="normal">
106 3.11 How do I set private key for channel, and what does that mean exactly?</a><br />
107 <a href="#f3_110" class="normal">
108 3.12 How do I transfer a file?</a><br />
109 <a href="#f3_120" class="normal">
110 3.13 How can I get other users public keys?</a><br />
111 <a href="#f3_130" class="normal">
112 3.14 How can I see the fingerprint of my public key?</a><br />
113 <a href="#f3_140" class="normal">
114 3.15 I gave WHOIS to a nick, and it returned multiple replies, why?</a><br />
115 <a href="#f3_150" class="normal">
116 3.16 Is there a command to see all linked servers?</a><br />
117 <a href="#f3_160" class="normal">
118 3.17 How do I list the users of a channel?</a><br />
119 <a href="#f3_170" class="normal">
120 3.18 What is the difference between OPER and SILCOPER commands?</a><br />
121 <a href="#f3_180" class="normal">
122 3.19 My Cygwin client crashes with message "Couldn't create //.silc directory"</a><br />
123 <a href="#f3_190" class="normal">
124 3.20 Why /join #silc and /join silc doesn't join the same channel?</a><br />
125 <a href="#f3_200" class="normal">
126 3.21 How do I detach my session from the server?</a>
129 <a href="#f4_0" class="normal">4. Server Questions</a><br />
130 <a href="#f4_10" class="normal">
131 4.1 Where can I find SILC servers?</a><br />
132 <a href="#f4_20" class="normal">
133 4.2 Can I run my own SILC server?</a><br />
134 <a href="#f4_30" class="normal">
135 4.3 What is the difference between SILC server and SILC router?</a><br />
136 <a href="#f4_40" class="normal">
137 4.4 Why server says permission denied to write to a log file?</a><br />
138 <a href="#f4_50" class="normal">
139 4.5 When I connect to to my server, it says "server does not support one of your proposed cipher", what is wrong?</a><br />
140 <a href="#f4_60" class="normal">
141 4.6 Why SILC server runs on privileged port 706?</a><br />
142 <a href="#f4_70" class="normal">
143 4.7 I see [Unknown] in the log file, what does it mean?</a><br />
144 <a href="#f4_80" class="normal">
145 4.8 How can I generate a new server key pair?</a>
148 <a href="#f5_0" class="normal">5. Toolkit Questions</a><br />
149 <a href="#f5_10" class="normal">
150 5.1 What is SILC Toolkit?</a><br />
151 <a href="#f5_20" class="normal">
152 5.2 Is the SILC Toolkit Reference Manual Available?</a><br />
153 <a href="#f5_30" class="normal">
154 5.3 How do I compile the Toolkit on Unix?</a><br />
155 <a href="#f5_40" class="normal">
156 5.4 How do I compile the Toolkit on Win32?</a><br />
157 <a href="#f5_50" class="normal">
158 5.5 Does the Toolkit package include any sample code?</a><br />
163 <b>1. General Questions</b><br /> <br />
166 <samp class="highlight">Q: What is SILC?</samp><br />
167 A: SILC (Secure Internet Live Conferencing) is a protocol which provides
168 secure conferencing services in the Internet over insecure channel. SILC
169 is IRC like although internally they are very different. Biggest
170 similarity between SILC and IRC is that they both provide conferencing
171 services and that SILC has almost same commands as IRC. Other than that
172 they are nothing alike.
174 Biggest differences are that SILC is secure what IRC is not in any way.
175 The network model is also entirely different compared to IRC.
179 <samp class="highlight">Q: When was SILC Project started?</samp><br />
180 A: The SILC development started in 1996 and early 1997. But, for various
181 reasons it suspended many times until it finally got some wind under its
182 wings in 1999. First public release was in summer 2000.
186 <samp class="highlight">Q: Why SILC in the first place?</samp><br />
187 A: Simply for fun, nothing more. And actually for need back in the days
188 when it was started. When SILC was first developed there really did not
189 exist anything like this. SILC has been very interesting and educational
194 <samp class="highlight">Q: What license covers the SILC release?</samp><br />
195 A: The SILC software developed here at silcnet.org, the SILC Client, the
196 SILC Server and the SILC Toolkit are covered by the GNU General Public
201 <samp class="highlight">Q: Why SILC? Why not IRC3?</samp><br />
202 A: Question that is justified no doubt of that. SILC was not started to
203 become a replacement for IRC. SILC was something that didn't exist in 1996
204 or even today except that SILC is now released. However, I did check out
205 the IRC3 project in 1997 when I started coding and planning the SILC protocol.
207 But, IRC3 is problematic. Why? Because it still doesn't exist. The
208 project is almost at the same spot where it was in 1997 when I checked it
209 out. And it was old project back then as well. That's the problem of IRC3
210 project. The same almost happened to SILC as well as I wasn't making real
211 progress over the years. I talked to the original author of IRC, Jarkko
212 Oikarinen, in 1997 and he directed me to the IRC3 project, although he
213 said that IRC3 is a lot of talking and not that much of anything else. I
214 am not trying to put down the IRC3 project but its problem is that no one
215 in the project is able to make a decision what is the best way to go about
216 making the IRC3 and I wasn't going to be part of that. The fact is that
217 if I would've gone to IRC3 project, nor IRC3 or SILC would exist today. I
218 think IRC3 could be something really great if they just would get their
219 act together and start coding the thing.
