X-Git-Url: http://git.silcnet.org/gitweb/?a=blobdiff_plain;f=doc%2FFAQ;fp=doc%2FFAQ;h=0000000000000000000000000000000000000000;hb=f9d9c92fcc179ff82ae7aa5f724440215f194827;hp=396daa4fe51fd81bed7deac27f66fc2efc8ac8e7;hpb=e7b6c157b80152bf9fb9266e6bdd93f9fb0db776;p=crypto.git diff --git a/doc/FAQ b/doc/FAQ deleted file mode 100644 index 396daa4f..00000000 --- a/doc/FAQ +++ /dev/null @@ -1,806 +0,0 @@ - Frequently Asked Questions - - 1. General Questions - 1.1 What is SILC? - 1.2 When was SILC Project started? - 1.3 Why SILC in the first place? - 1.4 What license covers the SILC release? - 1.5 Why SILC? Why not IRC3? - 1.6 What platforms SILC supports? - 1.7 How do you pronounce SILC? - 1.8 Where can I find more information? - 1.9 I would like to help out, what can I do? - - 2. Protocol Questions - 2.1 What is the status of SILC protocol in the IETF? - 2.2 How much the SILC protocol is based on IRC? - 2.3 Why use SILC? Why not IRC with SSL? - 2.4 Can I talk from SILC network to IRC network? - 2.5 Does SILC support file transfer? - 2.6 Does SILC support DCC or alike? - 2.7 I am behind a firewall, can I use SILC? - 2.8 How secure SILC really is? - 2.9 Does SILC support instant messaging? - 2.10 Why SILC does not have LINKS command like in IRC? - 2.11 What does the session detaching/resuming mean? - 2.12 Is anyone outside a channel able to see the channel - messages? - 2.13 How can I register my channel in SILC? - 2.14 Is it true that all messages are encrypted in SILC? - 2.15 Can server or SILC operator gain operator mode on a channel? - 2.16 Channel name doesn't have #-character or does it? - 2.17 Does SILC support moderated channels? - 2.18 What does the "watching" mean? - 2.19 Is it possible to reject watching? - 2.20 Is it possible to block private messages? - 2.21 Is it possible to block channel messages? - 2.22 Is it possible to block invites? - 2.23 Does SILC support multimedia messages, like video/audio - streaming? - 2.24 What kind of presence modes SILC support? - 2.25 Does SILC support anonymity? - 2.26 Does SILC support services? - 2.27 I have suggestions to SILC Protocol, what can I do? - - 3. Client Questions - 3.1 Where can I find SILC clients? - 3.2 Can I use SILC with IRC client and vice versa? - 3.3 The default theme sucks, where can I find a better one? - 3.4 How do I send a private message? - 3.5 How do I negotiate secret key with another user? - 3.6 How do I negotiate secret keys behind a NAT? - 3.7 How do I change channel modes? - 3.8 What does the founder mode on channel mean, and how do I set - it? - 3.9 I am founder of invite only channel, how can I join the - channel after I have left it? - 3.10 How can I op or deop somebody on channel? - 3.11 How do I set private key for channel, and what does that - mean exactly? - 3.12 How do I transfer a file? - 3.13 How can I get other users public keys? - 3.14 How can I see the fingerprint of my public key? - 3.15 I gave WHOIS to a nick, and it returned multiple replies, - why? - 3.16 Is there a command to see all linked servers? - 3.17 How do I list the users of a channel? - 3.18 What is the difference between OPER and SILCOPER commands? - 3.19 My Cygwin client crashes with message "Couldn't create - //.silc directory" - 3.20 Why /join #silc and /join silc doesn't join the same - channel? - 3.21 How do I detach my session from the server? - - 4. Server Questions - 4.1 Where can I find SILC servers? - 4.2 Can I run my own SILC server? - 4.3 What is the difference between SILC server and SILC router? - 4.4 Why server says permission denied to write to a log file? - 4.5 When I connect to to my server, it says "server does not - support one of your proposed cipher", what is wrong? - 4.6 Why SILC server runs on privileged port 706? - 4.7 I see [Unknown] in the log file, what does it mean? - 4.8 How can I generate a new server key pair? - - 5. Toolkit Questions - 5.1 What is SILC Toolkit? - 5.2 Is the SILC Toolkit Reference Manual Available? - 5.3 How do I compile the Toolkit on Unix? - 5.4 How do I compile the Toolkit on Win32? - 5.5 Does the Toolkit package include any sample code? - - 1. General Questions - - Q: What is SILC? - A: SILC (Secure Internet Live Conferencing) is a protocol which - provides secure conferencing services in the Internet over insecure - channel. SILC is IRC like although internally they are very different. - Biggest similarity between SILC and IRC is that they both provide - conferencing services and that SILC has almost same commands as IRC. - Other than that they are nothing alike. - - Biggest differences are that SILC is secure what IRC is not in any - way. The network model is also entirely different compared to IRC. - - Q: When was SILC Project started? - A: The SILC development started in 1996 and early 1997. But, for - various reasons it suspended many times until it finally got some wind - under its wings in 1999. First public release was in summer 2000. - - Q: Why SILC in the first place? - A: Simply for fun, nothing more. And actually for need back in the - days when it was started. When SILC was first developed there really - did not exist anything like this. SILC has been very interesting and - educational project. - - Q: What license covers the SILC release? - A: The SILC software developed here at silcnet.org, the SILC Client, - the SILC Server and the SILC Toolkit are covered by the GNU General - Public License. - - Q: Why SILC? Why not IRC3? - A: