2 <b><big>Frequently Asked Questions</big></b>
4 <a href="#f1_0" class="normal">1. General Questions</a><br />
5 <a href="#f1_10" class="normal">
6 1.1 What is SILC?</a><br />
7 <a href="#f1_20" class="normal">
8 1.2 When was SILC Project started?</a><br />
9 <a href="#f1_30" class="normal">
10 1.3 Why SILC in the first place?</a><br />
11 <a href="#f1_40" class="normal">
12 1.4 What license covers the SILC release?</a><br />
13 <a href="#f1_50" class="normal">
14 1.5 Why SILC? Why not IRC3?</a><br />
15 <a href="#f1_55" class="normal">
16 1.6 What platforms SILC supports?</a><br />
17 <a href="#f1_59" class="normal">
18 1.7 How do you pronounce SILC?</a><br />
19 <a href="#f1_60" class="normal">
20 1.8 Where can I find more information?</a><br />
21 <a href="#f1_70" class="normal">
22 1.9 I would like to help out, what can I do?</a>
25 <a href="#f2_0" class="normal">2. Protocol Questions</a><br />
26 <a href="#f2_10" class="normal">
27 2.1 What is the status of SILC protocol in the IETF?</a><br />
28 <a href="#f2_20" class="normal">
29 2.2 How much the SILC protocol is based on IRC?</a><br />
30 <a href="#f2_30" class="normal">
31 2.3 Why use SILC? Why not IRC with SSL?</a><br />
32 <a href="#f2_40" class="normal">
33 2.4 Can I talk from SILC network to IRC network?</a><br />
34 <a href="#f2_45" class="normal">
35 2.5 Does SILC support file transfer?</a><br />
36 <a href="#f2_46" class="normal">
37 2.6 Does SILC support DCC or alike?</a><br />
38 <a href="#f2_47" class="normal">
39 2.7 I am behind a firewall, can I use SILC?</a><br />
40 <a href="#f2_50" class="normal">
41 2.8 How secure SILC really is?</a><br />
42 <a href="#f2_60" class="normal">
43 2.9 Does SILC support instant messaging?</a><br />
44 <a href="#f2_70" class="normal">
45 2.10 Why SILC does not have LINKS command like in IRC?</a><br />
46 <a href="#f2_80" class="normal">
47 2.11 Why SILC does not have STATS command like in IRC?</a><br />
48 <a href="#f2_90" class="normal">
49 2.12 Is anyone outside a channel able to see the channel messages?</a><br />
50 <a href="#f2_100" class="normal">
51 2.13 Is it true that all messages are encrypted in SILC?</a><br />
52 <a href="#f2_110" class="normal">
53 2.14 Can server or SILC operator gain operator mode on a channel?</a><br />
54 <a href="#f2_120" class="normal">
55 2.15 I have suggestions to SILC Protocol, what can I do?</a>
58 <a href="#f3_0" class="normal">3. Client Questions</a><br />
59 <a href="#f3_10" class="normal">
60 3.1 Where can I find SILC clients?</a><br />
61 <a href="#f3_20" class="normal">
62 3.2 Can I use SILC with IRC client and vice versa?</a><br />
63 <a href="#f3_25" class="normal">
64 3.3 The default theme sucks, where can I find a better one?</a><br />
65 <a href="#f3_30" class="normal">
66 3.4 How do I send a private message?</a><br />
67 <a href="#f3_40" class="normal">
68 3.5 How do I negotiate secret key with another user?</a><br />
69 <a href="#f3_50" class="normal">
70 3.6 How do I negotiate secret keys behind a NAT?</a><br />
71 <a href="#f3_60" class="normal">
72 3.7 How do I change channel modes?</a><br />
73 <a href="#f3_70" class="normal">
74 3.8 What does the founder mode on channel mean, and how do I set it?</a><br />
75 <a href="#f3_80" class="normal">
76 3.9 I am founder of invite only channel, how can I join the channel after I have left it?</a><br />
77 <a href="#f3_90" class="normal">
78 3.10 How can I op or deop somebody on channel?</a><br />
79 <a href="#f3_100" class="normal">
80 3.11 How do I set private key for channel, and what does that mean exactly?</a><br />
81 <a href="#f3_110" class="normal">
82 3.12 How do I transfer a file?</a><br />
83 <a href="#f3_120" class="normal">
84 3.13 How can I get other users public keys?</a><br />
85 <a href="#f3_130" class="normal">
86 3.14 How can I see the fingerprint of my public key?</a><br />
87 <a href="#f3_140" class="normal">
88 3.15 I gave WHOIS to a nick, and it returned multiple replies, why?</a><br />
89 <a href="#f3_150" class="normal">
90 3.16 Is there a command to see all linked servers?</a><br />
91 <a href="#f3_160" class="normal">
92 3.17 How do I list the users of a channel?</a><br />
93 <a href="#f3_170" class="normal">
94 3.18 What is the difference between OPER and SILCOPER commands?</a>