223 <samp class="highlight">Q: What platforms SILC supports?</samp><br />
224 A: The SILC Client is available on various Unix systems and is reported to
225 work under cygwin on Windows. The SILC Server also works on various Unix
226 systems. However, the server has not been tested under cygwin as far as we
227 know. The SILC Toolkit is distributed for all platforms, Unix, Cygwin
232 <samp class="highlight">Q: How do you pronounce SILC?</samp><br />
233 A: SILC is usually pronounced as `silk', but you are free to pronounce
238 <samp class="highlight">Q: Where can I find more information?</samp><br />
239 A: For more technical information we suggest reading the SILC Protocol
240 specifications. You might also want to take a look at the <a
241 href="?page=docs" class="normal">documentation </a> page on the web page.
245 <samp class="highlight">Q: I would like to help out, what can I do?</samp><br />
246 A: You might want to take a look at the <a
247 href="?page=contribute" class="normal">Contributing</a> page and the <a
248 href="?page=todo" class="normal">TODO</a> list. You might also want to join the
249 SILC development mailing list.
253 <a name="f2_0"></a><br />
254 <b>2. Protocol Questions</b><br /> <br />
257 <samp class="highlight">Q: What is the status of SILC protocol in the IETF?</samp><br />
258 A: The SILC protocol specifications has been submitted currently as
259 individual submissions. There does not currently exist a working group
260 for this sort of project. Our goal is to fully standardize the SILC and
261 thus submit it as RFC to the <a href="http://www.ietf.org/" class="normal">
262 IETF</a> at a later time. This can happen only after we have requested
263 the IETF to accept SILC as RFC. As of today, we have not yet even requested
264 this from the IETF. We want to let the protocol mature a bit more.
268 <samp class="highlight">Q: How much SILC Protocol is based on IRC?</samp><br />
269 A: SILC is not based on IRC. The client superficially resembles IRC
270 client but everything that happens under the hood is nothing alike IRC.
271 SILC could *never* support IRC because the entire network toppology is
272 different (hopefully more scalable and powerful). So no, SILC protocol
273 (client or server) is not based on IRC. Instead, We've taken good things
274 from IRC and left all the bad things behind and not even tried to burden
275 the SILC with the IRCs problems that will burden IRC and future IRC
276 projects till the end. SILC client resembles IRC client because it is
277 easier for new users to start using SILC when they already know all the
282 <samp class="highlight">Q: Why use SILC? Why not IRC with SSL?</samp><br />
283 A: Sure, that is possible, although, does that secure the entire IRC
284 network? And does that increase or decrease the lags and splits in the
285 IRC network? Does that provide user based security where some specific
286 private message are secured? Does that provide security where some
287 specific channel messages are secured? And I know, you can answer yes to
288 some of these questions. But, security is not just about applying
289 encryption to traffic and SILC is not just about `encrypting the
290 traffic`. You cannot make insecure protocol suddenly secure just by
291 encrypting the traffic. SILC is not meant to be IRC replacement. IRC is
292 good for some things, SILC is good for same and some other things.
296 <samp class="highlight">Q: Can I talk from SILC network to IRC network?</samp><br />
297 A: Simple answer for this is No. The protocols are not compatible which
298 makes it impossible to directly talk from SILC network to IRC network or
299 vice versa. Developing a gateway between these two networks would
300 technically be possible but from security point of view strongly not
301 recommended. We have no plans for developing such a gateway.
305 <samp class="highlight">Q: Does SILC support file transfer?</samp><br />
306 A: Yes. The SILC protocol support SFTP as mandatory file transfer
307 protocol. It provides simple client to client file transfer, but also
308 a possibility for file and directory manipulation. Even though the SFTP
309 is the file transfer protocol the support for file transferring has been
310 done so that practically any file transfer protocol may be used with SILC
315 <samp class="highlight">Q: Does SILC support DCC or alike?</samp><br />
316 A: SILC does not support the DCC commonly used in IRC. It does not need
317 it since it has builtin support for same features that DCC have. You can
318 transfer files securely and encrypted directly with another client. You
319 can also negotiate secret key material with another client directly to
320 use it in private message encryption. The private messages are not,
321 however sent directly between clients. The protocol, on the other hand
322 does not prohibit sending messages directly between clients if the
323 implementation would support it. The current SILC Client implementation
324 does not support it. This means that private messages travel through the
325 SILC Network. SILC protocol also has a capability to support DCC
326 and CTCP like protocols with SILC. None of them, however have not been
327 defined to be used with SILC at the present time.
331 <samp class="highlight">Q: I am behind a firewall, can I use SILC?</samp><br />
332 A: Yes. If your network administrator can open the remote port 706 (TCP) you
333 can use SILC without problems. You may also compile your SILC client with
334 SOCKS support which will proxy your SILC session through the firewall.
338 <samp class="highlight">Q: How secure SILC really is?</samp><br />
339 A: We have tried to make SILC as secure as possible. However, there is
340 no security protocol or security software that has not been vulnerable to
341 some sort of attacks. SILC is in no means different from this. So, it is
342 suspected that there are security holes in the SILC. These holes just need
343 to be found so that they can be fixed. SILC's security features has been
344 developed from attacker's point of view, and we've tried to find all the
345 possible attacks and guard the protocol against them.