Question that is justified no doubt of that. SILC was not started - to become a replacement for IRC. SILC was something that didn't exist - in 1996 or even today except that SILC is now released. However, I did - check out the IRC3 project in 1997 when I started coding and planning - the SILC protocol. - - But, IRC3 is problematic. Why? Because it still doesn't exist. The - project is almost at the same spot where it was in 1997 when I checked - it out. And it was old project back then as well. That's the problem - of IRC3 project. The same almost happened to SILC as well as I wasn't - making real progress over the years. I talked to the original author - of IRC, Jarkko Oikarinen, in 1997 and he directed me to the IRC3 - project, although he said that IRC3 is a lot of talking and not that - much of anything else. I am not trying to put down the IRC3 project - but its problem is that no one in the project is able to make a - decision what is the best way to go about making the IRC3 and I wasn't - going to be part of that. The fact is that if I would've gone to IRC3 - project, nor IRC3 or SILC would exist today. I think IRC3 could be - something really great if they just would get their act together and - start coding the thing. - - Q: What platforms SILC supports? - A: The SILC Client is available on various Unix systems and is - reported to work under cygwin on Windows. The SILC Server also works - on various Unix systems. However, the server has not been tested under - cygwin as far as we know. The SILC Toolkit is distributed for all - platforms, Unix, Cygwin and native Windows. - - Q: How do you pronounce SILC? - A: SILC is usually pronounced as `silk', but you are free to pronounce - it the way you want. - - Q: Where can I find more information? - A: For more technical information we suggest reading the SILC Protocol - specifications. You might also want to take a look at the - documentation page on the web page. - - Q: I would like to help out, what can I do? - A: You might want to take a look at the Contributing page and the TODO - list. You might also want to join the SILC development mailing list. - - 2. Protocol Questions - - Q: What is the status of SILC protocol in the IETF? - A: The SILC protocol specifications has been submitted currently as - individual submissions. There does not currently exist a working group - for this sort of project. Our goal is to fully standardize the SILC - and thus submit it as RFC to the IETF at a later time. This can happen - only after we have requested the IETF to accept SILC as RFC. As of - today, we have not yet even requested this from the IETF. We want to - let the protocol mature a bit more. - - Q: How much SILC Protocol is based on IRC? - A: SILC is not based on IRC. The client superficially resembles IRC - client but everything that happens under the hood is nothing alike - IRC. SILC could *never* support IRC because the entire network - toppology is different (hopefully more scalable and powerful). So no, - SILC protocol (client or server) is not based on IRC. Instead, We've - taken good things from IRC and left all the bad things behind and not - even tried to burden the SILC with the IRCs problems that will burden - IRC and future IRC projects till the end. SILC client resembles IRC - client because it is easier for new users to start using SILC when - they already know all the commands. - - Q: Why use SILC? Why not IRC with SSL? - A: Sure, that is possible, although, does that secure the entire IRC - network? And does that increase or decrease the lags and splits in the - IRC network? Does that provide user based security where some specific - private message are secured? Does that provide security where some - specific channel messages are secured? And I know, you can answer yes - to some of these questions. But, security is not just about applying - encryption to traffic and SILC is not just about `encrypting the - traffic`. You cannot make insecure protocol suddenly secure just by - encrypting the traffic. SILC is not meant to be IRC replacement. IRC - is good for some things, SILC is good for same and some other things. - - Q: Can I talk from SILC network to IRC network? - A: Simple answer for this is No. The protocols are not compatible - which makes it impossible to directly talk from SILC network to IRC - network or vice versa. Developing a gateway between these two networks - would technically be possible but from security point of view strongly - not recommended. We have no plans for developing such a gateway. - - Q: Does SILC support file transfer? - A: Yes. The SILC protocol support SFTP as mandatory file transfer - protocol. It provides simple client to client file transfer, but also - a possibility for file and directory manipulation. Even though the - SFTP is the file transfer protocol the support for file transferring - has been done so that practically any file transfer protocol may be - used with SILC protocol. - - Q: Does SILC support DCC or alike? - A: SILC does not support the DCC commonly used in IRC. It does not - need it since it has builtin support for same features that DCC have. - You can transfer files securely and encrypted directly with another - client. You can also negotiate secret key material with another client - directly to use it in private message encryption. The private messages - are not, however sent directly between clients. The protocol, on the - other