97 <a href="#f4_0" class="normal">4. Server Questions</a><br />
98 <a href="#f4_10" class="normal">
99 4.1 Where can I find SILC servers?</a><br />
100 <a href="#f4_20" class="normal">
101 4.2 Can I run my own SILC server?</a><br />
102 <a href="#f4_30" class="normal">
103 4.3 What is the difference between SILC server and SILC router?</a><br />
104 <a href="#f4_40" class="normal">
105 4.4 Why server says permission denied to write to a log file?</a><br />
106 <a href="#f4_50" class="normal">
107 4.5 When I connect to to my server, it says "server does not support one of your proposed cipher", what is wrong?</a><br />
108 <a href="#f4_60" class="normal">
109 4.6 Why SILC server runs on privileged port 706?</a><br />
110 <a href="#f4_70" class="normal">
111 4.7 I see [Unknown] in the log file, what does it mean?</a><br />
112 <a href="#f4_80" class="normal">
113 4.8 How can I generate a new server key pair?</a>
116 <a href="#f5_0" class="normal">5. Toolkit Questions</a><br />
117 <a href="#f5_10" class="normal">
118 5.1 What is SILC Toolkit?</a><br />
119 <a href="#f5_20" class="normal">
120 5.2 Is the SILC Toolkit Reference Manual Available?</a><br />
121 <a href="#f5_30" class="normal">
122 5.3 How do I compile the Toolkit on Unix?</a><br />
123 <a href="#f5_40" class="normal">
124 5.4 How do I compile the Toolkit on Win32?</a><br />
125 <a href="#f5_50" class="normal">
126 5.5 Does the Toolkit package include any sample code?</a><br />
131 <b>1. General Questions</b><br /> <br />
134 <samp class="highlight">Q: What is SILC?</samp><br />
135 A: SILC (Secure Internet Live Conferencing) is a protocol which provides
136 secure conferencing services in the Internet over insecure channel. SILC
137 is IRC like although internally they are very different. Biggest
138 similarity between SILC and IRC is that they both provide conferencing
139 services and that SILC has almost same commands as IRC. Other than that
140 they are nothing alike.
142 Biggest differences are that SILC is secure what IRC is not in any way.
143 The network model is also entirely different compared to IRC.
147 <samp class="highlight">Q: When was SILC Project started?</samp><br />
148 A: The SILC development started in 1996 and early 1997. But, for various
149 reasons it suspended many times until it finally got some wind under its
150 wings in 1999. First public release was in summer 2000.
154 <samp class="highlight">Q: Why SILC in the first place?</samp><br />
155 A: Simply for fun, nothing more. And actually for need back in the days
156 when it was started. When SILC was first developed there really did not
157 exist anything like this. SILC has been very interesting and educational
162 <samp class="highlight">Q: What license covers the SILC release?</samp><br />
163 A: The SILC software developed here at silcnet.org, the SILC Client, the
164 SILC Server and the SILC Toolkit are covered by the GNU General Public
169 <samp class="highlight">Q: Why SILC? Why not IRC3?</samp><br />
170 A: Question that is justified no doubt of that. SILC was not started to
171 become a replacement for IRC. SILC was something that didn't exist in 1996
172 or even today except that SILC is now released. However, I did check out
173 the IRC3 project in 1997 when I started coding and planning the SILC protocol.
175 But, IRC3 is problematic. Why? Because it still doesn't exist. The
176 project is almost at the same spot where it was in 1997 when I checked it
177 out. And it was old project back then as well. That's the problem of IRC3
178 project. The same almost happened to SILC as well as I wasn't making real
179 progress over the years. I talked to the original author of IRC, Jarkko
180 Oikarinen, in 1997 and he directed me to the IRC3 project, although he
181 said that IRC3 is a lot of talking and not that much of anything else. I
182 am not trying to put down the IRC3 project but its problem is that no one
183 in the project is able to make a decision what is the best way to go about
184 making the IRC3 and I wasn't going to be part of that. The fact is that
185 if I would've gone to IRC3 project, nor IRC3 or SILC would exist today. I
186 think IRC3 could be something really great if they just would get their
187 act together and start coding the thing.