347 But to give you some parameters of security SILC uses the most secure
348 crytographic algorithms such as AES (Rijndael), Twofish, Blowfish, RC5,
349 etc. SILC does not have DES or 3DES as DES is insecure and 3DES is just
350 too slow. SILC also uses cryptographically strong random number generator
351 when it needs random numbers. Public key cryptography uses RSA (PKCS #1)
352 and Diffie-Hellman algorithms. Key lengths for ciphers are initially set
353 to 256. For public key algorithms the starting key length is 1024 bits.
355 But the best answer for this question is that SILC is as secure as its
356 weakest link. SILC is open and the protocol is open and in public thus
357 open for security analysis.
359 To give a list of attacks that are ineffective against SILC:
361 - Man-in-the-middle attacks are ineffective if proper public key
362 infrastructure is used, and if all public keys are always verified.<br />
363 - IP spoofing is ineffective (because of encryption and trusted keys).<br />
364 - Attacks that change the contents of the data or add extra data to the
365 packets are ineffective (because of encryption and integrity checks).<br />
366 - Passive attacks (listenning network traffic) are ineffective (because
367 of encryption). Everything is encrypted including authentication data
368 such as passwords when they are needed.<br />
369 - Any sort of cryptanalytic attacks are tried to make ineffective by
370 using the best cryptographic algorithms out there, and by designing the
371 protocol to guard against them.
375 <samp class="highlight">Q: Does SILC support instant messaging?</samp><br />
376 A: Officially SILC is not an instant message (IM) system as people usually
377 understands it. However, SILC supports many of the features that are
378 found in traditional IM systems. SILC can be implemented in either
379 IRC-style or IM-style system. Features that are usually found only in IM
380 systems, such as multiple presence settings, persistent sessions etc. are
385 <samp class="highlight">Q: Why SILC does not have LINKS command like in
387 A: It was felt that this information as an own command in SILC is not
388 necessary. Moreover, the topology of the network might be undisclosed
389 information even though the servers and routers in the network are still
390 open. We feel that the network topology information, if it is wanted to be
391 public, and the list of accessible servers can be made available in other
392 ways than providing command like LINKS, which shows the active server
397 <samp class="highlight">Q: What does the session detaching/resuming
399 A: The new SILC protocol supports a feature called session detachment.
400 This means that client can detach from the server by giving a DETACH
401 command, but still remain as valid user in the network. The connection is
402 lost to the server but the user remains in the network. User can then
403 resume the session back next time it connects a server in the network, and
404 be like he was never gone.
406 This feature clearly could be used in many cases. For example, if you
407 want to upgrade your current SILC client, you do not have to quit the
408 network anymore. You just give DETACH command and still remain in the
409 network. Then you upgrade your client and reconnect to the server and
410 continue business as is. If somebody gives WHOIS command to your nickname
411 he will see that you are detached. Messages that are sent to you when you
412 are detached are dropped by the server. Nice thing about this feature is
413 also that you can resume the session from any server in the network; you
414 do not have to reconnect to the same server you originally were connected
419 <samp class="highlight">Q: Is anyone outside a channel able to see the channel
420 messages?</samp><br />
421 A: A short answer is simply No. A longer answer involves assumptions
422 about security conditions. Initially channel keys are generated by the
423 server, so if the server would get compromised it would be possible for
424 an adversary to see the messages. However, users on the channel can
425 prevent this even if the server would be compromised. It is possible to
426 set so called channel private key that only the users on the channel
427 know about. The servers does not know about the key, and therefore cannot
428 see the messages even if they would be compromised. So, longer answer
429 results into same as the short one; No.
433 <samp class="highlight">Q: How can I register my channel in SILC?</samp><br />
434 A: There is not a channel registering service in SILC. However, SILC does
435 support permanent channels. When you join a non-existing channel for the
436 first time you will become the founder of the channel. You can then set a
437 special founder mode on the channel which makes the channel permanent.
438 When the last user leaves the channel when this mode is set, the channel
439 will not be destroyed. If the founder mode is not set, then empty
440 channels will be destroyed automatically. When the founder mode is set
441 and you leave the channel you can also reclaim the founder rights back on
442 the channel next time you join it. (see also
443 <a href="#f3_70" class="normal">
444 Q: What does the founder mode on channel mean, and how do I set it?</a> and
445 <a href="#f3_80" class="normal">
446 Q: I am founder of invite only channel, how can I join the channel after
447 I have left it?</a>). You can call this channel registering if you want.
450 <a name="f2_100"></a>
451 <samp class="highlight">Q: Is it true that all messages are encrypted in SILC?</samp><br />
452 A: Most definitely yes. The SILC protocol makes it impossible to send
453 unencrypted messages or packets to the SILC network. All messages are
454 always encrypted, either using session keys, or other secret keys such as
455 channel keys or private message keys.
