+++ /dev/null
- Frequently Asked Questions
-
- 1. General Questions
- 1.1 What is SILC?
- 1.2 When was SILC Project started?
- 1.3 Why SILC in the first place?
- 1.4 What license covers the SILC release?
- 1.5 Why SILC? Why not IRC3?
- 1.6 What platforms SILC supports?
- 1.7 How do you pronounce SILC?
- 1.8 Where can I find more information?
- 1.9 I would like to help out, what can I do?
-
- 2. Protocol Questions
- 2.1 What is the status of SILC protocol in the IETF?
- 2.2 How much the SILC protocol is based on IRC?
- 2.3 Why use SILC? Why not IRC with SSL?
- 2.4 Can I talk from SILC network to IRC network?
- 2.5 Does SILC support file transfer?
- 2.6 Does SILC support DCC or alike?
- 2.7 I am behind a firewall, can I use SILC?
- 2.8 How secure SILC really is?
- 2.9 Does SILC support instant messaging?
- 2.10 Why SILC does not have LINKS command like in IRC?
- 2.11 What does the session detaching/resuming mean?
- 2.12 Is anyone outside a channel able to see the channel
- messages?
- 2.13 How can I register my channel in SILC?
- 2.14 Is it true that all messages are encrypted in SILC?
- 2.15 Can server or SILC operator gain operator mode on a channel?
- 2.16 Channel name doesn't have #-character or does it?
- 2.17 Does SILC support moderated channels?
- 2.18 What does the "watching" mean?
- 2.19 Is it possible to reject watching?
- 2.20 Is it possible to block private messages?
- 2.21 Is it possible to block channel messages?
- 2.22 Is it possible to block invites?
- 2.23 Does SILC support multimedia messages, like video/audio
- streaming?
- 2.24 What kind of presence modes SILC support?
- 2.25 Does SILC support anonymity?
- 2.26 Does SILC support services?
- 2.27 I have suggestions to SILC Protocol, what can I do?
-
- 3. Client Questions
- 3.1 Where can I find SILC clients?
- 3.2 Can I use SILC with IRC client and vice versa?
- 3.3 The default theme sucks, where can I find a better one?
- 3.4 How do I send a private message?
- 3.5 How do I negotiate secret key with another user?
- 3.6 How do I negotiate secret keys behind a NAT?
- 3.7 How do I change channel modes?
- 3.8 What does the founder mode on channel mean, and how do I set
- it?
- 3.9 I am founder of invite only channel, how can I join the
- channel after I have left it?
- 3.10 How can I op or deop somebody on channel?
- 3.11 How do I set private key for channel, and what does that
- mean exactly?
- 3.12 How do I transfer a file?
- 3.13 How can I get other users public keys?
- 3.14 How can I see the fingerprint of my public key?
- 3.15 I gave WHOIS to a nick, and it returned multiple replies,
- why?
- 3.16 Is there a command to see all linked servers?
- 3.17 How do I list the users of a channel?
- 3.18 What is the difference between OPER and SILCOPER commands?
- 3.19 My Cygwin client crashes with message "Couldn't create
- //.silc directory"
- 3.20 Why /join #silc and /join silc doesn't join the same
- channel?
- 3.21 How do I detach my session from the server?
-
- 4. Server Questions
- 4.1 Where can I find SILC servers?
- 4.2 Can I run my own SILC server?
- 4.3 What is the difference between SILC server and SILC router?
- 4.4 Why server says permission denied to write to a log file?
- 4.5 When I connect to to my server, it says "server does not
- support one of your proposed cipher", what is wrong?
- 4.6 Why SILC server runs on privileged port 706?
- 4.7 I see [Unknown] in the log file, what does it mean?
- 4.8 How can I generate a new server key pair?
-
- 5. Toolkit Questions
- 5.1 What is SILC Toolkit?
- 5.2 Is the SILC Toolkit Reference Manual Available?
- 5.3 How do I compile the Toolkit on Unix?
- 5.4 How do I compile the Toolkit on Win32?
- 5.5 Does the Toolkit package include any sample code?
-
- 1. General Questions
-
- Q: What is SILC?
- A: SILC (Secure Internet Live Conferencing) is a protocol which
- provides secure conferencing services in the Internet over insecure
- channel. SILC is IRC like although internally they are very different.
- Biggest similarity between SILC and IRC is that they both provide
- conferencing services and that SILC has almost same commands as IRC.
- Other than that they are nothing alike.
-
- Biggest differences are that SILC is secure what IRC is not in any
- way. The network model is also entirely different compared to IRC.