hand does not prohibit sending messages directly between clients - if the implementation would support it. The current SILC Client - implementation does not support it. This means that private messages - travel through the SILC Network. SILC protocol also has a capability - to support DCC and CTCP like protocols with SILC. None of them, - however have not been defined to be used with SILC at the present - time. - - Q: I am behind a firewall, can I use SILC? - A: Yes. If your network administrator can open the remote port 706 - (TCP) you can use SILC without problems. You may also compile your - SILC client with SOCKS support which will proxy your SILC session - through the firewall. - - Q: How secure SILC really is? - A: We have tried to make SILC as secure as possible. However, there is - no security protocol or security software that has not been vulnerable - to some sort of attacks. SILC is in no means different from this. So, - it is suspected that there are security holes in the SILC. These holes - just need to be found so that they can be fixed. SILC's security - features has been developed from attacker's point of view, and we've - tried to find all the possible attacks and guard the protocol against - them. - - But to give you some parameters of security SILC uses the most secure - crytographic algorithms such as AES (Rijndael), Twofish, Blowfish, - RC5, etc. SILC does not have DES or 3DES as DES is insecure and 3DES - is just too slow. SILC also uses cryptographically strong random - number generator when it needs random numbers. Public key cryptography - uses RSA (PKCS #1) and Diffie-Hellman algorithms. Key lengths for - ciphers are initially set to 256. For public key algorithms the - starting key length is 1024 bits. - - But the best answer for this question is that SILC is as secure as its - weakest link. SILC is open and the protocol is open and in public thus - open for security analysis. - - To give a list of attacks that are ineffective against SILC: - - - Man-in-the-middle attacks are ineffective if proper public key - infrastructure is used, and if all public keys are always verified. - - IP spoofing is ineffective (because of encryption and trusted keys). - - Attacks that change the contents of the data or add extra data to - the packets are ineffective (because of encryption and integrity - checks). - - Passive attacks (listenning network traffic) are ineffective - (because of encryption). Everything is encrypted including - authentication data such as passwords when they are needed. - - Any sort of cryptanalytic attacks are tried to make ineffective by - using the best cryptographic algorithms out there, and by designing - the protocol to guard against them. - - Q: Does SILC support instant messaging? - A: Officially SILC is not an instant message (IM) system as people - usually understands it. However, SILC supports many of the features - that are found in traditional IM systems. SILC can be implemented in - either IRC-style or IM-style system. Features that are usually found - only in IM systems, such as multiple presence settings, persistent - sessions etc. are also found in SILC. - - Q: Why SILC does not have LINKS command like in IRC? - A: It was felt that this information as an own command in SILC is not - necessary. Moreover, the topology of the network might be undisclosed - information even though the servers and routers in the network are - still open. We feel that the network topology information, if it is - wanted to be public, and the list of accessible servers can be made - available in other ways than providing command like LINKS, which shows - the active server links in IRC. - - Q: What does the session detaching/resuming mean? - A: The new SILC protocol supports a feature called session detachment. - This means that client can detach from the server by giving a DETACH - command, but still remain as valid user in the network. The connection - is lost to the server but the user remains in the network. User can - then resume the session back next time it connects a server in the - network, and be like he was never gone. - - This feature clearly could be used in many cases. For example, if you - want to upgrade your current SILC client, you do not have to quit the - network anymore. You just give DETACH command and still remain in the - network. Then you upgrade your client and reconnect to the server and - continue business as is. If somebody gives WHOIS command to your - nickname he will see that you are detached. Messages that are sent to - you when you are detached are dropped by the server. Nice thing about - this feature is also that you can resume the session from any server - in the network; you do not have to reconnect to the same server you - originally were connected to. - - Q: Is anyone outside a channel able to see the channel messages? - A: A short answer is simply No. A longer answer involves assumptions - about security conditions. Initially channel keys are generated by the - server, so if the server would get compromised it would be possible - for an adversary to see the messages. However, users on the channel - can prevent this even if the server would be compromised. It is - possible to set so called channel private key that only the users on - the channel know about. The servers does not know about the key, and - therefore cannot see the messages even if they would be compromised. - So, longer