1 SILC - Secure Internet Live Conferencing
2 ========================================
4 [NOTE: SILC is still in middle of development and this package is known
5 as Developer's Version which means that the package is in no means stable
6 or ready to be in production use. This package is for those who wants
7 to test SILC, find bugs and maybe contribute some time and code for the
8 SILC project. There is no guarantees that this package even compiles and
9 even if it compiles there is no guarantees that it would work, and even
10 if it works there is no guarantees that it would work correctly, and even
11 if it seems to work correctly it may be just plain luck.]
17 SILC (Secure Internet Live Conferencing) is a protocol which provides
18 secure conferencing services in the Internet over insecure channel.
19 SILC is IRC like softwarre although internally they are very different.
20 Biggest similarity between SILC and IRC is that they both provide
21 conferencing services and that SILC has almost same commands as IRC. Other
22 than that they are nothing alike. Biggest differences are that SILC is
23 secure what IRC is not in any way. The network model is also entirely
24 different compared to IRC.
30 The development version is still preliminary version and requires some
31 work to get it working. You should, first of all, check the example
32 configuration files in ./doc/ directory. Change them according to your
38 ./silc -f <config file>
43 ./silcd -f <config file>
50 /SERVER [<server>[:<port>]]
52 Connects to remote SILC server.
56 Changes/sets nickname. Note that in SILC there can be
57 multiple same nicknames. However, the logic on working
58 with multiple nicknames on user interface is pretty much
59 still missing. Also note that nicknames in SILC are
64 Joins to a channel. Channel names start with `#'
69 Leaves the channel. If /leave * is given the client
70 leaves the current channel.
72 /CMODE <channel> +|-<modes> [{ <arguments>}]
74 Changes/sets channel mode. Most of the modes require
75 special privileges, such as channel operator or channel
76 founder privileges to work. The mode is added by adding
77 + before the option(s) and removed by adding - before
78 the option(s). Following modes are available:
80 p Set/unset channel as private channel
81 s Set/unset channel as secret channel
82 k Set/unset that channel uses private channel key
83 i Set/unset channel as invite only channel
84 t Set/unset that only channel operator or
85 founder may set channel topic
86 l <limit> Set/unset channel's user limit
87 a <passphrase> Set/unset passphrase for channel that must
88 be provided when joining to the channel.
89 c <cipher> Set/unset channel's cipher
90 h <hmac> Set/unset channel's hmac
92 Set/unset channel founder authentication.
93 Channel founder may set this mode so that
94 if the client leaves the channel it can
95 claim the founder rights when it returns
96 to the channel. If -pubkey is set then
97 the authentication will be done using the
98 client's public key. You can claim the
99 founder rights using the CUMODE command.
101 Multiple modes can be set/unset at once if the modes does not
102 require any arguments. If mode requires an argument then only
103 one mode can be set at once.
105 /CUMODE <channel> +|-<modes> <nickname>[@<server>] [-pubkey|<passwd>]
107 Changes/set user's mode on a channel. Most of the modes
108 require that the client who changes some client's mode must
109 be channel founder or channel operator. Following channel
110 user modes are available:
112 a <nickname>[@<server>]
114 Set/unset all modes (cannot be used to set
115 both founder and operator rights, can be used
116 only to remove both modes at once).
118 f <nickname>[@<server>] [-pubkey|<password>]
120 Set/Unset channel founder. If the -pubkey
121 option or <password> is provided then the
122 client is claiming the founder rights by
123 providing the channel founder authentication
124 data. If the -pubkey is provided then the
125 authentication is performed using the
126 client's public key. If you are channel
127 founder you can set the channel founder
128 authentication using CMODE command.
130 o <nickname>[@<server>]
132 Set/unset channel operator. Requires that
133 you are channel operator or channel founder.
137 Sets/unsets user mode. Note that some of the modes the
138 client cannot set itself. The following user modes are
142 s Unset server operator privileges
143 r Unset router operator privileges
144 g Set/unset to be gone (or use /AWAY command)
147 /MSG <nickname> <message>
149 Sends private message to remote client. Support for
150 handling multiple same nicknames with /MSG command is
153 /WHOIS <nickname>[@<server>] [<count>]
155 Gives a little information about a client. Support for
156 handling multiple same nicknames with this command is
159 /WHOWAS <nickname>[@<server>] [<count>]
161 Gives a little history information about a client.
163 /INVITE <channel> [<nickname>[@server>]
164 [+|-[<nickname>[@<server>[!<username>[@hostname>]]]]]
166 Invites client to a channel or manages the invite list of
167 the channel. The first <nickname> argument is used if an
168 client is invited to the channel. The second +|-<nickname>
169 argument is used to either add or delete invite from the
170 channel's invite list. Wildcards may be used with this
173 /BAN <channel> [+|-[<nickname>[@<server>[!<username>[@hostname>]]]]]
175 Manages the ban list of the channel. Wildcards may be used
176 with this command. You must be channel operator to be
177 able to use this command.