-
- Q: When was SILC Project started?
- A: The SILC development started in 1996 and early 1997. But, for
- various reasons it suspended many times until it finally got some wind
- under its wings in 1999. First public release was in summer 2000.
-
- Q: Why SILC in the first place?
- A: Simply for fun, nothing more. And actually for need back in the
- days when it was started. When SILC was first developed there really
- did not exist anything like this. SILC has been very interesting and
- educational project.
-
- Q: What license covers the SILC release?
- A: The SILC software developed here at silcnet.org, the SILC Client,
- the SILC Server and the SILC Toolkit are covered by the GNU General
- Public License.
-
- Q: Why SILC? Why not IRC3?
- A: Question that is justified no doubt of that. SILC was not started
- to become a replacement for IRC. SILC was something that didn't exist
- in 1996 or even today except that SILC is now released. However, I did
- check out the IRC3 project in 1997 when I started coding and planning
- the SILC protocol.
-
- But, IRC3 is problematic. Why? Because it still doesn't exist. The
- project is almost at the same spot where it was in 1997 when I checked
- it out. And it was old project back then as well. That's the problem
- of IRC3 project. The same almost happened to SILC as well as I wasn't
- making real progress over the years. I talked to the original author
- of IRC, Jarkko Oikarinen, in 1997 and he directed me to the IRC3
- project, although he said that IRC3 is a lot of talking and not that
- much of anything else. I am not trying to put down the IRC3 project
- but its problem is that no one in the project is able to make a
- decision what is the best way to go about making the IRC3 and I wasn't
- going to be part of that. The fact is that if I would've gone to IRC3
- project, nor IRC3 or SILC would exist today. I think IRC3 could be
- something really great if they just would get their act together and
- start coding the thing.
-
- Q: What platforms SILC supports?
- A: The SILC Client is available on various Unix systems and is
- reported to work under cygwin on Windows. The SILC Server also works
- on various Unix systems. However, the server has not been tested under
- cygwin as far as we know. The SILC Toolkit is distributed for all
- platforms, Unix, Cygwin and native Windows.
-
- Q: How do you pronounce SILC?
- A: SILC is usually pronounced as `silk', but you are free to pronounce
- it the way you want.
-
- Q: Where can I find more information?
- A: For more technical information we suggest reading the SILC Protocol
- specifications. You might also want to take a look at the
- documentation page on the web page.
-
- Q: I would like to help out, what can I do?
- A: You might want to take a look at the Contributing page and the TODO
- list. You might also want to join the SILC development mailing list.
-
- 2. Protocol Questions
-
- Q: What is the status of SILC protocol in the IETF?
- A: The SILC protocol specifications has been submitted currently as
- individual submissions. There does not currently exist a working group
- for this sort of project. Our goal is to fully standardize the SILC
- and thus submit it as RFC to the IETF at a later time. This can happen
- only after we have requested the IETF to accept SILC as RFC. As of
- today, we have not yet even requested this from the IETF. We want to
- let the protocol mature a bit more.
-
- Q: How much SILC Protocol is based on IRC?
- A: SILC is not based on IRC. The client superficially resembles IRC
- client but everything that happens under the hood is nothing alike
- IRC. SILC could *never* support IRC because the entire network
- toppology is different (hopefully more scalable and powerful). So no,
- SILC protocol (client or server) is not based on IRC. Instead, We've
- taken good things from IRC and left all the bad things behind and not
- even tried to burden the SILC with the IRCs problems that will burden
- IRC and future IRC projects till the end. SILC client resembles IRC
- client because it is easier for new users to start using SILC when
- they already know all the commands.
-
- Q: Why use SILC? Why not IRC with SSL?
- A: Sure, that is possible, although, does that secure the entire IRC
- network? And does that increase or decrease the lags and splits in the
- IRC network? Does that provide user based security where some specific
- private message are secured? Does that provide security where some
- specific channel messages are secured? And I know, you can answer yes
- to some of these questions. But, security is not just about applying
- encryption to traffic and SILC is not just about `encrypting the
- traffic`. You cannot make insecure protocol suddenly secure just by
- encrypting the traffic. SILC is not meant to be IRC replacement. IRC
- is good for some things, SILC is good for same and some other things.
-
- Q: Can I talk from SILC network to IRC network?
- A: Simple answer for this is No. The protocols are not compatible
- which makes it impossible to directly talk from SILC network to IRC
- network or vice versa. Developing a gateway between these two networks
- would technically be possible but from security point of view strongly
- not recommended. We have no plans for developing such a gateway.
-
- Q: Does SILC support file transfer?