answer results into same as the short one; No. - - Q: How can I register my channel in SILC? - A: There is not a channel registering service in SILC. However, SILC - does support permanent channels. When you join a non-existing channel - for the first time you will become the founder of the channel. You can - then set a special founder mode on the channel which makes the channel - permanent. When the last user leaves the channel when this mode is - set, the channel will not be destroyed. If the founder mode is not - set, then empty channels will be destroyed automatically. When the - founder mode is set and you leave the channel you can also reclaim the - founder rights back on the channel next time you join it. (see also Q: - What does the founder mode on channel mean, and how do I set it? and - Q: I am founder of invite only channel, how can I join the channel - after I have left it?). You can call this channel registering if you - want. - - Q: Is it true that all messages are encrypted in SILC? - A: Most definitely yes. The SILC protocol makes it impossible to send - unencrypted messages or packets to the SILC network. All messages are - always encrypted, either using session keys, or other secret keys such - as channel keys or private message keys. - - Q: Can server or SILC operator gain operator mode on a channel? - A: They cannot get operator status, founder status, join invite only - channels, escape active bans, escape user limits or anything alike, - without explicitly being allowed. Only way to get channel operator - status is that someone ops him. Server and SILC operators in the - network are normal users with the extra privileges of being able to - adminstrate their server. They cannot do anything more than a normal - user. - - Q: Channel name doesn't have #-character or does it? - A: The #-character is not mandatory part of channel name, like it is - in IRC. This means that giving the command /JOIN #silc and /JOIN silc - will join to different channels. This is intentional since the - #-character clearly is IRC feature and has nothing to do with SILC. If - you want it to have the character then just join to the channel with - #-character in the name. - - Q: Does SILC support moderated channels? - A: Yes. Channel founder can moderate both normal users and channel - operators so that they cannot talk on the channel. It is also possible - to quiet one specific user on the channel if needed. - - Q: What does the "watching" mean? - A: You can set a "watch" list for yourself in the server. This means - that you can watch for certain nicknames in the network. For example, - if you add a nickname "foo" to the watch list you will be notified - when the foo logins to the network, leaves the network, changes its - user mode or changes its nickname. This way you can watch for example - when does you friend login to the network. - - Q: Is it possible to reject watching? - A: Yes. Since it is clear that not everyone wants to be spied on you - can set a mode for yourself which rejects watching you. Even if - someone is watching the nickname you have, your logins, logoffs, mode - changes or nickname changes will not be notified to the watcher. - - Q: Is it possible to block private messages? - A: Yes. You can block incoming private messages by setting a mode that - prevents unwanted private messages. Only the private messages that are - secured with a private message key are delivered to you. This implies - that you have negotiated the private key with the sender of the - message, and therefore want to receive messages from that user. Other - private messages that are secured with normal session keys are dropped - when the mode is set. - - Q: Is it possible to block channel messages? - A: Yes it is. By setting a mode that accomplishes this you can prevent - the server of sending any channel messages to you. There is also a - mode that allows blocking channel messages from normal users. This - means that you will receive channel messages only when it is sent by - channel operator or channel founder. It is also possible to block - channel messages sent by robots. A user on the channel can have a - robot mode set (which means that the user is actually a robot - program), and messages sent from that user can be blocked with the - mode. - - Q: Is it possible to block invites? - A: It sure is. You can set a mode that prevents the server of sending - invite notifications to you. This can for example prevent invite - flooding. The downside is that it may make joining to a invite only - channels a bit harder. - - Q: Does SILC support multimedia messages, like video/audio streaming? - A: Yes it does. The new version of the protocol supports sending of - MIME objects as messages. Since MIME objects can easily represent any - kind of data, such as video stream, audio stream, images, etc. it is - easy to send these multimedia messages in SILC. It also makes video - conferencing possible with SILC. It can work by sending the stream(s) - to a channel and everybody who joins the channel can receive the - stream. This feature in the protocol surely makes possible many kind - of multimedia applications in the future. - - Q: What kind of presence modes SILC support? - A: By presence we mean indication of presence in the network, and SILC - supports several different kinds of presence modes. They can be - changed with the UMODE command which changes your user mode