458 <a name="f2_110"></a>
459 <samp class="highlight">Q: Can server or SILC operator gain operator mode on a channel?</samp><br />
460 A: They cannot get operator status, founder status, join invite only channels,
461 escape active bans, escape user limits or anything alike, without explicitly
462 being allowed. Only way to get channel operator status is that someone
463 ops him. Server and SILC operators in the network are normal users with
464 the extra privileges of being able to adminstrate their server. They cannot
465 do anything more than a normal user.
468 <a name="f2_120"></a>
469 <samp class="highlight">Q: Channel name doesn't have #-character or does it?</samp><br />
470 A: The #-character is not mandatory part of channel name, like it is in
471 IRC. This means that giving the command /JOIN #silc and /JOIN silc
472 will join to different channels. This is intentional since the
473 #-character clearly is IRC feature and has nothing to do with SILC. If
474 you want it to have the character then just join to the channel with
475 #-character in the name.
478 <a name="f2_130"></a>
479 <samp class="highlight">Q: Does SILC support moderated channels?</samp><br />
480 A: Yes. Channel founder can moderate both normal users and channel
481 operators so that they cannot talk on the channel. It is also possible to
482 queit one specific user on the channel if needed.
485 <a name="f2_140"></a>
486 <samp class="highlight">Q: What does the "watching" mean?</samp><br />
487 A: You can set a "watch" list for yourself in the server. This means that
488 you can watch for certain nicknames in the network. For example, if you
489 add a nickname "foo" to the watch list you will be notified when the foo
490 logins to the network, leaves the network, changes its user mode or
491 changes its nickname. This way you can watch for example when does you
492 friend login to the network.
495 <a name="f2_150"></a>
496 <samp class="highlight">Q: Is it possible to reject watching?</samp><br />
497 A: Yes. Since it is clear that not everyone wants to be spied on you can
498 set a mode for yourself which rejects watching you. Even if someone is
499 watching the nickname you have, your logins, logoffs, mode changes or
500 nickname changes will not be notified to the watcher.
503 <a name="f2_160"></a>
504 <samp class="highlight">Q: Is it possible to block private
505 messages?</samp><br />
506 A: Yes. You can block incoming private messages by setting a mode that
507 prevents unwanted private messages. Only the private messages that are
508 secured with a private message key are delivered to you. This implies
509 that you have negotiated the private key with the sender of the message,
510 and therefore want to receive messages from that user. Other private
511 messages that are secured with normal session keys are dropped when the
515 <a name="f2_170"></a>
516 <samp class="highlight">Q: Is it possible to block channel
517 messages?</samp><br />
518 A: Yes it is. By setting a mode that accomplishes this you can prevent
519 the server of sending any channel messages to you. There is also a mode
520 that allows blocking channel messages from normal users. This means that
521 you will receive channel messages only when it is sent by channel operator
522 or channel founder. It is also possible to block channel messages sent by
523 robots. A user on the channel can have a robot mode set (which means that
524 the user is actually a robot program), and messages sent from that user
525 can be blocked with the mode.
528 <a name="f2_180"></a>
529 <samp class="highlight">Q: Is it possible to block invites?</samp><br />
530 A: It sure is. You can set a mode that prevents the server of sending
531 invite notifications to you. This can for example prevent invite
532 flooding. The downside is that it may make joining to a invite only
533 channels a bit harder.
536 <a name="f2_190"></a>
537 <samp class="highlight">Q: Does SILC support multimedia messages, like
538 video/audio streaming?</samp><br />
539 A: Yes it does. The new version of the protocol supports sending of MIME
540 objects as messages. Since MIME objects can easily represent any kind of
541 data, such as video stream, audio stream, images, etc. it is easy to send
542 these multimedia messages in SILC. It also makes video conferencing
543 possible with SILC. It can work by sending the stream(s) to a channel and
544 everybody who joins the channel can receive the stream. This feature in
545 the protocol surely makes possible many kind of multimedia applications in
549 <a name="f2_200"></a>
550 <samp class="highlight">Q: Is it possible to send picture/image messages?
552 A: Yes. Since it is possible to send any kind of MIME object as a message
553 it is also possible to send pictures and images as messages. It would be
554 possible to for example send a hand/mouse written messages.
557 <a name="f2_205"></a>
558 <samp class="highlight">Q: What kind of presence modes SILC
559 support?</samp><br />
560 A: By presence we mean indication of presence in the network, and SILC
561 supports several different kinds of presence modes. They can be changed
562 with the UMODE command which changes your user mode in the network.
563 Currently there is the following modes for presence: GONE (I'm away),
564 INDISPOSED (I cannot be here), BUSY (I'm busy, don't bother me), PAGE
565 (page me if you want to talk), and HYPER (I'm hyper active, talk to me).
566 When mode is not set it means you are present in the network. There are
567 many other user modes as well, but they are not directly related to
571 <a name="f2_210"></a>
572 <samp class="highlight">Q: Does SILC support anonymity?</samp><br />
573 A: The protocol has a user mode which indicates that user is anonymous
574 user. The user cannot set or unset the mode itself, but a server which
575 provides these anonymous chatting services can set the mode for the user
576 that connects to the server. User that has the mode set has their
577 username and hostname information scrambled. There are other ways of
578 making anonymity in SILC but they all are implementational methods, and
579 protocol does not handle those methods.
582 <a name="f2_220"></a>
583 <samp class="highlight">Q: Does SILC support services?</samp><br />
584 A: Yes it does. There is command called SERVICE which can be used by
585 clients and servers to negotiate a service agreement with a remote server.
