@SYNTAX:key@
-This command is used to set and unset private keys for
-channels, set and unset private keys for private messages
-with remote clients and to send key agreement requests and
-negotiate the key agreement protocol with remote client.
-The key agreement is supported only to negotiate private
-message keys, it currently cannot be used to negotiate
-private keys for channels, as it is not convenient for that
-purpose.
+This command is used to set and unset private channel keys,
+set and unset private message keys with remote users, and
+to send key agreement requests and negotiate the key agreement
+protocol with remote user. The key agreement is supported only
+to negotiate private message keys, it currently cannot be used
+to negotiate channel private keys.
Types:
- MSG The command is performed for private messages
- affecting the <nickname>.
+ MSG The command is performed for private messages
+ affecting the <nickname>.
- CHANNEL The command is performed for channel affecting
- the <channel>.
+ CHANNEL The command is performed for the channel indicated
+ by <channel> (* matches current channel).
Commands:
- set [<key> [<cipher>] [<hmac>]]
+ set [<key> [<cipher>] [<hmac>]]
- Set the key into use. If the <key> is provided it
- is used as the key material. If the <key> is not
- provided the negotiated key material is used. If
- the negotiation has not been performed this command
- has no effect.
+ Set the key into use. The <key> is a pre-shared-key,
+ passphrase or similar shared secret string. Setting
+ the key without first receiving a request from the
+ remote user, this command will send the request to the
+ remote user. The actual key is not sent to network.
- If the type is `msg' and the <key> is `*' then
- random key will be generated automatically.
+ Optionally, the <cipher> and <hmac> may also be set.
- The <cipher> may be set for both private message
- and channel private keys and the <hmac> may be set
- only to the channel private keys.
+ unset [<number>]
- unset [<number>]
+ Unset the key. The private key is not used after this
+ command. The key must be set again or the key material must
+ be re-negotiated to be able to use the private keys again.
+ The channel may have several private keys set. The <number>
+ can be used to indicate what key is being unset. If it is
+ not provided all keys are removed.
- Unset the key. The private key is not used after
- this command. The key must be set again or the key
- material must be re-negotiated to be able to use
- the private keys again.
+ list
- The channel may have several private keys set. The
- <number> can be used to indicate what key is being
- unset. If it is not provided all keys are removed.
+ List all private keys that has been set. If the type is
+ MSG and the <nickname> is ´*' then all private message
+ keys that you've set will be listed.
- list
+ change [<number>]
- List all private keys that has been set. If the
- type is `msg' and the <nickname> is ´*' then
- all private message keys that you've set will be
- listed.
+ This command can be used only when type is CHANNEL. This is
+ used to change the current channel private key. The <number>
+ may indicate what key is changed. If it is not provided then
+ next key is changed to current channel private key. By default
+ this command is also bound to Meta-K (Alt+Shift+k) key.
- agreement [<hostname> [<port>]]
+ agreement [<hostname> [<port>] [<TCP|UDP>]]
- Send key agreement request to remote client. If
- the <hostname> is provided it is sent in the request.
- The receiver may use the hostname to start the
- key agreement. If the <port> is also provided your
- key agreement protocol server is bound to that
- port. Note that it cannot be privileged port (<1023).
- If the <hostname> and <port> is not provided then
- the receiver will never initiate the key agreement.
- In this case you may start the key agreement after
- receiving the reply to the request, by giving the
- negotiate command.
+ Send key agreement request to remote client. If the
+ <hostname> is provided it is sent in the request. The
+ receiver may use the hostname to start the key agreement.
+ If the <port> is also provided your key agreement protocol
+ server is bound to that port. Note that it cannot be
+ privileged port (<1024). If the <hostname> and <port> is
+ not provided then the receiver will never initiate the key
+ agreement. In this case you may start the key agreement
+ after receiving the reply to the request, by giving the
+ negotiate command. By default the key agreement connection
+ is TCP connection. UDP connection may also be defined.
+ (Note that, older SILC clients (1.0.x) does not support UDP).
- This command may be used to send reply to the
- remote client. When receiving empty key agreement
- you can reply to the sender with the hostname and
- port of your key agreement server with this command.
+ This command may be used to send reply to the remote client.
+ When receiving empty key agreement you can reply to the
+ sender with the hostname and port of your key agreement
+ server with this command.
- negotiate [<hostname> [<port>]]
+ If the hostname and port are ommitted, the boolean
+ variable use_auto_addr will be examined. If it is set
+ the value of auto_bind_ip will be used as the IP address
+ to listen for the return reply, the value of auto_public_ip
+ will be the IP address sent to the remote client, and the
+ auto_bind_port will be the port value to be bound to and
+ sent to the remote client. If auto_public_ip is unset, but
+ auto_bind_ip is set, silc client will send the auto_bind_ip
+ variable's value to the remote client.
- This may be called to start the key agreement with
- <nickname>. This command has effect only if the
- <nickname> has replied to your key agreement request.
- You will see a notify on the screen when the reply
- arrives. The <hostname> and <port> is the hostname
- and port of the remote client's key agreement
- server.
+ negotiate [<hostname> [<port>] [<TCP|UDP>]]
+ This may be called to start the key agreement with <nickname>.
+ This command has effect only if the <nickname> has replied to
+ your key agreement request. You will see a notify on the
+ screen when the reply arrives. The <hostname> and <port> is the
+ hostname and port of the remote client's key agreement server.
+ The request tells the connection protocol used, usually TCP.
+ If UDP was requested it must be provided.
+
+Examples:
+
+ Set channel private key to current channel, and list all keys:
+
+ /KEY CHANNEL * set very_secret_key_this_is
+ /KEY CHANNEL * list
+
+ Set private message key with a friend:
+
+ foobar: /KEY MSG friend set secretkey
+ friend: /KEY MSG foobar set secretkey
+
+ Perform key agreement:
+
+ bar: /KEY MSG foo agreement 10.2.1.7 5000
+ foo: /KEY MSG bar negotiate 10.2.1.7 5000
+
+ bar: /KEY MSG foo agreement 10.2.1.7 5000 UDP
+ foo: /KEY MSG bar negotiate 10.2.1.7 5000 UDP
+
+See also: WHOIS, CHANNEL, GETKEY