- A: Yes. The SILC protocol support SFTP as mandatory file transfer
- protocol. It provides simple client to client file transfer, but also
- a possibility for file and directory manipulation. Even though the
- SFTP is the file transfer protocol the support for file transferring
- has been done so that practically any file transfer protocol may be
- used with SILC protocol.
-
- Q: Does SILC support DCC or alike?
- A: SILC does not support the DCC commonly used in IRC. It does not
- need it since it has builtin support for same features that DCC have.
- You can transfer files securely and encrypted directly with another
- client. You can also negotiate secret key material with another client
- directly to use it in private message encryption. The private messages
- are not, however sent directly between clients. The protocol, on the
- other hand does not prohibit sending messages directly between clients
- if the implementation would support it. The current SILC Client
- implementation does not support it. This means that private messages
- travel through the SILC Network. SILC protocol also has a capability
- to support DCC and CTCP like protocols with SILC. None of them,
- however have not been defined to be used with SILC at the present
- time.
-
- Q: I am behind a firewall, can I use SILC?
- A: Yes. If your network administrator can open the remote port 706
- (TCP) you can use SILC without problems. You may also compile your
- SILC client with SOCKS support which will proxy your SILC session
- through the firewall.
-
- Q: How secure SILC really is?
- A: We have tried to make SILC as secure as possible. However, there is
- no security protocol or security software that has not been vulnerable
- to some sort of attacks. SILC is in no means different from this. So,
- it is suspected that there are security holes in the SILC. These holes
- just need to be found so that they can be fixed. SILC's security
- features has been developed from attacker's point of view, and we've
- tried to find all the possible attacks and guard the protocol against
- them.
-
- But to give you some parameters of security SILC uses the most secure
- crytographic algorithms such as AES (Rijndael), Twofish, Blowfish,
- RC5, etc. SILC does not have DES or 3DES as DES is insecure and 3DES
- is just too slow. SILC also uses cryptographically strong random
- number generator when it needs random numbers. Public key cryptography
- uses RSA (PKCS #1) and Diffie-Hellman algorithms. Key lengths for
- ciphers are initially set to 256. For public key algorithms the
- starting key length is 1024 bits.
-
- But the best answer for this question is that SILC is as secure as its
- weakest link. SILC is open and the protocol is open and in public thus
- open for security analysis.
-
- To give a list of attacks that are ineffective against SILC:
-
- - Man-in-the-middle attacks are ineffective if proper public key
- infrastructure is used, and if all public keys are always verified.
- - IP spoofing is ineffective (because of encryption and trusted keys).
- - Attacks that change the contents of the data or add extra data to
- the packets are ineffective (because of encryption and integrity
- checks).
- - Passive attacks (listenning network traffic) are ineffective
- (because of encryption). Everything is encrypted including
- authentication data such as passwords when they are needed.
- - Any sort of cryptanalytic attacks are tried to make ineffective by
- using the best cryptographic algorithms out there, and by designing
- the protocol to guard against them.
-
- Q: Does SILC support instant messaging?
- A: Officially SILC is not an instant message (IM) system as people
- usually understands it. However, SILC supports many of the features
- that are found in traditional IM systems. SILC can be implemented in
- either IRC-style or IM-style system. Features that are usually found
- only in IM systems, such as multiple presence settings, persistent
- sessions etc. are also found in SILC.
-
- Q: Why SILC does not have LINKS command like in IRC?
- A: It was felt that this information as an own command in SILC is not
- necessary. Moreover, the topology of the network might be undisclosed
- information even though the servers and routers in the network are
- still open. We feel that the network topology information, if it is
- wanted to be public, and the list of accessible servers can be made
- available in other ways than providing command like LINKS, which shows
- the active server links in IRC.
-
- Q: What does the session detaching/resuming mean?
- A: The new SILC protocol supports a feature called session detachment.
- This means that client can detach from the server by giving a DETACH
- command, but still remain as valid user in the network. The connection
- is lost to the server but the user remains in the network. User can
- then resume the session back next time it connects a server in the
- network, and be like he was never gone.
-
- This feature clearly could be used in many cases. For example, if you
- want to upgrade your current SILC client, you do not have to quit the
- network anymore. You just give DETACH command and still remain in the
- network. Then you upgrade your client and reconnect to the server and
- continue business as is. If somebody gives WHOIS command to your
- nickname he will see that you are detached. Messages that are sent to
- you when you are detached are dropped by the server. Nice thing about
- this feature is also that you can resume the session from any server
- in the network; you do not have to reconnect to the same server you
- originally were connected to.