191 <samp class="highlight">Q: What platforms SILC supports?</samp><br />
192 A: The SILC Client is available on various Unix systems and is reported to
193 work under cygwin on Windows. The SILC Server also works on various Unix
194 systems. However, the server has not been tested under cygwin as far as we
195 know. The SILC Toolkit is distributed for all platforms, Unix, Cygwin
200 <samp class="highlight">Q: How do you pronounce SILC?</samp><br />
201 A: SILC is usually pronounced as `silk', but you are free to pronounce
206 <samp class="highlight">Q: Where can I find more information?</samp><br />
207 A: For more technical information we suggest reading the SILC Protocol
208 specifications. You might also want to take a look at the <a
209 href="?page=docs" class="normal">documentation </a> page on the web page.
213 <samp class="highlight">Q: I would like to help out, what can I do?</samp><br />
214 A: You might want to take a look at the <a
215 href="?page=contribute" class="normal">Contributing</a> page and the <a
216 href="?page=todo" class="normal">TODO</a> list. You might also want to join the
217 SILC development mailing list.
221 <a name="f2_0"></a><br />
222 <b>2. Protocol Questions</b><br /> <br />
225 <samp class="highlight">Q: What is the status of SILC protocol in the IETF?</samp><br />
226 A: The SILC protocol specifications has been submitted currently as
227 individual submissions. There does not currently exist a working group
228 for this sort of project. Our goal is to fully standardize the SILC and
229 thus submit it as RFC to the <a href="http://www.ietf.org/" class="normal">
230 IETF</a> at a later time. This can happen only after we have requested
231 the IETF to accept SILC as RFC. As of today, we have not yet even requested
232 this from the IETF. We want to let the protocol mature a bit more.
236 <samp class="highlight">Q: How much SILC Protocol is based on IRC?</samp><br />
237 A: SILC is not based on IRC. The client superficially resembles IRC
238 client but everything that happens under the hood is nothing alike IRC.
239 SILC could *never* support IRC because the entire network toppology is
240 different (hopefully more scalable and powerful). So no, SILC protocol
241 (client or server) is not based on IRC. Instead, We've taken good things
242 from IRC and left all the bad things behind and not even tried to burden
243 the SILC with the IRCs problems that will burden IRC and future IRC
244 projects till the end. SILC client resembles IRC client because it is
245 easier for new users to start using SILC when they already know all the
250 <samp class="highlight">Q: Why use SILC? Why not IRC with SSL?</samp><br />
251 A: Sure, that is possible, although, does that secure the entire IRC
252 network? And does that increase or decrease the lags and splits in the
253 IRC network? Does that provide user based security where some specific
254 private message are secured? Does that provide security where some
255 specific channel messages are secured? And I know, you can answer yes to
256 some of these questions. But, security is not just about applying
257 encryption to traffic and SILC is not just about `encrypting the
258 traffic`. You cannot make insecure protocol suddenly secure just by
259 encrypting the traffic. SILC is not meant to be IRC replacement. IRC is
260 good for some things, SILC is good for same and some other things.
264 <samp class="highlight">Q: Can I talk from SILC network to IRC network?</samp><br />
265 A: Simple answer for this is No. The protocols are not compatible which
266 makes it impossible to directly talk from SILC network to IRC network or
267 vice versa. Developing a gateway between these two networks would
268 technically be possible but from security point of view strongly not
269 recommended. We have no plans for developing such a gateway.
273 <samp class="highlight">Q: Does SILC support file transfer?</samp><br />
274 A: Yes. The SILC protocol support SFTP as mandatory file transfer
275 protocol. It provides simple client to client file transfer, but also
276 a possibility for file and directory manipulation. Even though the SFTP
277 is the file transfer protocol the support for file transferring has been
278 done so that practically any file transfer protocol may be used with SILC
283 <samp class="highlight">Q: Does SILC support DCC or alike?</samp><br />
284 A: SILC does not support the DCC commonly used in IRC. It does not need
285 it since it has builtin support for same features that DCC have. You can
286 transfer files securely and encrypted directly with another client. You
287 can also negotiate secret key material with another client directly to
288 use it in private message encryption. The private messages are not,
289 however sent directly between clients. The protocol, on the hand
290 does not prohibit sending messages directly between clients if the
291 implementation would support it. The current SILC Client implementation
292 does not support it. This means that private messages travel through the
293 SILC Network. SILC protocol also has a capability to support DCC
294 and CTCP like protocols with SILC. None of them, however have not been
295 defined to be used with SILC at the present time.