586 The protocol does not however define any services currently.
589 <a name="f2_230"></a>
590 <samp class="highlight">Q: I have suggestions to SILC Protocol, what can I do?</samp><br />
591 A: All suggestions and improvements are of course welcome. You should read
592 the protocol specifications first to check out whether your idea is
593 covered by them already. The best place to make your idea public is the
594 SILC development mailing list. You might want to checkout the TODO list
595 from the CVS as well.
599 <a name="f3_0"></a><br />
600 <b>3. Client Questions</b><br /> <br />
603 <samp class="highlight">Q: Where can I find SILC clients?</samp><br />
604 A: The official SILC client is available for free download from the
605 silcnet.org web page. There is also several independent projects working
606 with the SILC Toolkit to come up with various other clients.
607 <a href="http://bombyx.sourceforge.net" class="normal">Bombyx</a> is a
608 cross-platform GUI client written with FLTK. <a
609 href="http://milc.sourceforge.net" class="normal">Milc</a>
610 is also a cross-platform GUI client written with WxWindows. See also
611 our <a href="?page=links" class="normal">links page</a> for links to other
616 <samp class="highlight">Q: Can I use SILC with IRC client and vice versa?</samp><br />
617 A: Generally the answer would be no for both. However, there exist already
618 at least one IRC client that supports SILC, the <a href="http://irssi.org/"
619 class="normal">Irssi client</a>. The current SILC client is actually based
620 on the user interface of the Irssi client. So, yes it is possible to use
621 SILC with some IRC clients and vice versa. You can use SILC plug-in in Irssi
622 and have support for both protocols in one client. But, this does not mean
623 that you can talk from SILC network to IRC network, that is not possible.
627 <samp class="highlight">Q: The default theme sucks, where can I find a better one?</samp><br />
628 A: The Irssi SILC client's theme files are almost 100% compatible with
629 the original Irssi IRC client's themes. You can get those theme files
630 from the <a href="http://irssi.org/" class="normal">Irssi project website</a>.
631 You can also try to make a better theme by yourself.
635 <samp class="highlight">Q: How do I send a private message?</samp><br />
636 A: Sending private message is done by using the MSG command. For example,
637 command: <samp class="highlight">/MSG john hello</samp>, will send a
638 `hello' message to a nickname `john'. By default private messages are
639 secured with session keys, and the message is re-encrypted by the servers
640 when the message travels to the receiver. If you would like to secure the
641 private messages with a private key, you can negotiate a secret key with the
642 receiver. Always remember to give WHOIS command before sending a private
643 message to assure that you are sending the message to correct person.
647 <samp class="highlight">Q: How do I negotiate secret key with another user?</samp><br />
648 A: It is important to negotiate secret keys if you cannot trust the servers
649 and the network you are using. By negotiating a key with the user you
650 want to talk to assures that no one except you and your friend is able
651 to encrypt and decrypt the messages. The secret key negotiation is done with
652 the KEY command. Here is an example of how to negotiate keys for securing
655 By giving command: <samp class="highlight">/KEY MSG john agreement
656 192.168.2.100</samp>, you will send a key negotiation request to a nickname
657 `john'. The 192.168.2.100 IP address would be your machine's IP address.
658 You can also define an port to the KEY command after the IP address. If
659 you do not do that the operating system will bind to a port of its choosing.
660 John will receive a notification on the screen that you would like to
661 negotiate secret keys with him, and he will receive the IP address and port
662 where you are listenning for the negotiation. When he gives command:
663 <samp class="highlight">/KEY MSG You negotiate 192.168.2.100 31382</samp>,
664 the key negotiation is started. During the key negotiation you will be
665 prompted on the screen to verify and accept John's public key if you do not
666 have his public key already. The John will be prompted to accept your
667 public key as well. After the key negotiation is over all private messages
668 sent between you and John are secured with the negotiated secret key.
669 Note that you must verify the public key you are prompted for, and this is
670 very important since someone could be doing man-in-the-middle attack.
674 <samp class="highlight">Q: How do I negotiate secret keys behind a NAT?</samp><br />
675 A: If only you are behind a NAT, or firewall then key negotiation works,
676 but if both you and your friend are behind a NAT then key negotiation will
677 not work, since it is done peer to peer. If you are behind a NAT then you
678 obviously cannot receive key negotiations, and cannot bind to any IP address
679 and port. However, you can still use KEY command to negotiate the keys.
681 By giving command: <samp class="highlight">/KEY MSG john agreement</samp>,
682 without any other arguments (such as IP address and port) you will send
683 a negotiation request to John, but do not provide an address and port for
684 the John to connect to. When John receives the notification on the screen
685 that you would like to perform key negotiation, he can give command:
686 <samp class="highlight">/KEY MSG You agreement 172.16.100.78</samp>, which
687 will send key negotiation request back to you. You will receive the IP
688 address and port where you need to connect in order to perform the negotiation.