in the - network. Currently there is the following modes for presence: GONE - (I'm away), INDISPOSED (I cannot be here), BUSY (I'm busy, don't - bother me), PAGE (page me if you want to talk), and HYPER (I'm hyper - active, talk to me). When mode is not set it means you are present in - the network. There are many other user modes as well, but they are not - directly related to presence indication. - - Q: Does SILC support anonymity? - A: The protocol has a user mode which indicates that user is anonymous - user. The user cannot set or unset the mode itself, but a server which - provides these anonymous chatting services can set the mode for the - user that connects to the server. User that has the mode set has their - username and hostname information scrambled. There are other ways of - making anonymity in SILC but they all are implementational methods, - and protocol does not handle those methods. - - Q: Does SILC support services? - A: Yes it does. There is command called SERVICE which can be used by - clients and servers to negotiate a service agreement with a remote - server. The protocol does not however define any services currently. - - Q: I have suggestions to SILC Protocol, what can I do? - A: All suggestions and improvements are of course welcome. You should - read the protocol specifications first to check out whether your idea - is covered by them already. The best place to make your idea public is - the SILC development mailing list. You might want to checkout the TODO - list from the CVS as well. - - 3. Client Questions - - Q: Where can I find SILC clients? - A: The official SILC client is available for free download from the - silcnet.org web page. There is also several independent projects - working with the SILC Toolkit to come up with various other clients. - Bombyx is a cross-platform GUI client written with FLTK. Milc is also - a cross-platform GUI client written with WxWindows. See also our links - page for links to other clients. - - Q: Can I use SILC with IRC client and vice versa? - A: Generally the answer would be no for both. However, there exist - already at least one IRC client that supports SILC, the Irssi client. - The current SILC client is actually based on the user interface of the - Irssi client. So, yes it is possible to use SILC with some IRC clients - and vice versa. You can use SILC plug-in in Irssi and have support for - both protocols in one client. But, this does not mean that you can - talk from SILC network to IRC network, that is not possible. - - Q: The default theme sucks, where can I find a better one? - A: The Irssi SILC client's theme files are almost 100% compatible with - the original Irssi IRC client's themes. You can get those theme files - from the Irssi project website. You can also try to make a better - theme by yourself. - - Q: How do I send a private message? - A: Sending private message is done by using the MSG command. For - example, command: /MSG john hello, will send a `hello' message to a - nickname `john'. By default private messages are secured with session - keys, and the message is re-encrypted by the servers when the message - travels to the receiver. If you would like to secure the private - messages with a private key, you can negotiate a secret key with the - receiver. Always remember to give WHOIS command before sending a - private message to assure that you are sending the message to correct - person. - - Q: How do I negotiate secret key with another user? - A: It is important to negotiate secret keys if you cannot trust the - servers and the network you are using. By negotiating a key with the - user you want to talk to assures that no one except you and your - friend is able to encrypt and decrypt the messages. The secret key - negotiation is done with the KEY command. Here is an example of how to - negotiate keys for securing private messages. - - By giving command: /KEY MSG john agreement 192.168.2.100, you will - send a key negotiation request to a nickname `john'. The 192.168.2.100 - IP address would be your machine's IP address. You can also define an - port to the KEY command after the IP address. If you do not do that - the operating system will bind to a port of its choosing. John will - receive a notification on the screen that you would like to negotiate - secret keys with him, and he will receive the IP address and port - where you are listenning for the negotiation. When he gives command: - /KEY MSG You negotiate 192.168.2.100 31382, the key negotiation is - started. During the key negotiation you will be prompted on the screen - to verify and accept John's public key if you do not have his public - key already. The John will be prompted to accept your public key as - well. After the key negotiation is over all private messages sent - between you and John are secured with the negotiated secret key. Note - that you must verify the public key you are prompted for, and this is - very important since someone could be doing man-in-the-middle attack. - - Q: How do I negotiate secret keys behind a NAT? - A: If only you are behind a NAT, or firewall then key negotiation - works, but if both you and your friend are behind a NAT then key - negotiation will not work, since it is done peer to peer. If you are - behind a NAT then you obviously cannot receive key negotiations, and - cannot bind to any IP address and port. However, you can still use KEY - command to negotiate