-
- Q: Is anyone outside a channel able to see the channel messages?
- A: A short answer is simply No. A longer answer involves assumptions
- about security conditions. Initially channel keys are generated by the
- server, so if the server would get compromised it would be possible
- for an adversary to see the messages. However, users on the channel
- can prevent this even if the server would be compromised. It is
- possible to set so called channel private key that only the users on
- the channel know about. The servers does not know about the key, and
- therefore cannot see the messages even if they would be compromised.
- So, longer answer results into same as the short one; No.
-
- Q: How can I register my channel in SILC?
- A: There is not a channel registering service in SILC. However, SILC
- does support permanent channels. When you join a non-existing channel
- for the first time you will become the founder of the channel. You can
- then set a special founder mode on the channel which makes the channel
- permanent. When the last user leaves the channel when this mode is
- set, the channel will not be destroyed. If the founder mode is not
- set, then empty channels will be destroyed automatically. When the
- founder mode is set and you leave the channel you can also reclaim the
- founder rights back on the channel next time you join it. (see also Q:
- What does the founder mode on channel mean, and how do I set it? and
- Q: I am founder of invite only channel, how can I join the channel
- after I have left it?). You can call this channel registering if you
- want.
-
- Q: Is it true that all messages are encrypted in SILC?
- A: Most definitely yes. The SILC protocol makes it impossible to send
- unencrypted messages or packets to the SILC network. All messages are
- always encrypted, either using session keys, or other secret keys such
- as channel keys or private message keys.
-
- Q: Can server or SILC operator gain operator mode on a channel?
- A: They cannot get operator status, founder status, join invite only
- channels, escape active bans, escape user limits or anything alike,
- without explicitly being allowed. Only way to get channel operator
- status is that someone ops him. Server and SILC operators in the
- network are normal users with the extra privileges of being able to
- adminstrate their server. They cannot do anything more than a normal
- user.
-
- Q: Channel name doesn't have #-character or does it?
- A: The #-character is not mandatory part of channel name, like it is
- in IRC. This means that giving the command /JOIN #silc and /JOIN silc
- will join to different channels. This is intentional since the
- #-character clearly is IRC feature and has nothing to do with SILC. If
- you want it to have the character then just join to the channel with
- #-character in the name.
-
- Q: Does SILC support moderated channels?
- A: Yes. Channel founder can moderate both normal users and channel
- operators so that they cannot talk on the channel. It is also possible
- to quiet one specific user on the channel if needed.
-
- Q: What does the "watching" mean?
- A: You can set a "watch" list for yourself in the server. This means
- that you can watch for certain nicknames in the network. For example,
- if you add a nickname "foo" to the watch list you will be notified
- when the foo logins to the network, leaves the network, changes its
- user mode or changes its nickname. This way you can watch for example
- when does you friend login to the network.
-
- Q: Is it possible to reject watching?
- A: Yes. Since it is clear that not everyone wants to be spied on you
- can set a mode for yourself which rejects watching you. Even if
- someone is watching the nickname you have, your logins, logoffs, mode
- changes or nickname changes will not be notified to the watcher.
-
- Q: Is it possible to block private messages?
- A: Yes. You can block incoming private messages by setting a mode that
- prevents unwanted private messages. Only the private messages that are
- secured with a private message key are delivered to you. This implies
- that you have negotiated the private key with the sender of the
- message, and therefore want to receive messages from that user. Other
- private messages that are secured with normal session keys are dropped
- when the mode is set.
-
- Q: Is it possible to block channel messages?
- A: Yes it is. By setting a mode that accomplishes this you can prevent
- the server of sending any channel messages to you. There is also a
- mode that allows blocking channel messages from normal users. This
- means that you will receive channel messages only when it is sent by
- channel operator or channel founder. It is also possible to block
- channel messages sent by robots. A user on the channel can have a
- robot mode set (which means that the user is actually a robot
- program), and messages sent from that user can be blocked with the
- mode.
-
- Q: Is it possible to block invites?
- A: It sure is. You can set a mode that prevents the server of sending
- invite notifications to you. This can for example prevent invite
- flooding. The downside is that it may make joining to a invite only
- channels a bit harder.
-
- Q: Does SILC support multimedia messages, like video/audio streaming?
- A: Yes it does. The new version of the protocol supports sending of
- MIME objects as messages. Since MIME objects can easily represent any
- kind of data, such as video stream, audio stream, images, etc. it is
- easy to send these multimedia messages in SILC. It also makes video
- conferencing possible with SILC. It can work by sending the stream(s)
- to a channel and everybody who joins the channel can receive the
- stream. This feature in the protocol surely makes possible many kind
- of multimedia applications in the future.