689 After receiving the notification you can give command: <samp class="highlight">
690 /KEY MSG john negotiate 172.16.100.78 31181</samp>, which will start the
691 key negotiation with John. This way you can negotiate the keys if you are
696 <samp class="highlight">Q: How do I change channel modes?</samp><br />
697 A: The command to manage channel modes is CMODE. With this command you
698 can change the channel status (to change it to secret channel for example),
699 set user limit on the channel, passphrase for the channel, set the channel
700 to use private keys on channel, and set the founder mode.
704 <samp class="highlight">Q: What does the founder mode on channel mean, and how do I set it?</samp><br />
705 A: Who ever creates the channel by being the first user to join the channel
706 becomes automatically the founder of the channel. Founder has some extra
707 privileges on the channel. For example, it is not possible to kick the
708 founder off the channel, and there are some channel modes that only the
709 founder of the channel can change. If the creator of the channel wishes
710 to preserve the channel founder mode even if he leave the channel he
711 can set the founder mode for the channel.
713 The mode is set by giving command: <samp class="highlight">/CMODE #channel
714 +f</samp>. This will set the founder mode and will use the public
715 key of the founder as authenticator when the user is reclaiming the mode
716 back. If the founder leaves the channel he will be able to get the founder
717 mode back by using JOIN or CUMODE commmands. Giving command
718 <samp class="highlight">/JOIN #channel -founder</samp>,
719 will get the founder mode back at the same time he joins the channel, or
720 giving commmand <samp class="highlight">/CUMODE #channel +f yournick</samp>,
721 will also give the founder mode back on the channel after he has joined
724 The founder mode also means that the channel becomes permanent when it is
725 set. This means that when the last client leaves the channel the channel
726 is not destroyed when the founder mode is set. Next time someone joins
727 the channel he will not become the founder of the channel if the channel
728 already existed (but were empty). If the founder mode is not set when
729 last user leaves the channel, the channel will be destroyed. When you set
730 the mode for the channel and leave the channel you can reclaim the founder
731 rights to yourself back at any time when you rejoin the channel.
735 <samp class="highlight">Q: I am founder of invite only channel, how can I join the channel after I have left it?</samp><br />
736 A: Founder can override the invite only status by reclaiming the founder
737 status on the channel using the JOIN command. The channel must have the
738 founder mode set in order for it to work. Reclaiming founder status using
739 JOIN command is important also if the channel has user limit set, and has
740 active bans. Founder can override these conditions as well. However,
741 founder cannot override the passphrase of the channel if it is set. To
742 get the founder mode during JOIN and to override the invite only condition,
743 give command: <samp class="highlight">/JOIN #channel -founder</samp>.
744 This will join the channel and attempt to reclaim the founder status back
749 <samp class="highlight">Q: How can I op or deop somebody on channel?</samp><br />
750 A: Giving operator status, or removing the operator status on a channel
751 requires you to have at least operator status, or founder status on the
752 channel. You can give operator status to another user by using CUMODE
753 command. To give ops give the command: <samp class="highlight">/CUMODE
754 #channel +o john</samp>, and to remove ops give command:
755 <samp class="highlight">/CUMODE #channel -o john</samp>. To indicate
756 current channel you can also use `*' character in #channel's stead.
759 <a name="f3_100"></a>
760 <samp class="highlight">Q: How do I set private key for channel, and what does that mean exactly?</samp><br />
761 A: Setting private key for channel requires first to set the private key mode
762 for the channel. You need to be the founder of the channel to be able to
763 do this. Give the command: <samp class="highlight">/CMODE #channel +k</samp>.
764 After this mode is set the old channel key will not be used to encrypt and
765 decrypt channel messages. To set the key for the channel use the KEY command.
766 Every user on the channel must do the same thing and set the same key.
767 If some user on the channel does not set the key (or does not know the key)
768 he won't be able to see any messages on the channel. Give the command:
769 <samp class="highlight">/KEY CHANNEL #channel set verysecretkey</samp>.
770 This command will set the `verysecretkey' passphrase as key to #channel.
771 How exactly other users will know this key is out of scope of the SILC
772 protocol. SILC does not provide yet a possibility of negotiating secret key
773 with many users at the same time. For this reason the secret key on the
774 channel is usually a passphrase or a password that all users on the channel
775 have to know. Setting a private key for channel means that only the users
776 on the channel who know the key is able to encrypt and decrypt messages.
777 Servers do not know the key at all. If you remove the private key mode
778 from the channel, all users will start automatically using a new channel
779 key to secure channel messages.
782 <a name="f3_110"></a>
783 <samp class="highlight">Q: How do I transfer a file?</samp><br />
784 A: You can transfer files securely using the FILE command. This command
785 will automatically negotiate secret key with the remote user and the
786 file transfer stream is secured using that key. The file transfer
787 stream is always sent peer to peer. If you would like to send a file
788 to another user you can give command: <samp class="highlight">/FILE
789 SEND path/to/the/file john</samp>. This command sends, or actually
790 makes the `path/to/the/file' available for download for the user `john'.
791 The John will decide whether he wants to actually download the file.
792 When John gives the command: <samp class="highlight">/FILE RECEIVE</samp>,
793 the key negotiation is started. You and John will be prompted to verify
794 and accept each other's public key if you do not have it cached already.
795 After key negotiation is over the file transfer process starts.
796 If you want to cancel the file transfer session, or if John wants to
797 reject the file transfer request, giving the command: <samp class="highlight">
798 /FILE CLOSE</samp> will close the session.