299 <samp class="highlight">Q: I am behind a firewall, can I use SILC?</samp><br />
300 A: Yes. If your network administrator can open the remote port 706 (TCP) you
301 can use SILC without problems. You may also compile your SILC client with
302 SOCKS support which will proxy your SILC session through the firewall.
306 <samp class="highlight">Q: How secure SILC really is?</samp><br />
307 A: We have tried to make SILC as secure as possible. However, there is
308 no security protocol or security software that has not been vulnerable to
309 some sort of attacks. SILC is in no means different from this. So, it is
310 suspected that there are security holes in the SILC. These holes just need
311 to be found so that they can be fixed. SILC's security features has been
312 developed from attacker's point of view, and we've tried to find all the
313 possible attacks and guard the protocol against them.
315 But to give you some parameters of security SILC uses the most secure
316 crytographic algorithms such as AES (Rijndael), Twofish, Blowfish, RC5,
317 etc. SILC does not have DES or 3DES as DES is insecure and 3DES is just
318 too slow. SILC also uses cryptographically strong random number generator
319 when it needs random numbers. Public key cryptography uses RSA (PKCS #1)
320 and Diffie-Hellman algorithms. Key lengths for ciphers are initially set
321 to 256. For public key algorithms the starting key length is 1024 bits.
323 But the best answer for this question is that SILC is as secure as its
324 weakest link. SILC is open and the protocol is open and in public thus
325 open for security analysis.
327 To give a list of attacks that are ineffective against SILC:
329 - Man-in-the-middle attacks are ineffective if proper public key
330 infrastructure is used, and if all public keys are always verified.<br />
331 - IP spoofing is ineffective (because of encryption and trusted keys).<br />
332 - Attacks that change the contents of the data or add extra data to the
333 packets are ineffective (because of encryption and integrity checks).<br />
334 - Passive attacks (listenning network traffic) are ineffective (because
335 of encryption). Everything is encrypted including authentication data
336 such as passwords when they are needed.<br />
337 - Any sort of cryptanalytic attacks are tried to make ineffective by
338 using the best cryptographic algorithms out there, and by designing the
339 protocol to guard against them.
343 <samp class="highlight">Q: Does SILC support instant messaging?</samp><br />
344 A: SILC is not an instant message (IM) system, like ICQ and the others.
345 SILC is more IRC like system, "real-time", connection-oriented chat and
346 that kind of stuff. But I guess IRC is too sometimes called an Instant
351 <samp class="highlight">Q: Why SILC does not have LINKS command like in
353 A: It was felt that this information as an own command in SILC is not
354 necessary. Moreover, the topology of the network might be undisclosed
355 information even though the servers and routers in the network are still
356 open. We feel that the network topology information, if it is wanted to be
357 public, and the list of accessible servers can be made available in other
358 ways than providing command like LINKS, which shows the active server
363 <samp class="highlight">Q: Why SILC does not have STATS command like in
365 A: This too was considered as information that the protocol should not
366 address. We feel that server implementations will need to implement some
367 sort of adminstrative plugin, or module which provides various means of
368 accessing statistical and other information in the server. And, we do
369 consider this implementation issue, not protocol design issue.
373 <samp class="highlight">Q: Is anyone outside a channel able to see the channel
374 messages?</samp><br />
375 A: A short answer is simply No. A longer answer involves assumptions
376 about security conditions. Initially channel keys are generated by the
377 server, so if the server would get compromised it would be possible for
378 an adversary to see the messages. However, users on the channel can
379 prevent this even if the server would be compromised. It is possible to
380 set so called channel private key that only the users on the channel
381 know about. The servers does not know about the key, and therefore cannot
382 see the messages even if they would be compromised. So, longer answer
383 results into same as the short one; No.
386 <a name="f2_100"></a>
387 <samp class="highlight">Q: Is it true that all messages are encrypted in SILC?</samp><br />
388 A: Most definitely yes. The SILC protocol makes it impossible to send
389 unencrypted messages or packets to the SILC network. All messages are
390 always encrypted, either using session keys, or other secret keys such as
391 channel keys or private message keys.
394 <a name="f2_110"></a>
395 <samp class="highlight">Q: Can server or SILC operator gain operator mode on a channel?</samp><br />
396 A: They cannot get operator status, founder status, join invite only channels,
397 escape active bans, escape user limits or anything alike, without explicitly
398 being allowed. Only way to get channel operator status is that someone
399 ops him. Server and SILC operators in the network are normal users with
400 the extra privileges of being able to adminstrate their server. They cannot
401 do anything more than a normal user.
404 <a name="f2_120"></a>
405 <samp class="highlight">Q: I have suggestions to SILC Protocol, what can I do?</samp><br />
406 A: All suggestions and improvements are of course welcome. You should read
407 the protocol specifications first to check out whether your idea is
408 covered by them already. The best place to make your idea public is the
409 SILC development mailing list. You might want to checkout the TODO list
410 from the CVS as well.