the keys. - - By giving command: /KEY MSG john agreement, without any other - arguments (such as IP address and port) you will send a negotiation - request to John, but do not provide an address and port for the John - to connect to. When John receives the notification on the screen that - you would like to perform key negotiation, he can give command: /KEY - MSG You agreement 172.16.100.78, which will send key negotiation - request back to you. You will receive the IP address and port where - you need to connect in order to perform the negotiation. After - receiving the notification you can give command: /KEY MSG john - negotiate 172.16.100.78 31181, which will start the key negotiation - with John. This way you can negotiate the keys if you are behind a - NAT. - - Q: How do I change channel modes? - A: The command to manage channel modes is CMODE. With this command you - can change the channel status (to change it to secret channel for - example), set user limit on the channel, passphrase for the channel, - set the channel to use private keys on channel, and set the founder - mode. - - Q: What does the founder mode on channel mean, and how do I set it? - A: Who ever creates the channel by being the first user to join the - channel becomes automatically the founder of the channel. Founder has - some extra privileges on the channel. For example, it is not possible - to kick the founder off the channel, and there are some channel modes - that only the founder of the channel can change. If the creator of the - channel wishes to preserve the channel founder mode even if he leave - the channel he can set the founder mode for the channel. - - The mode is set by giving command: /CMODE #channel +f. This will set - the founder mode and will use the public key of the founder as - authenticator when the user is reclaiming the mode back. If the - founder leaves the channel he will be able to get the founder mode - back by using JOIN or CUMODE commmands. Giving command /JOIN #channel - -founder, will get the founder mode back at the same time he joins the - channel, or giving commmand /CUMODE #channel +f yournick, will also - give the founder mode back on the channel after he has joined the - channel. - - The founder mode also means that the channel becomes permanent when it - is set. This means that when the last client leaves the channel the - channel is not destroyed when the founder mode is set. Next time - someone joins the channel he will not become the founder of the - channel if the channel already existed (but were empty). If the - founder mode is not set when last user leaves the channel, the channel - will be destroyed. When you set the mode for the channel and leave the - channel you can reclaim the founder rights to yourself back at any - time when you rejoin the channel. - - Q: I am founder of invite only channel, how can I join the channel - after I have left it? - A: Founder can override the invite only status by reclaiming the - founder status on the channel using the JOIN command. The channel must - have the founder mode set in order for it to work. Reclaiming founder - status using JOIN command is important also if the channel has user - limit set, and has active bans. Founder can override these conditions - as well. However, founder cannot override the passphrase of the - channel if it is set. To get the founder mode during JOIN and to - override the invite only condition, give command: /JOIN #channel - -founder. This will join the channel and attempt to reclaim the - founder status back to you. - - Q: How can I op or deop somebody on channel? - A: Giving operator status, or removing the operator status on a - channel requires you to have at least operator status, or founder - status on the channel. You can give operator status to another user by - using CUMODE command. To give ops give the command: /CUMODE #channel - +o john, and to remove ops give command: /CUMODE #channel -o john. To - indicate current channel you can also use `*' character in #channel's - stead. - - Q: How do I set private key for channel, and what does that mean - exactly? - A: Setting private key for channel requires first to set the private - key mode for the channel. You need to be the founder of the channel to - be able to do this. Give the command: /CMODE #channel +k. After this - mode is set the old channel key will not be used to encrypt and - decrypt channel messages. To set the key for the channel use the KEY - command. Every user on the channel must do the same thing and set the - same key. If some user on the channel does not set the key (or does - not know the key) he won't be able to see any messages on the channel. - Give the command: /KEY CHANNEL #channel set verysecretkey. This - command will set the `verysecretkey' passphrase as key to #channel. - How exactly other users will know this key is out of scope of the SILC - protocol. SILC does not provide yet a possibility of negotiating - secret key with many users at the same time. For this reason the - secret key on the channel is usually a passphrase or a password that - all users on the channel have to know. Setting a private key for - channel means that only the users on the channel who know the key is - able to encrypt and decrypt messages. Servers do not know the key at - all. If you remove the private key mode from the channel, all users - will start automatically using a new channel key to