179 /KICK <channel> <nickname>[@<server>] [<comment>]
181 Kicks client from channel. You have to be at least channel
182 operator to be able to kick client from channel. Note:
183 you cannot kick channel founder even if you are channel
188 Pings server. Only locally connected server may be
193 Requests information about a server. If argument is
194 not specified current server is used.
198 Sets away message. When private message is received and
199 away message is set the client automatically replies to
200 the sender with the away message. To remove away message
201 give the command without arguments.
205 Quits session. Connection to remote server is closed.
209 Clears current screen.
213 Shows client version.
215 /OPER <username> [<public key>]
217 Obtains server operator privileges.
219 /SILCOPER <username> [<public key>]
221 Obtains router operator privileges.
223 /KILL <nickname> [<comment>]
225 Router operator can use this command to remove an client
226 from the SILC Network temporarily.
228 /CONNECT <server> [<port>]
230 Connects to server the remote <server>. You must be
231 server operator to be able to do this.
234 /CLOSE <server> [<port>]
236 Closes connection to the <server>. You must be server
237 operator to be able to do this.
241 Shutdowns the server. You must be server operator to be
246 Display the MOTD of the server. If server is not specified
247 the current server is used.
251 Lists all channels in the current server, or the channel
252 specified. If the channel cannot be found then all
255 /KEY msg|channel <nickname|channel>
256 set|unset|list|agreement|negotiate [<arguments>]
258 This command is used to set and unset private keys for
259 channels, set and unset private keys for private messages
260 with remote clients and to send key agreement requests and
261 negotiate the key agreement protocol with remote client.
262 The key agreement is supported only to negotiate private
263 message keys, it currently cannot be used to negotiate
264 private keys for channels, as it is not convenient for that
269 msg The command is performed for private messages
270 affecting the <nickname>.
272 channel The command is performed for channel affecting
278 set [<key> [<cipher>] [<hmac>]]
280 Set the key into use. If the <key> is provided it
281 is used as the key material. If the <key> is not
282 provided the negotiated key material is used. If
283 the negotiation has not been performed this command
286 If the type is `msg' and the <key> is `*' then
287 random key will be generated automatically.
289 The <cipher> may be set for both private message
290 and channel private keys and the <hmac> may be set
291 only to the channel private keys.
295 Unset the key. The private key is not used after
296 this command. The key must be set again or the key
297 material must be re-negotiated to be able to use
298 the private keys again.
300 The channel may have several private keys set. The
301 <number> can be used to indicate what key is being
302 unset. If it is not provided all keys are removed.
305 list List all private keys that has been set.
307 If the type is `msg' and the <nickname> is ´*' then
308 all private message keys that you've set will be
311 agreement [<hostname> [<port>]]
313 Send key agreement request to remote client. If
314 the <hostname> is provided it is sent in the request.
315 The receiver may use the hostname to start the
316 key agreement. If the <port> is also provided your
317 key agreement protocol server is bound to that
318 port. Note that it cannot be privileged port (<1023).
319 If the <hostname> and <port> is not provided then
320 the receiver will never initiate the key agreement.
321 In this case you must start the key agreement after
322 receiving the reply to the request, by giving the
323 /KEYAGR start command.
325 This command may be used to send reply to the
326 remote client. When receiving empty key agreement
327 you can reply to the sender with the hostname and
328 port of your key agreement server with this command.
330 negotiate [<hostname> [<port>]]
332 This may be called to start the key agreement with
333 <nickname>. This command has effect only if the
334 <nickname> has replied to your key agreement request.
335 You will see a notify on the screen when the reply
336 arrives. The <hostname> and <port> is the hostname
337 and port of the remote client's key agreement
340 /ME <channel> <action message>
342 This command is used to send an action to the channel.
343 This equals to CTCP's ACTION (IRC's /ME) command.
345 /NOTICE <channel> <message>
347 This command is used to send for example informational
348 notice messages to the channel.