414 <a name="f3_0"></a><br />
415 <b>3. Client Questions</b><br /> <br />
418 <samp class="highlight">Q: Where can I find SILC clients?</samp><br />
419 A: The SILC client is available for free download from the silcnet.org web
420 page. Some people have also mentioned words Java and Perl when talking
421 about SILC clients. Nothing has appeared yet, though.
425 <samp class="highlight">Q: Can I use SILC with IRC client and vice versa?</samp><br />
426 A: Generally the answer would be no for both. However, there exist already
427 at least one IRC client that supports SILC, the <a href="http://irssi.org/"
428 class="normal">Irssi client</a>. The current SILC client is actually based
429 on the user interface of the Irssi client. So, yes it is possible to use
430 SILC with some IRC clients and vice versa. But, this does not mean that you
431 can talk from SILC network to IRC network, that is not possible.
435 <samp class="highlight">Q: The default theme sucks, where can I find a better one?</samp><br />
436 A: The Irssi SILC client's theme files are almost 100% compatible with
437 the original Irssi IRC client's themes. You can get those theme files
438 from the <a href="http://irssi.org/" class="normal">Irssi project website</a>.
439 You can also try to make a better theme by yourself.
443 <samp class="highlight">Q: How do I send a private message?</samp><br />
444 A: Sending private message is done by using the MSG command. For example,
445 command: <samp class="highlight">/MSG john hello</samp>, will send a
446 `hello' message to a nickname `john'. By default private messages are
447 secured with session keys, and the message is re-encrypted by the servers
448 when the message travels to the receiver. If you would like to secure the
449 private messages with a private key, you can negotiate a secret key with the
450 receiver. Always remember to give WHOIS command before sending a private
451 message to assure that you are sending the message to correct person.
455 <samp class="highlight">Q: How do I negotiate secret key with another user?</samp><br />
456 A: It is important to negotiate secret keys if you cannot trust the servers
457 and the network you are using. By negotiating a key with the user you
458 want to talk to assures that no one except you and your friend is able
459 to encrypt and decrypt the messages. The secret key negotiation is done with
460 the KEY command. Here is an example of how to negotiate keys for securing
463 By giving command: <samp class="highlight">/KEY MSG john agreement
464 192.168.2.100</samp>, you will send a key negotiation request to a nickname
465 `john'. The 192.168.2.100 IP address would be your machine's IP address.
466 You can also define an port to the KEY command after the IP address. If
467 you do not do that the operating system will bind to a port of its choosing.
468 John will receive a notification on the screen that you would like to
469 negotiate secret keys with him, and he will receive the IP address and port
470 where you are listenning for the negotiation. When he gives command:
471 <samp class="highlight">/KEY MSG You negotiate 192.168.2.100 31382</samp>,
472 the key negotiation is started. During the key negotiation you will be
473 prompted on the screen to verify and accept John's public key if you do not
474 have his public key already. The John will be prompted to accept your
475 public key as well. After the key negotiation is over all private messages
476 sent between you and John are secured with the negotiated secret key.
477 Note that you must verify the public key you are prompted for, and this is
478 very important since someone could be doing man-in-the-middle attack.
482 <samp class="highlight">Q: How do I negotiate secret keys behind a NAT?</samp><br />
483 A: If only you are behind a NAT, or firewall then key negotiation works,
484 but if both you and your friend are behind a NAT then key negotiation will
485 not work, since it is done peer to peer. If you are behind a NAT then you
486 obviously cannot receive key negotiations, and cannot bind to any IP address
487 and port. However, you can still use KEY command to negotiate the keys.
489 By giving command: <samp class="highlight">/KEY MSG john agreement</samp>,
490 without any other arguments (such as IP address and port) you will send
491 a negotiation request to John, but do not provide an address and port for
492 the John to connect to. When John receives the notification on the screen
493 that you would like to perform key negotiation, he can give command:
494 <samp class="highlight">/KEY MSG You agreement 172.16.100.78</samp>, which
495 will send key negotiation request back to you. You will receive the IP
496 address and port where you need to connect in order to perform the negotiation.
497 After receiving the notification you can give command: <samp class="highlight">
498 /KEY MSG john negotiate 172.16.100.78 31181</samp>, which will start the
499 key negotiation with John. This way you can negotiate the keys if you are
504 <samp class="highlight">Q: How do I change channel modes?</samp><br />
505 A: The command to manage channel modes is CMODE. With this command you
506 can change the channel status (to change it to secret channel for example),
507 set user limit on the channel, passphrase for the channel, set the channel
508 to use private keys on channel, and set the founder mode.