secure channel - messages. - - Q: How do I transfer a file? - A: You can transfer files securely using the FILE command. This - command will automatically negotiate secret key with the remote user - and the file transfer stream is secured using that key. The file - transfer stream is always sent peer to peer. If you would like to send - a file to another user you can give command: /FILE SEND - path/to/the/file john. This command sends, or actually makes the - `path/to/the/file' available for download for the user `john'. The - John will decide whether he wants to actually download the file. When - John gives the command: /FILE RECEIVE, the key negotiation is started. - You and John will be prompted to verify and accept each other's public - key if you do not have it cached already. After key negotiation is - over the file transfer process starts. If you want to cancel the file - transfer session, or if John wants to reject the file transfer - request, giving the command: /FILE CLOSE will close the session. - - Q: How can I get other users public keys? - A: You can get a user's public key using the GETKEY command. This - command will fetch the user's public key from the server where the - user has connected to. The server has verified that the user posesses - the corresponding private key, however, you will be prompted to verify - and accept the public key. All client public keys are saved in your - local key directory in ~/.silc/clientkeys/. You can also receive - clients public keys during key negotiation and file transfers. The - GETKEY command can be used to fetch a server's public key as well. - Those keys are saved in ~/.silc/serverkeys/ directory. - - Q: How can I see the fingerprint of my public key? - A: You can check out your own fingerprint by giving just WHOIS command - without any arguments. Additionally you can also dump the contents of - the key file using the silc program and giving -S option to it. Your - own public key is always saved in ~/.silc/public_key.pub file. To dump - your key run silc as: silc -S .silc/public_key.pub. The same way you - can dump the contents of any public key inside ~/.silc/clientkeys/ and - ~/.silc/serverkeys/ directories. The WHOIS command will also show - other users public key fingerprints. - - Q: I gave WHOIS to a nick, and it returned multiple replies, why? - A: This will happen if there are several same nicknames in the network - at the same time. As you may already know nicknames are not unique in - SILC network. This means there can be multiple same nicknames. This - also means that you can always have the nickname you want. If WHOIS - returns multiple replies, you can distinguish the users by their - realname, username, hostname and ultimately by the fingerprint of - their public key, which the WHOIS will also show. You will also notice - an additional nickname inside a parenthesis. It may show for example: - nickname: John (John@otaku). The real nickname is `John', but since - there are many John's in the network you can access this one using - `John@otaku'. So, if you were to send private message to this - particular John you can do it by giving command: /MSG John@otaku - hello. This will send `hello' message to the John@otaku. - - Q: Is there a command to see all linked servers? - A: No there is not. For longer answer see also this FAQ. - - Q: How do I list the users of a channel? - A: The command to list all users on a particular channel is USERS. It - is also aliased to WHO command in Irssi SILC Client. To see the users - of the current channel give the command: /USERS *. You can replace the - `*' with the channel name of your choosing. If the channel is private - or secret channel, and you have not joined the channel, you cannot - list the users of that channel. - - Q: What is the difference between OPER and SILCOPER commands? - A: The OPER command is used to gain server operator privileges on - normal SILC server, while SILCOPER is used to gain router operator - (also known as SILC operator) privileges on router server. You cannot - use SILCOPER command on normal SILC server, it works only on router - server. - - Q: My Cygwin client crashes with message "Couldn't create //.silc - directory" - A: A solutions should be setting HOME enviroment variable to the - directory where you have unpacked your SILC Client. Type to your - command prompt something like: - c:\>set HOME=c:\silc - - Q: Why /join #silc and /join silc doesn't join the same channel? - A: The #-character is not mandatory part of channel name in SILC. So - #silc and silc are two different channels. The #-character in channel - name is IRC feature and has nothing to do with SILC. If you have - #-character in the channel name, then it is part of the channel name, - just like %-character, or &-character could be part of channel name. - - Q: How do I detach my session from the server? - A: You can detach your session by simply giving DETACH command. Your - connection to the server will be closed automatically. Next time you - connect any server in the network your session will be automatically - resumed. If there is an error during session resuming your connection - will be closed and you need to reconnect to the server. In this case - the old sessionn cannot be resumed anymore. - - 4. Server Questions - - Q: Where can I find SILC servers? - A: The SILC server is available for free download from the silcnet.org - web page. We are not