-
- Q: What kind of presence modes SILC support?
- A: By presence we mean indication of presence in the network, and SILC
- supports several different kinds of presence modes. They can be
- changed with the UMODE command which changes your user mode in the
- network. Currently there is the following modes for presence: GONE
- (I'm away), INDISPOSED (I cannot be here), BUSY (I'm busy, don't
- bother me), PAGE (page me if you want to talk), and HYPER (I'm hyper
- active, talk to me). When mode is not set it means you are present in
- the network. There are many other user modes as well, but they are not
- directly related to presence indication.
-
- Q: Does SILC support anonymity?
- A: The protocol has a user mode which indicates that user is anonymous
- user. The user cannot set or unset the mode itself, but a server which
- provides these anonymous chatting services can set the mode for the
- user that connects to the server. User that has the mode set has their
- username and hostname information scrambled. There are other ways of
- making anonymity in SILC but they all are implementational methods,
- and protocol does not handle those methods.
-
- Q: Does SILC support services?
- A: Yes it does. There is command called SERVICE which can be used by
- clients and servers to negotiate a service agreement with a remote
- server. The protocol does not however define any services currently.
-
- Q: I have suggestions to SILC Protocol, what can I do?
- A: All suggestions and improvements are of course welcome. You should
- read the protocol specifications first to check out whether your idea
- is covered by them already. The best place to make your idea public is
- the SILC development mailing list. You might want to checkout the TODO
- list from the CVS as well.
-
- 3. Client Questions
-
- Q: Where can I find SILC clients?
- A: The official SILC client is available for free download from the
- silcnet.org web page. There is also several independent projects
- working with the SILC Toolkit to come up with various other clients.
- Bombyx is a cross-platform GUI client written with FLTK. Milc is also
- a cross-platform GUI client written with WxWindows. See also our links
- page for links to other clients.
-
- Q: Can I use SILC with IRC client and vice versa?
- A: Generally the answer would be no for both. However, there exist
- already at least one IRC client that supports SILC, the Irssi client.
- The current SILC client is actually based on the user interface of the
- Irssi client. So, yes it is possible to use SILC with some IRC clients
- and vice versa. You can use SILC plug-in in Irssi and have support for
- both protocols in one client. But, this does not mean that you can
- talk from SILC network to IRC network, that is not possible.
-
- Q: The default theme sucks, where can I find a better one?
- A: The Irssi SILC client's theme files are almost 100% compatible with
- the original Irssi IRC client's themes. You can get those theme files
- from the Irssi project website. You can also try to make a better
- theme by yourself.
-
- Q: How do I send a private message?
- A: Sending private message is done by using the MSG command. For
- example, command: /MSG john hello, will send a `hello' message to a
- nickname `john'. By default private messages are secured with session
- keys, and the message is re-encrypted by the servers when the message
- travels to the receiver. If you would like to secure the private
- messages with a private key, you can negotiate a secret key with the
- receiver. Always remember to give WHOIS command before sending a
- private message to assure that you are sending the message to correct
- person.
-
- Q: How do I negotiate secret key with another user?
- A: It is important to negotiate secret keys if you cannot trust the
- servers and the network you are using. By negotiating a key with the
- user you want to talk to assures that no one except you and your
- friend is able to encrypt and decrypt the messages. The secret key
- negotiation is done with the KEY command. Here is an example of how to
- negotiate keys for securing private messages.
-
- By giving command: /KEY MSG john agreement 192.168.2.100, you will
- send a key negotiation request to a nickname `john'. The 192.168.2.100
- IP address would be your machine's IP address. You can also define an
- port to the KEY command after the IP address. If you do not do that
- the operating system will bind to a port of its choosing. John will
- receive a notification on the screen that you would like to negotiate
- secret keys with him, and he will receive the IP address and port
- where you are listenning for the negotiation. When he gives command:
- /KEY MSG You negotiate 192.168.2.100 31382, the key negotiation is
- started. During the key negotiation you will be prompted on the screen
- to verify and accept John's public key if you do not have his public
- key already. The John will be prompted to accept your public key as
- well. After the key negotiation is over all private messages sent
- between you and John are secured with the negotiated secret key. Note
- that you must verify the public key you are prompted for, and this is
- very important since someone could be doing man-in-the-middle attack.
-
- Q: How do I negotiate secret keys behind a NAT?