512 <samp class="highlight">Q: What does the founder mode on channel mean, and how do I set it?</samp><br />
513 A: Who ever creates the channel by being the first user to join the channel
514 becomes automatically the founder of the channel. Founder has some extra
515 privileges on the channel. For example, it is not possible to kick the
516 founder off the channel, and there are some channel modes that only the
517 founder of the channel can change. If the creator of the channel wishes
518 to preserve the channel founder mode even if he leave the channel he
519 can set the founder mode for the channel.
521 The mode is set by giving command: <samp class="highlight">/CMODE #channel
522 +f -pubkey</samp>. This will set the founder mode and will use the public
523 key of the founder as authenticator when the user is reclaiming the mode
524 back. If the founder leaves the channel he will be able to get the founder
525 mode back by using JOIN or CUMODE commmands. Giving command
526 <samp class="highlight">/JOIN #channel -founder -pubkey</samp>,
527 will get the founder mode back at the same time he joins the channel, or
528 giving commmand <samp class="highlight">/CUMODE #channel +f -pubkey</samp>,
529 will also give the founder mode back on the channel after he has joined
532 If the channel is destroyed after the last client leaves the channel,
533 the founder mode is also reset. Who ever creates the channel after that
534 will also get the channel founder mode automatically. Note also that the
535 founder mode is local. You can reclaim the mode back only on the same
536 server where you set the founder mode in the first place.
540 <samp class="highlight">Q: I am founder of invite only channel, how can I join the channel after I have left it?</samp><br />
541 A: Founder can override the invite only status by reclaiming the founder
542 status on the channel using the JOIN command. The channel must have the
543 founder mode set in order for it to work. Reclaiming founder status using
544 JOIN command is important also if the channel has user limit set, and has
545 active bans. Founder can override these conditions as well. However,
546 founder cannot override the passphrase of the channel if it is set. To
547 get the founder mode during JOIN and to override the invite only condition,
548 give command: <samp class="highlight">/JOIN #channel -founder -pubkey</samp>.
549 This will join the channel and attempt to reclaim the founder status back
550 to you. Note that you need to be on the same server where you gave the
551 founder mode for the channel for this to work.
555 <samp class="highlight">Q: How can I op or deop somebody on channel?</samp><br />
556 A: Giving operator status, or removing the operator status on a channel
557 requires you to have at least operator status, or founder status on the
558 channel. You can give operator status to another user by using CUMODE
559 command. To give ops give the command: <samp class="highlight">/CUMODE
560 #channel +o john</samp>, and to remove ops give command:
561 <samp class="highlight">/CUMODE #channel -o john</samp>. To indicate
562 current channel you can also use `*' character in #channel's stead.
565 <a name="f3_100"></a>
566 <samp class="highlight">Q: How do I set private key for channel, and what does that mean exactly?</samp><br />
567 A: Setting private key for channel requires first to set the private key mode
568 for the channel. You need to be the founder of the channel to be able to
569 do this. Give the command: <samp class="highlight">/CMODE #channel +k</samp>.
570 After this mode is set the old channel key will not be used to encrypt and
571 decrypt channel messages. To set the key for the channel use the KEY command.
572 Every user on the channel must do the same thing and set the same key.
573 If some user on the channel does not set the key (or does not know the key)
574 he won't be able to see any messages on the channel. Give the command:
575 <samp class="highlight">/KEY CHANNEL #channel set verysecretkey</samp>.
576 This command will set the `verysecretkey' passphrase as key to the #channel.
577 How exactly other users will know this key is out of scope of the SILC
578 protocol. SILC does not provide yet a possibility of negotiating secret key
579 with many users at the same time. For this reason the secret key on the
580 channel is usually a passphrase or a password that all users on the channel
581 have to know. Setting a private key for channel means that only the users
582 on the channel who know the key is able to encrypt and decrypt messages.
583 Servers do not know the key at all. If you remove the private key mode
584 from the channel, all users will start automatically using a new channel
585 key to secure channel messages.
588 <a name="f3_110"></a>
589 <samp class="highlight">Q: How do I transfer a file?</samp><br />
590 A: You can transfer files securely using the FILE command. This command
591 will automatically negotiate secret key with the remote user and the
592 file transfer stream is secured using that key. The file transfer
593 stream is always sent peer to peer. If you would like to send a file
594 to another user you can give command: <samp class="highlight">/FILE
595 SEND path/to/the/file john</samp>. This command sends, or actually
596 makes the `path/to/the/file' available for download for the user `john'.
597 The John will decide whether he wants to actually download the file.
598 When John gives the command: <samp class="highlight">/FILE RECEIVE</samp>,
599 the key negotiation is started. You and John will be prompted to verify
600 and accept each other's public key if you do not have it cached already.