aware of any other SILC server implementations, - so far. - - Q: Can I run my own SILC server? - A: Yes of course. Download the SILC server package, compile and - install it. Be sure to check out the installation instructions and the - README file. You also should decide whether you want to run SILC - server or SILC router. - - Q: What is the difference between SILC server and SILC router? - A: The topology of the SILC network includes SILC routers and the SILC - servers (and SILC clients of course). Normal SILC server does not have - direct connections with other SILC servers. They connect directly to - the SILC router. SILC Routers may have several server connections and - they may connect to several SILC routers. The SILC routers are the - servers in the network that know everything about everything. The SILC - servers know only local information and query global information from - the router when necessary. - - If you are running SILC server you want to run it as router only if - you want to have server connections in it and are prepared to accept - server connections. You also need to get the router connected to some - other router to be able to join the SILC network. You may run the - server as normal SILC server if you do not want to accept other server - connections or cannot run it as router. - - Q: Why server says permission denied to write to a log file? - A: The owner of the log files must be same user that the server is run - under, by default it is user `nobody'. Just change the permissions and - try again. - - Q: When I connect to my server it says "server does not support one of - your proposed ciphers", what is wrong? - A: Most likely the ciphers and others has not been compiled as SIMs - (modules) and they are configured as modules in the silcd.conf. If - they are not compiled as modules remove the module paths from the - ciphers and hash functions from the silcd.conf, so that the server use - the builtin ciphers. Then try connecting to the server again. It is - also possible that the client IS proposing some ciphers that your - server does not support. - - Q: Why SILC server runs on privileged port 706? - A: Ports 706/tcp and 706/udp have been assigned for the SILC protocol - by IANA. Server on the network listening above privileged ports - (>1023) SHOULD NOT be trusted as it could have been set up by - untrusted party. The server normally drops root privileges after - startup and then run as user previously defined in silcd.conf. - - Q: I see [Unknown] in the log file, what does it mean? - A: You can see in the log file for example: [Info] Closing connection - 192.168.78.139:3214 [Unknown]. The [Unknown] means that the connection - was not authenticated yet, and it is not known whether the connection - was a client, server or router. There will appear [Client], [Server] - or [Router] if the connection is authenticated at that point. - - Q: How can I generate a new server key pair? - A: You can generate a new key pair using the silcd command with the -C - option. When SILC Server is installed a key pair is generated - automatically for you. However, it is suggested that you check the - information found in that key and generate a new key pair if the - information is incorrect. You can check the information of your public - key by giving command: silc -S file.pub. - - If you want to generate a new key pair then you can give for example - command: silcd -C . --identifier="UN=silc-oper, HN=silc.silcnet.org, - RN=SILC Router Admin, E=silc-oper@silcnet.org, O=SILC Project, C=SK". - This will create the key pair to current directory, with the specified - identifier. Please, give the --help option to the silcd to see usage - help for the -C and --identifier options. - - 5. Toolkit Questions - - Q: What is SILC Toolkit? - A: SILC Toolkit is a package intended for software developers who - would like to develope their own SILC based applications or help in - the development of the SILC. The Toolkit includes SILC Protocol Core - library, SILC Crypto library, SILC Key Exchange (SKE) library, SILC - Math library, SILC Modules (SIM) library, SILC Utility library, SILC - Client library and few other libraries. - - Q: Is the SILC Toolkit Reference Manual Available? - A: Yes, partially completed reference manual is available in the - Toolkit releases as HTML package and they are available from the - silcnet.org website as well at the documentation page. - - Q: How do I compile the Toolkit on Unix? - A: You should read the INSTALL file from the package and follow its - instructions. The compilation on Unix is as simple as compiling any - other SILC package. Give, `./configure' command and then `make' - command. - - Q: How do I compile the Toolkit on Win32? - A: We have prepared instructions to compile the Toolkit on Win32 in - the Toolkit package. Please, read the README.WIN32 file from the - package for detailed instructions how to compile the Toolkit for - Cygwin, MinGW and native Win32 systems. We have also prepared ready - MSVC++ Workspace files in the win32/ directory in the package that - will compile automatically the Toolkit. - - Q: Does the Toolkit package include any sample code? - A: Yes, naturally. It includes sample codes for two different SILC - Client implementations, and SILC Server. The silcer/ directory - includes a simple GUI client based on GTK--, and Win32 samples are - included in the win32/ directory, for simple client.