801 <a name="f3_120"></a>
802 <samp class="highlight">Q: How can I get other users public keys?</samp><br />
803 A: You can get a user's public key using the GETKEY command. This command
804 will fetch the user's public key from the server where the user has connected
805 to. The server has verified that the user posesses the corresponding private
806 key, however, you will be prompted to verify and accept the public key.
807 All client public keys are saved in your local key directory in
808 ~/.silc/clientkeys/. You can also receive clients public keys during
809 key negotiation and file transfers. The GETKEY command can be used to fetch
810 a server's public key as well. Those keys are saved in ~/.silc/serverkeys/
814 <a name="f3_130"></a>
815 <samp class="highlight">Q: How can I see the fingerprint of my public key?</samp><br />
816 A: You can check out your own fingerprint by giving just WHOIS command without
817 any arguments. Additionally you can also dump the contents of the key file
818 using the silc program and giving -S option to it. Your own public key is
819 always saved in ~/.silc/public_key.pub file. To dump your key run silc as:
820 <samp class="highlight">silc -S .silc/public_key.pub</samp>. The same way
821 you can dump the contents of any public key inside ~/.silc/clientkeys/ and
822 ~/.silc/serverkeys/ directories. The WHOIS command will also show other
823 users public key fingerprints.
826 <a name="f3_140"></a>
827 <samp class="highlight">Q: I gave WHOIS to a nick, and it returned multiple replies, why?</samp><br />
828 A: This will happen if there are several same nicknames in the network at
829 the same time. As you may already know nicknames are not unique in SILC
830 network. This means there can be multiple same nicknames. This also means
831 that you can always have the nickname you want. If WHOIS returns multiple
832 replies, you can distinguish the users by their realname, username,
833 hostname and ultimately by the fingerprint of their public key, which the
834 WHOIS will also show. You will also notice an additional nickname inside a
835 parenthesis. It may show for example: <samp class="highlight">nickname: John
836 (John@otaku)</samp>. The real nickname is `John', but since there are
837 many John's in the network you can access this one using `John@otaku'.
838 So, if you were to send private message to this particular John you can do
839 it by giving command: <samp class="highlight">/MSG John@otaku hello</samp>.
840 This will send `hello' message to the John@otaku.
843 <a name="f3_150"></a>
844 <samp class="highlight">Q: Is there a command to see all linked servers?</samp><br />
845 A: No there is not. For longer answer see also <a href="#f2_70"
846 class="normal">this FAQ</a>.
849 <a name="f3_160"></a>
850 <samp class="highlight">Q: How do I list the users of a channel?</samp><br />
851 A: The command to list all users on a particular channel is USERS. It is
852 also aliased to WHO command in Irssi SILC Client. To see the users of the
853 current channel give the command: <samp class="highlight">/USERS *</samp>.
854 You can replace the `*' with the channel name of your choosing. If the
855 channel is private or secret channel, and you have not joined the channel,
856 you cannot list the users of that channel.
859 <a name="f3_170"></a>
860 <samp class="highlight">Q: What is the difference between OPER and SILCOPER commands?</samp><br />
861 A: The OPER command is used to gain server operator privileges on normal
862 SILC server, while SILCOPER is used to gain router operator (also known as
863 SILC operator) privileges on router server. You cannot use SILCOPER command
864 on normal SILC server, it works only on router server.
867 <a name="f3_180"></a>
868 <samp class="highlight">Q: My Cygwin client crashes with message "Couldn't create //.silc directory"</samp><br />
869 A: A solutions should be setting HOME enviroment variable to the directory where you
870 have unpacked your SILC Client. Type to your command prompt something like: <br />
871 <tt class="normal">c:\>set HOME=c:\silc</tt>
874 <a name="f3_190"></a>
875 <samp class="highlight">Q: Why /join #silc and /join silc doesn't join the same channel?</samp><br />
876 A: The #-character is not mandatory part of channel name in SILC. So
877 #silc and silc are two different channels. The #-character in channel
878 name is IRC feature and has nothing to do with SILC. If you have
879 #-character in the channel name, then it is part of the channel name, just
880 like %-character, or &-character could be part of channel name.
883 <a name="f3_200"></a>
884 <samp class="highlight">Q: How do I detach my session from the
886 A: You can detach your session by simply giving DETACH command. Your
887 connection to the server will be closed automatically. Next time you
888 connect any server in the network your session will be automatically
889 resumed. If there is an error during session resuming your connection
890 will be closed and you need to reconnect to the server. In this case the
891 old sessionn cannot be resumed anymore.
895 <a name="f4_0"></a><br />
896 <b>4. Server Questions</b><br /> <br />
899 <samp class="highlight">Q: Where can I find SILC servers?</samp><br />
900 A: The SILC server is available for free download from the silcnet.org
901 web page. We are not aware of any other SILC server implementations, so far.
