2 <b><big>Frequently Asked Questions</big></b>
4 <a href="#f1_0" class="normal">1. General Questions</a><br />
5 <a href="#f1_10" class="normal">
6 1.1 What is SILC?</a><br />
7 <a href="#f1_20" class="normal">
8 1.2 When was SILC Project started?</a><br />
9 <a href="#f1_30" class="normal">
10 1.3 Why SILC in the first place?</a><br />
11 <a href="#f1_40" class="normal">
12 1.4 What license covers the SILC release?</a><br />
13 <a href="#f1_50" class="normal">
14 1.5 Why SILC? Why not IRC3?</a><br />
15 <a href="#f1_55" class="normal">
16 1.6 What platforms SILC supports?</a><br />
17 <a href="#f1_59" class="normal">
18 1.7 How do you pronounce SILC?</a><br />
19 <a href="#f1_60" class="normal">
20 1.8 Where can I find more information?</a><br />
21 <a href="#f1_70" class="normal">
22 1.9 I would like to help out, what can I do?</a>
25 <a href="#f2_0" class="normal">2. Protocol Questions</a><br />
26 <a href="#f2_10" class="normal">
27 2.1 What is the status of SILC protocol in the IETF?</a><br />
28 <a href="#f2_20" class="normal">
29 2.2 How much the SILC protocol is based on IRC?</a><br />
30 <a href="#f2_30" class="normal">
31 2.3 Why use SILC? Why not IRC with SSL?</a><br />
32 <a href="#f2_40" class="normal">
33 2.4 Can I talk from SILC network to IRC network?</a><br />
34 <a href="#f2_45" class="normal">
35 2.5 Does SILC support file transfer?</a><br />
36 <a href="#f2_46" class="normal">
37 2.6 Does SILC support DCC or alike?</a><br />
38 <a href="#f2_47" class="normal">
39 2.7 I am behind a firewall, can I use SILC?</a><br />
40 <a href="#f2_50" class="normal">
41 2.8 How secure SILC really is?</a><br />
42 <a href="#f2_60" class="normal">
43 2.9 Does SILC support instant messaging?</a><br />
44 <a href="#f2_70" class="normal">
45 2.10 Why SILC does not have LINKS command like in IRC?</a><br />
46 <a href="#f2_80" class="normal">
47 2.11 Why SILC does not have STATS command like in IRC?</a><br />
48 <a href="#f2_90" class="normal">
49 2.12 Is anyone outside a channel able to see the channel messages?</a><br />
50 <a href="#f2_95" class="normal">
51 2.13 How can I register my channel in SILC?</a><br />
52 <a href="#f2_100" class="normal">
53 2.14 Is it true that all messages are encrypted in SILC?</a><br />
54 <a href="#f2_110" class="normal">
55 2.15 Can server or SILC operator gain operator mode on a channel?</a><br />
56 <a href="#f2_120" class="normal">
57 2.16 Channel name doesn't have #-character or does it?</a><br />
58 <a href="#f2_130" class="normal">
59 2.17 I have suggestions to SILC Protocol, what can I do?</a>
62 <a href="#f3_0" class="normal">3. Client Questions</a><br />
63 <a href="#f3_10" class="normal">
64 3.1 Where can I find SILC clients?</a><br />
65 <a href="#f3_20" class="normal">
66 3.2 Can I use SILC with IRC client and vice versa?</a><br />
67 <a href="#f3_25" class="normal">
68 3.3 The default theme sucks, where can I find a better one?</a><br />
69 <a href="#f3_30" class="normal">
70 3.4 How do I send a private message?</a><br />
71 <a href="#f3_40" class="normal">
72 3.5 How do I negotiate secret key with another user?</a><br />
73 <a href="#f3_50" class="normal">
74 3.6 How do I negotiate secret keys behind a NAT?</a><br />
75 <a href="#f3_60" class="normal">
76 3.7 How do I change channel modes?</a><br />
77 <a href="#f3_70" class="normal">
78 3.8 What does the founder mode on channel mean, and how do I set it?</a><br />
79 <a href="#f3_80" class="normal">
80 3.9 I am founder of invite only channel, how can I join the channel after I have left it?</a><br />
81 <a href="#f3_90" class="normal">
82 3.10 How can I op or deop somebody on channel?</a><br />
83 <a href="#f3_100" class="normal">
84 3.11 How do I set private key for channel, and what does that mean exactly?</a><br />
85 <a href="#f3_110" class="normal">
86 3.12 How do I transfer a file?</a><br />
87 <a href="#f3_120" class="normal">
88 3.13 How can I get other users public keys?</a><br />
89 <a href="#f3_130" class="normal">
90 3.14 How can I see the fingerprint of my public key?</a><br />
91 <a href="#f3_140" class="normal">
92 3.15 I gave WHOIS to a nick, and it returned multiple replies, why?</a><br />
93 <a href="#f3_150" class="normal">
94 3.16 Is there a command to see all linked servers?</a><br />
95 <a href="#f3_160" class="normal">
96 3.17 How do I list the users of a channel?</a><br />
97 <a href="#f3_170" class="normal">
98 3.18 What is the difference between OPER and SILCOPER commands?</a><br />
99 <a href="#f3_180" class="normal">
100 3.19 My Cygwin client crashes with message "Couldn't create //.silc directory"</a><br />
101 <a href="#f3_190" class="normal">