- A: If only you are behind a NAT, or firewall then key negotiation
- works, but if both you and your friend are behind a NAT then key
- negotiation will not work, since it is done peer to peer. If you are
- behind a NAT then you obviously cannot receive key negotiations, and
- cannot bind to any IP address and port. However, you can still use KEY
- command to negotiate the keys.
-
- By giving command: /KEY MSG john agreement, without any other
- arguments (such as IP address and port) you will send a negotiation
- request to John, but do not provide an address and port for the John
- to connect to. When John receives the notification on the screen that
- you would like to perform key negotiation, he can give command: /KEY
- MSG You agreement 172.16.100.78, which will send key negotiation
- request back to you. You will receive the IP address and port where
- you need to connect in order to perform the negotiation. After
- receiving the notification you can give command: /KEY MSG john
- negotiate 172.16.100.78 31181, which will start the key negotiation
- with John. This way you can negotiate the keys if you are behind a
- NAT.
-
- Q: How do I change channel modes?
- A: The command to manage channel modes is CMODE. With this command you
- can change the channel status (to change it to secret channel for
- example), set user limit on the channel, passphrase for the channel,
- set the channel to use private keys on channel, and set the founder
- mode.
-
- Q: What does the founder mode on channel mean, and how do I set it?
- A: Who ever creates the channel by being the first user to join the
- channel becomes automatically the founder of the channel. Founder has
- some extra privileges on the channel. For example, it is not possible
- to kick the founder off the channel, and there are some channel modes
- that only the founder of the channel can change. If the creator of the
- channel wishes to preserve the channel founder mode even if he leave
- the channel he can set the founder mode for the channel.
-
- The mode is set by giving command: /CMODE #channel +f. This will set
- the founder mode and will use the public key of the founder as
- authenticator when the user is reclaiming the mode back. If the
- founder leaves the channel he will be able to get the founder mode
- back by using JOIN or CUMODE commmands. Giving command /JOIN #channel
- -founder, will get the founder mode back at the same time he joins the
- channel, or giving commmand /CUMODE #channel +f yournick, will also
- give the founder mode back on the channel after he has joined the
- channel.
-
- The founder mode also means that the channel becomes permanent when it
- is set. This means that when the last client leaves the channel the
- channel is not destroyed when the founder mode is set. Next time
- someone joins the channel he will not become the founder of the
- channel if the channel already existed (but were empty). If the
- founder mode is not set when last user leaves the channel, the channel
- will be destroyed. When you set the mode for the channel and leave the
- channel you can reclaim the founder rights to yourself back at any
- time when you rejoin the channel.
-
- Q: I am founder of invite only channel, how can I join the channel
- after I have left it?
- A: Founder can override the invite only status by reclaiming the
- founder status on the channel using the JOIN command. The channel must
- have the founder mode set in order for it to work. Reclaiming founder
- status using JOIN command is important also if the channel has user
- limit set, and has active bans. Founder can override these conditions
- as well. However, founder cannot override the passphrase of the
- channel if it is set. To get the founder mode during JOIN and to
- override the invite only condition, give command: /JOIN #channel
- -founder. This will join the channel and attempt to reclaim the
- founder status back to you.
-
- Q: How can I op or deop somebody on channel?
- A: Giving operator status, or removing the operator status on a
- channel requires you to have at least operator status, or founder
- status on the channel. You can give operator status to another user by
- using CUMODE command. To give ops give the command: /CUMODE #channel
- +o john, and to remove ops give command: /CUMODE #channel -o john. To
- indicate current channel you can also use `*' character in #channel's
- stead.
-
- Q: How do I set private key for channel, and what does that mean
- exactly?
- A: Setting private key for channel requires first to set the private
- key mode for the channel. You need to be the founder of the channel to
- be able to do this. Give the command: /CMODE #channel +k. After this
- mode is set the old channel key will not be used to encrypt and
- decrypt channel messages. To set the key for the channel use the KEY
- command. Every user on the channel must do the same thing and set the
- same key. If some user on the channel does not set the key (or does
- not know the key) he won't be able to see any messages on the channel.
- Give the command: /KEY CHANNEL #channel set verysecretkey. This
- command will set the `verysecretkey' passphrase as key to #channel.
- How exactly other users will know this key is out of scope of the SILC
- protocol. SILC does not provide yet a possibility of negotiating
- secret key with many users at the same time. For this reason the
- secret key on the channel is usually a passphrase or a password that
- all users on the channel have to know. Setting a private key for
- channel means that only the users on the channel who know the key is
- able to encrypt and decrypt messages. Servers do not know the key at
- all. If you remove the private key mode from the channel, all users
- will start automatically using a new channel key to secure channel
- messages.
-
- Q: How do I transfer a file?