905 <samp class="highlight">Q: Can I run my own SILC server?</samp><br />
906 A: Yes of course. Download the SILC server package, compile and install
907 it. Be sure to check out the installation instructions and the README
908 file. You also should decide whether you want to run SILC server or SILC
913 <samp class="highlight">Q: What is the difference between SILC
914 server and SILC router?</samp><br />
915 A: The topology of the SILC network includes SILC routers and the SILC
916 servers (and SILC clients of course). Normal SILC server does not have
917 direct connections with other SILC servers. They connect directly to the
918 SILC router. SILC Routers may have several server connections and they
919 may connect to several SILC routers. The SILC routers are the servers in
920 the network that know everything about everything. The SILC servers know
921 only local information and query global information from the router when
924 If you are running SILC server you want to run it as router only if you
925 want to have server connections in it and are prepared to accept server
926 connections. You also need to get the router connected to some other
927 router to be able to join the SILC network. You may run the server as
928 normal SILC server if you do not want to accept other server connections
929 or cannot run it as router.
933 <samp class="highlight">Q: Why server says permission denied to write to a
934 log file?</samp><br />
935 A: The owner of the log files must be same user that the server is run
936 under, by default it is user `nobody'. Just change the permissions and
941 <samp class="highlight">Q: When I connect to my server it says "server does
942 not support one of your proposed ciphers", what is wrong?</samp><br />
943 A: Most likely the ciphers and others has not been compiled as SIMs
944 (modules) and they are configured as modules in the silcd.conf. If they
945 are not compiled as modules remove the module paths from the ciphers and
946 hash functions from the silcd.conf, so that the server use the builtin
947 ciphers. Then try connecting to the server again. It is also possible
948 that the client IS proposing some ciphers that your server does not support.
952 <samp class="highlight">Q: Why SILC server runs on privileged port 706?</samp><br />
953 A: Ports 706/tcp and 706/udp have been assigned for the SILC protocol by
954 <a href="http://www.iana.org" class="normal">IANA</a>. Server on the network
955 listening above privileged ports (>1023) SHOULD NOT be trusted as it could
956 have been set up by untrusted party. The server normally drops root privileges
957 after startup and then run as user previously defined in silcd.conf.
961 <samp class="highlight">Q: I see [Unknown] in the log file, what does it mean?</samp><br />
962 A: You can see in the log file for example: <samp class="highlight">
963 [Info] Closing connection 192.168.78.139:3214 [Unknown]</samp>. The [Unknown]
964 means that the connection was not authenticated yet, and it is not known
965 whether the connection was a client, server or router. There will appear
966 [Client], [Server] or [Router] if the connection is authenticated at that
971 <samp class="highlight">Q: How can I generate a new server key pair?</samp><br />
972 A: You can generate a new key pair using the silcd command with the -C
973 option. When SILC Server is installed a key pair is generated
974 automatically for you. However, it is suggested that you check the
975 information found in that key and generate a new key pair if the
976 information is incorrect. You can check the information of your public
977 key by giving command: <samp class="highlight">silc -S file.pub</samp>.
979 If you want to generate a new key pair then you can give for example
980 command: <samp class="highlight">
981 silcd -C . --identifier="UN=silc-oper, HN=silc.silcnet.org, RN=SILC Router
982 Admin, E=silc-oper@silcnet.org, O=SILC Project, C=SK"</samp>. This will
983 create the key pair to current directory, with the specified identifier.
984 Please, give the --help option to the silcd to see usage help for the -C
985 and --identifier options.
989 <a name="f5_0"></a><br />
990 <b>5. Toolkit Questions</b><br /> <br />
993 <samp class="highlight">Q: What is SILC Toolkit?</samp><br />
994 A: SILC Toolkit is a package intended for software developers who would
995 like to develope their own SILC based applications or help in the
996 development of the SILC. The Toolkit includes SILC Protocol Core library,
997 SILC Crypto library, SILC Key Exchange (SKE) library, SILC Math
998 library, SILC Modules (SIM) library, SILC Utility library, SILC Client
999 library and few other libraries.
1002 <a name="f5_20"></a>
1003 <samp class="highlight">Q: Is the SILC Toolkit Reference Manual Available?</samp><br />
1004 A: Yes, partially completed reference manual is available in the Toolkit
1005 releases as HTML package and they are available from the silcnet.org
1006 website as well at the <a href="?page=docs" class="normal">documentation </a> page.
1009 <a name="f5_30"></a>
1010 <samp class="highlight">Q: How do I compile the Toolkit on Unix?</samp><br />
1011 A: You should read the INSTALL file from the package and follow its
1012 instructions. The compilation on Unix is as simple as compiling any other
1013 SILC package. Give, `./configure' command and then `make' command.
1016 <a name="f5_40"></a>
1017 <samp class="highlight">Q: How do I compile the Toolkit on Win32?</samp><br />
1018 A: We have prepared instructions to compile the Toolkit on Win32 in the
1019 Toolkit package. Please, read the README.WIN32 file from the package for
1020 detailed instructions how to compile the Toolkit for Cygwin, MinGW and
1021 native Win32 systems. We have also prepared ready MSVC++ Workspace files
1022 in the win32/ directory in the package that will compile automatically
1026 <a name="f5_50"></a>
1027 <samp class="highlight">Q: Does the Toolkit package include any sample code?</samp><br />
1028 A: Yes, naturally. It includes sample codes for two different SILC Client
1029 implementations, and SILC Server. The silcer/ directory includes a simple
1030 GUI client based on GTK--, and Win32 samples are included in the win32/
1031 directory, for simple client.