601 After key negotiation is over the file transfer process starts.
602 If you want to cancel the file transfer session, or if John wants to
603 reject the file transfer request, giving the command: <samp class="highlight">
604 /FILE CLOSE</samp> will close the session.
607 <a name="f3_120"></a>
608 <samp class="highlight">Q: How can I get other users public keys?</samp><br />
609 A: You can get a user's public key using the GETKEY command. This command
610 will fetch the user's public key from the server where the user has connected
611 to. The server has verified that the user posesses the corresponding private
612 key, however, you will be prompted to verify and accept the public key.
613 All client public keys are saved in your local key directory in
614 ~/.silc/clientkeys/. You can also receive clients public keys during
615 key negotiation and file transfers. The GETKEY command can be used to fetch
616 a server's public key as well. Those keys are saved in ~/.silc/serverkeys/
620 <a name="f3_130"></a>
621 <samp class="highlight">Q: How can I see the fingerprint of my public key?</samp><br />
622 A: You can check out your own fingerprint by giving just WHOIS command without
623 any arguments. Additionally you can also dump the contents of the key file
624 using the silc program and giving -S option to it. Your own public key is
625 always saved in ~/.silc/public_key.pub file. To dump your key run silc as:
626 <samp class="highlight">silc -S .silc/public_key.pub</samp>. The same way
627 you can dump the contents of any public key inside ~/.silc/clientkeys/ and
628 ~/.silc/serverkeys/ directories. The WHOIS command will also show other
629 users public key fingerprints.
632 <a name="f3_140"></a>
633 <samp class="highlight">Q: I gave WHOIS to a nick, and it returned multiple replies, why?</samp><br />
634 A: This will happen if there are several same nicknames in the network at
635 the same time. As you may already know nicknames are not unique in SILC
636 network. This means there can be multiple same nicknames. This also means
637 that you can always have the nickname you want. If WHOIS returns multiple
638 replies, you can distinguish the users by their realname, username,
639 hostname and ultimately by the fingerprint of their public key, which the
640 WHOIS will also show. You will also notice an additional nickname inside a
641 parenthesis. It may show for example: <samp class="highlight">nickname: John
642 (John@otaku)</samp>. The real nickname is `John', but since there are
643 many John's in the network you can access this one using `John@otaku'.
644 So, if you were to send private message to this particular John you can do
645 it by giving command: <samp class="highlight">/MSG John@otaku hello</samp>.
646 This will send `hello' message to the John@otaku.
649 <a name="f3_150"></a>
650 <samp class="highlight">Q: Is there a command to see all linked servers?</samp><br />
651 A: No there is not. For longer answer see also <a href="#f2_70"
652 class="normal">this FAQ</a>.
655 <a name="f3_160"></a>
656 <samp class="highlight">Q: How do I list the users of a channel?</samp><br />
657 A: The command to list all users on a particular channel is USERS. It is
658 also aliased to WHO command in Irssi SILC Client. To see the users of the
659 current channel give the command: <samp class="highlight">/USERS *</samp>.
660 You can replace the `*' with the channel name of your choosing. If the
661 channel is private or secret channel, and you have not joined the channel,
662 you cannot list the users of that channel.
665 <a name="f3_170"></a>
666 <samp class="highlight">Q: What is the difference between OPER and SILCOPER commands?</samp><br />
667 A: The OPER command is used to gain server operator privileges on normal
668 SILC server, while SILCOPER is used to gain router operator (also known as
669 SILC operator) privileges on router server. You cannot use SILCOPER command
670 on normal SILC server, it works only on router server.
674 <a name="f4_0"></a><br />
675 <b>4. Server Questions</b><br /> <br />
678 <samp class="highlight">Q: Where can I find SILC servers?</samp><br />
679 A: The SILC server is available for free download from the silcnet.org
680 web page. We are not aware of any other SILC server implementations, so far.
684 <samp class="highlight">Q: Can I run my own SILC server?</samp><br />
685 A: Yes of course. Download the SILC server package, compile and install
686 it. Be sure to check out the installation instructions and the README
687 file. You also should decide whether you want to run SILC server or SILC
692 <samp class="highlight">Q: What is the difference between SILC
693 server and SILC router?</samp><br />
694 A: The topology of the SILC network includes SILC routers and the SILC
695 servers (and SILC clients of course). Normal SILC server does not have
696 direct connections with other SILC servers. They connect directly to the
697 SILC router. SILC Routers may have several server connections and they
698 may connect to several SILC routers. The SILC routers are the servers in
699 the network that know everything about everything. The SILC servers know
700 only local information and query global information from the router when
703 If you are running SILC server you want to run it as router only if you
704 want to have server connections in it and are prepared to accept server
705 connections. You also need to get the router connected to some other
706 router to be able to join the SILC network. You may run the server as
707 normal SILC server if you do not want to accept other server connections
708 or cannot run it as router.