- A: You can transfer files securely using the FILE command. This
- command will automatically negotiate secret key with the remote user
- and the file transfer stream is secured using that key. The file
- transfer stream is always sent peer to peer. If you would like to send
- a file to another user you can give command: /FILE SEND
- path/to/the/file john. This command sends, or actually makes the
- `path/to/the/file' available for download for the user `john'. The
- John will decide whether he wants to actually download the file. When
- John gives the command: /FILE RECEIVE, the key negotiation is started.
- You and John will be prompted to verify and accept each other's public
- key if you do not have it cached already. After key negotiation is
- over the file transfer process starts. If you want to cancel the file
- transfer session, or if John wants to reject the file transfer
- request, giving the command: /FILE CLOSE will close the session.
-
- Q: How can I get other users public keys?
- A: You can get a user's public key using the GETKEY command. This
- command will fetch the user's public key from the server where the
- user has connected to. The server has verified that the user posesses
- the corresponding private key, however, you will be prompted to verify
- and accept the public key. All client public keys are saved in your
- local key directory in ~/.silc/clientkeys/. You can also receive
- clients public keys during key negotiation and file transfers. The
- GETKEY command can be used to fetch a server's public key as well.
- Those keys are saved in ~/.silc/serverkeys/ directory.
-
- Q: How can I see the fingerprint of my public key?
- A: You can check out your own fingerprint by giving just WHOIS command
- without any arguments. Additionally you can also dump the contents of
- the key file using the silc program and giving -S option to it. Your
- own public key is always saved in ~/.silc/public_key.pub file. To dump
- your key run silc as: silc -S .silc/public_key.pub. The same way you
- can dump the contents of any public key inside ~/.silc/clientkeys/ and
- ~/.silc/serverkeys/ directories. The WHOIS command will also show
- other users public key fingerprints.
-
- Q: I gave WHOIS to a nick, and it returned multiple replies, why?
- A: This will happen if there are several same nicknames in the network
- at the same time. As you may already know nicknames are not unique in
- SILC network. This means there can be multiple same nicknames. This
- also means that you can always have the nickname you want. If WHOIS
- returns multiple replies, you can distinguish the users by their
- realname, username, hostname and ultimately by the fingerprint of
- their public key, which the WHOIS will also show. You will also notice
- an additional nickname inside a parenthesis. It may show for example:
- nickname: John (John@otaku). The real nickname is `John', but since
- there are many John's in the network you can access this one using
- `John@otaku'. So, if you were to send private message to this
- particular John you can do it by giving command: /MSG John@otaku
- hello. This will send `hello' message to the John@otaku.
-
- Q: Is there a command to see all linked servers?
- A: No there is not. For longer answer see also this FAQ.
-
- Q: How do I list the users of a channel?
- A: The command to list all users on a particular channel is USERS. It
- is also aliased to WHO command in Irssi SILC Client. To see the users
- of the current channel give the command: /USERS *. You can replace the
- `*' with the channel name of your choosing. If the channel is private
- or secret channel, and you have not joined the channel, you cannot
- list the users of that channel.
-
- Q: What is the difference between OPER and SILCOPER commands?
- A: The OPER command is used to gain server operator privileges on
- normal SILC server, while SILCOPER is used to gain router operator
- (also known as SILC operator) privileges on router server. You cannot
- use SILCOPER command on normal SILC server, it works only on router
- server.
-
- Q: My Cygwin client crashes with message "Couldn't create //.silc
- directory"
- A: A solutions should be setting HOME enviroment variable to the
- directory where you have unpacked your SILC Client. Type to your
- command prompt something like:
- c:\>set HOME=c:\silc
-
- Q: Why /join #silc and /join silc doesn't join the same channel?
- A: The #-character is not mandatory part of channel name in SILC. So
- #silc and silc are two different channels. The #-character in channel
- name is IRC feature and has nothing to do with SILC. If you have
- #-character in the channel name, then it is part of the channel name,
- just like %-character, or &-character could be part of channel name.
-
- Q: How do I detach my session from the server?
- A: You can detach your session by simply giving DETACH command. Your
- connection to the server will be closed automatically. Next time you
- connect any server in the network your session will be automatically
- resumed. If there is an error during session resuming your connection
- will be closed and you need to reconnect to the server. In this case
- the old sessionn cannot be resumed anymore.
-
- 4. Server Questions
-
- Q: Where can I find SILC servers?
- A: The SILC server is available for free download from the silcnet.org
- web page. We are not aware of any other SILC server implementations,
- so far.
-
- Q: Can I run my own SILC server?