353 Features to be included into the final release of SILC. [Note that the
354 current Developer's Version does not include all of these features, read
355 TODO file for more information.]
357 o Normal conferencing services such as private messages, channels,
358 channel messages, etc. All traffic is secured and authenticated.
360 o No unique nicknames. There can same nicknames in SILC without
361 collisions. SILC has unique Client ID's, Server ID's and Channel ID's
362 to assure that there are no collisions.
364 o Secure key exchange and authentication protocol. SILC Key Exchange
365 protocol provides key material used in the SILC sessions in secure
366 manner. The protocol is immune for example to man-in-the-middle
367 attacks. The SILC Authentication protocol provides strong
368 authentication. Authentication may be based on passphrase or public
369 key (RSA) authentication. For clients there is an option not to
370 use authentication when connecting to servers.
372 o All traffic is encrypted and authenticated using the best cryptographic
373 algorithms out there. Command messages, private messages and channel
374 messages are all protected by encryption. User can set private keys
375 for both private message and for channels so that even SILC servers do
376 not know the keys. Cipher keys are, by default, 128 bits in length and
377 public keys, by default, 1024 bits in length.
379 o Supports data compression with GZIP to improve performance.
381 o Supports SOCKS4 and SOCKS5 firewall traversal protocols.
383 o SIM (SILC Module) support. Support for loading of shared objects at
384 run-time that provides new and extended features to both SILC client
385 and server. These can provide extra ciphers and extra features to
388 o SILC client can be installed and used without root privileges.
390 o SILC client can be configured by system wide configuration files but
391 with user specific configuration files as well.
397 Even though SILC were just released to the public the idea and the protocol
398 itself is quite old. I got the idea about SILC in its current form in
399 the year 1996 and first lines of codes were written in early 1997. This
400 release is now third rewrite of the SILC. The very first version were
401 written in 1997 and it included SILC client and very very preliminary
402 SILC server. The server actually weren't usable but the client looked
403 pretty much the same as it does now. At that time the SILC also included
404 RSA implementation and 3DES implementation. The random number generator
405 that exists in this current release is actually based on the RNG written
406 in 1997. The RNG written in 1997, on the other hand, were based on
407 the SSH's random number generator. The RNG has been rewritten twice
408 since the first version.
410 I stopped writing the SILC later in 1997 when I got busy at school and
411 in work. The pause lasted several months. The development resumed in
412 1998 when my friend (Juha Räsänen) and I implemented ElGamal algorithm.
413 I rewrote some other parts as well. However, for the same reasons as
414 previously the development stopped again. I resumed the development
415 later in 1998 by doing rewrite of the SILC in C++. This was obviously
416 a mistake but at that time it seemed like a good idea. Again, in the
417 winter 1999 I got very busy writing my thesis and was forced to stop the
418 development again. I also, started a new job in the spring.
420 Later, in 1999, I decided that this time I'm going to make it the right
421 way. C++ was obviously a bad choice so I decided to fall back to plain
422 C language. I also decided to do complete rewrite and started doing
423 more thorough planning of what the SILC actually should include. I also
424 decided that this time it is going to kill me before I stop the
425 development. I started writing SILC in the weekends and actually
426 everytime I had some spare time. I also started a new job but I didn't
427 let that get to my way. The result of this development effort is the
428 release now in public.
430 I've learned a lot by doing the SILC. I guess, when I started it I wasn't
431 that good of a C programmer. That alone was a reason why SILC hasn't
432 seen the day of light before now. My programming style has also changed
433 dramatically during these years. Actually, it has changed couple times
434 since this last rewrite as well. However, the code style of current SILC
435 release is quite consistent (actually the coding style SILC has been
436 written now I've learned in my current job).
438 There is probably over 85% of new code in this third rewrite. Rest has
439 just been copied from the old versions and only minor changes has been
440 made (like changed function names and overall coding style). I've
441 preserved the dates of the old files (dating back to 1997) that has
442 existed in some forms in the old versions. There is a lot of new code but
443 already I see a lot that needs rewriting. The development continues.
449 Feedback and comments are welcome. You can reach me in the following
452 Official SILC project web site is : http://silc.pspt.fi
453 FTP archive for SILC project is : ftp://silc.pspt.fi/pub/silc/
454 Development mailing list address is : silc-devel@lists.sourceforge.net
456 Pekka Riikonen <priikone@poseidon.pspt.fi>