712 <samp class="highlight">Q: Why server says permission denied to write to a
713 log file?</samp><br />
714 A: The owner of the log files must be same user that the server is run
715 under, by default it is user `nobody'. Just change the permissions and
720 <samp class="highlight">Q: When I connect to my server it says "server does
721 not support one of your proposed ciphers", what is wrong?</samp><br />
722 A: Most likely the ciphers and others has not been compiled as SIMs
723 (modules) and they are configured as modules in the silcd.conf. If they
724 are not compiled as modules remove the module paths from the ciphers and
725 hash functions from the silcd.conf, so that the server use the builtin
726 ciphers. Then try connecting to the server again. It is also possible
727 that the client IS proposing some ciphers that your server does not support.
731 <samp class="highlight">Q: Why SILC server runs on privileged port 706?</samp><br />
732 A: Ports 706/tcp and 706/udp have been assigned for the SILC protocol by
733 <a href="http://www.iana.org" class="normal">IANA</a>. Server on the network
734 listening above privileged ports (>1023) SHOULD NOT be trusted as it could
735 have been set up by untrusted party. The server normally drops root privileges
736 after startup and then run as user previously defined in silcd.conf.
740 <samp class="highlight">Q: I see [Unknown] in the log file, what does it mean?</samp><br />
741 A: You can see in the log file for example: <samp class="highlight">
742 [Info] Closing connection 192.168.78.139:3214 [Unknown]</samp>. The [Unknown]
743 means that the connection was not authenticated yet, and it is not known
744 whether the connection was a client, server or router. There will appear
745 [Client], [Server] or [Router] if the connection is authenticated at that
750 <samp class="highlight">Q: How can I generate a new server key pair?</samp><br />
751 A: You can generate a new key pair using the silcd command with the -C
752 option. When SILC Server is installed a key pair is generated
753 automatically for you. However, it is suggested that you check the
754 information found in that key and generate a new key pair if the
755 information is incorrect. You can check the information of your public
756 key by giving command: <samp class="highlight">silc -S file.pub</samp>.
758 If you want to generate a new key pair then you can give for example
759 command: <samp class="highlight">
760 silcd -C . --identifier="UN=silc-oper, HN=silc.silcnet.org, RN=SILC Router
761 Admin, E=silc-oper@silcnet.org, O=SILC Project, C=SK"</samp>. This will
762 create the key pair to current directory, with the specified identifier.
763 Please, give the --help option to the silcd to see usage help for the -C
764 and --identifier options.
768 <a name="f5_0"></a><br />
769 <b>5. Toolkit Questions</b><br /> <br />
772 <samp class="highlight">Q: What is SILC Toolkit?</samp><br />
773 A: SILC Toolkit is a package intended for software developers who would
774 like to develope their own SILC based applications or help in the
775 development of the SILC. The Toolkit includes SILC Protocol Core library,
776 SILC Crypto library, SILC Key Exchange (SKE) library, SILC Math
777 library, SILC Modules (SIM) library, SILC Utility library, SILC Client
778 library and few other libraries.
782 <samp class="highlight">Q: Is the SILC Toolkit Reference Manual Available?</samp><br />
783 A: Yes, partially completed reference manual is available in the Toolkit
784 releases as HTML package and they are available from the silcnet.org
785 website as well at the <a href="?page=docs" class="normal">documentation </a> page.
789 <samp class="highlight">Q: How do I compile the Toolkit on Unix?</samp><br />
790 A: You should read the INSTALL file from the package and follow its
791 instructions. The compilation on Unix is as simple as compiling any other
792 SILC package. Give, `./configure' command and then `make' command.
796 <samp class="highlight">Q: How do I compile the Toolkit on Win32?</samp><br />
797 A: We have prepared instructions to compile the Toolkit on Win32 in the
798 Toolkit package. Please, read the README.WIN32 file from the package for
799 detailed instructions how to compile the Toolkit for Cygwin, MinGW and
800 native Win32 systems. We have also prepared ready MSVC++ Workspace files
801 in the win32/ directory in the package that will compile automatically
806 <samp class="highlight">Q: Does the Toolkit package include any sample code?</samp><br />
807 A: Yes, naturally. It includes sample codes for two different SILC Client
808 implementations, and SILC Server. The silcer/ directory includes a simple
809 GUI client based on GTK--, and Win32 samples are included in the win32/
810 directory, for simple client.