- A: Yes of course. Download the SILC server package, compile and
- install it. Be sure to check out the installation instructions and the
- README file. You also should decide whether you want to run SILC
- server or SILC router.
-
- Q: What is the difference between SILC server and SILC router?
- A: The topology of the SILC network includes SILC routers and the SILC
- servers (and SILC clients of course). Normal SILC server does not have
- direct connections with other SILC servers. They connect directly to
- the SILC router. SILC Routers may have several server connections and
- they may connect to several SILC routers. The SILC routers are the
- servers in the network that know everything about everything. The SILC
- servers know only local information and query global information from
- the router when necessary.
-
- If you are running SILC server you want to run it as router only if
- you want to have server connections in it and are prepared to accept
- server connections. You also need to get the router connected to some
- other router to be able to join the SILC network. You may run the
- server as normal SILC server if you do not want to accept other server
- connections or cannot run it as router.
-
- Q: Why server says permission denied to write to a log file?
- A: The owner of the log files must be same user that the server is run
- under, by default it is user `nobody'. Just change the permissions and
- try again.
-
- Q: When I connect to my server it says "server does not support one of
- your proposed ciphers", what is wrong?
- A: Most likely the ciphers and others has not been compiled as SIMs
- (modules) and they are configured as modules in the silcd.conf. If
- they are not compiled as modules remove the module paths from the
- ciphers and hash functions from the silcd.conf, so that the server use
- the builtin ciphers. Then try connecting to the server again. It is
- also possible that the client IS proposing some ciphers that your
- server does not support.
-
- Q: Why SILC server runs on privileged port 706?
- A: Ports 706/tcp and 706/udp have been assigned for the SILC protocol
- by IANA. Server on the network listening above privileged ports
- (>1023) SHOULD NOT be trusted as it could have been set up by
- untrusted party. The server normally drops root privileges after
- startup and then run as user previously defined in silcd.conf.
-
- Q: I see [Unknown] in the log file, what does it mean?
- A: You can see in the log file for example: [Info] Closing connection
- 192.168.78.139:3214 [Unknown]. The [Unknown] means that the connection
- was not authenticated yet, and it is not known whether the connection
- was a client, server or router. There will appear [Client], [Server]
- or [Router] if the connection is authenticated at that point.
-
- Q: How can I generate a new server key pair?
- A: You can generate a new key pair using the silcd command with the -C
- option. When SILC Server is installed a key pair is generated
- automatically for you. However, it is suggested that you check the
- information found in that key and generate a new key pair if the
- information is incorrect. You can check the information of your public
- key by giving command: silc -S file.pub.
-
- If you want to generate a new key pair then you can give for example
- command: silcd -C . --identifier="UN=silc-oper, HN=silc.silcnet.org,
- RN=SILC Router Admin, E=silc-oper@silcnet.org, O=SILC Project, C=SK".
- This will create the key pair to current directory, with the specified
- identifier. Please, give the --help option to the silcd to see usage
- help for the -C and --identifier options.
-
- 5. Toolkit Questions
-
- Q: What is SILC Toolkit?
- A: SILC Toolkit is a package intended for software developers who
- would like to develope their own SILC based applications or help in
- the development of the SILC. The Toolkit includes SILC Protocol Core
- library, SILC Crypto library, SILC Key Exchange (SKE) library, SILC
- Math library, SILC Modules (SIM) library, SILC Utility library, SILC
- Client library and few other libraries.
-
- Q: Is the SILC Toolkit Reference Manual Available?
- A: Yes, partially completed reference manual is available in the
- Toolkit releases as HTML package and they are available from the
- silcnet.org website as well at the documentation page.
-
- Q: How do I compile the Toolkit on Unix?
- A: You should read the INSTALL file from the package and follow its
- instructions. The compilation on Unix is as simple as compiling any
- other SILC package. Give, `./configure' command and then `make'
- command.
-
- Q: How do I compile the Toolkit on Win32?
- A: We have prepared instructions to compile the Toolkit on Win32 in
- the Toolkit package. Please, read the README.WIN32 file from the
- package for detailed instructions how to compile the Toolkit for
- Cygwin, MinGW and native Win32 systems. We have also prepared ready
- MSVC++ Workspace files in the win32/ directory in the package that
- will compile automatically the Toolkit.
-
- Q: Does the Toolkit package include any sample code?
- A: Yes, naturally. It includes sample codes for two different SILC
- Client implementations, and SILC Server. The silcer/ directory
- includes a simple GUI client based on GTK--, and Win32 samples are
- included in the win32/ directory, for simple client.