102 3.20 Why /join #silc and /join silc doesn't join the same channel?</a>
105 <a href="#f4_0" class="normal">4. Server Questions</a><br />
106 <a href="#f4_10" class="normal">
107 4.1 Where can I find SILC servers?</a><br />
108 <a href="#f4_20" class="normal">
109 4.2 Can I run my own SILC server?</a><br />
110 <a href="#f4_30" class="normal">
111 4.3 What is the difference between SILC server and SILC router?</a><br />
112 <a href="#f4_40" class="normal">
113 4.4 Why server says permission denied to write to a log file?</a><br />
114 <a href="#f4_50" class="normal">
115 4.5 When I connect to to my server, it says "server does not support one of your proposed cipher", what is wrong?</a><br />
116 <a href="#f4_60" class="normal">
117 4.6 Why SILC server runs on privileged port 706?</a><br />
118 <a href="#f4_70" class="normal">
119 4.7 I see [Unknown] in the log file, what does it mean?</a><br />
120 <a href="#f4_80" class="normal">
121 4.8 How can I generate a new server key pair?</a>
124 <a href="#f5_0" class="normal">5. Toolkit Questions</a><br />
125 <a href="#f5_10" class="normal">
126 5.1 What is SILC Toolkit?</a><br />
127 <a href="#f5_20" class="normal">
128 5.2 Is the SILC Toolkit Reference Manual Available?</a><br />
129 <a href="#f5_30" class="normal">
130 5.3 How do I compile the Toolkit on Unix?</a><br />
131 <a href="#f5_40" class="normal">
132 5.4 How do I compile the Toolkit on Win32?</a><br />
133 <a href="#f5_50" class="normal">
134 5.5 Does the Toolkit package include any sample code?</a><br />
139 <b>1. General Questions</b><br /> <br />
142 <samp class="highlight">Q: What is SILC?</samp><br />
143 A: SILC (Secure Internet Live Conferencing) is a protocol which provides
144 secure conferencing services in the Internet over insecure channel. SILC
145 is IRC like although internally they are very different. Biggest
146 similarity between SILC and IRC is that they both provide conferencing
147 services and that SILC has almost same commands as IRC. Other than that
148 they are nothing alike.
150 Biggest differences are that SILC is secure what IRC is not in any way.
151 The network model is also entirely different compared to IRC.
155 <samp class="highlight">Q: When was SILC Project started?</samp><br />
156 A: The SILC development started in 1996 and early 1997. But, for various
157 reasons it suspended many times until it finally got some wind under its
158 wings in 1999. First public release was in summer 2000.
162 <samp class="highlight">Q: Why SILC in the first place?</samp><br />
163 A: Simply for fun, nothing more. And actually for need back in the days
164 when it was started. When SILC was first developed there really did not
165 exist anything like this. SILC has been very interesting and educational
170 <samp class="highlight">Q: What license covers the SILC release?</samp><br />
171 A: The SILC software developed here at silcnet.org, the SILC Client, the
172 SILC Server and the SILC Toolkit are covered by the GNU General Public
177 <samp class="highlight">Q: Why SILC? Why not IRC3?</samp><br />
178 A: Question that is justified no doubt of that. SILC was not started to
179 become a replacement for IRC. SILC was something that didn't exist in 1996
180 or even today except that SILC is now released. However, I did check out
181 the IRC3 project in 1997 when I started coding and planning the SILC protocol.
183 But, IRC3 is problematic. Why? Because it still doesn't exist. The
184 project is almost at the same spot where it was in 1997 when I checked it
185 out. And it was old project back then as well. That's the problem of IRC3
186 project. The same almost happened to SILC as well as I wasn't making real
187 progress over the years. I talked to the original author of IRC, Jarkko
188 Oikarinen, in 1997 and he directed me to the IRC3 project, although he
189 said that IRC3 is a lot of talking and not that much of anything else. I
190 am not trying to put down the IRC3 project but its problem is that no one
191 in the project is able to make a decision what is the best way to go about
192 making the IRC3 and I wasn't going to be part of that. The fact is that
193 if I would've gone to IRC3 project, nor IRC3 or SILC would exist today. I
194 think IRC3 could be something really great if they just would get their
195 act together and start coding the thing.
199 <samp class="highlight">Q: What platforms SILC supports?</samp><br />
200 A: The SILC Client is available on various Unix systems and is reported to
201 work under cygwin on Windows. The SILC Server also works on various Unix
202 systems. However, the server has not been tested under cygwin as far as we
203 know. The SILC Toolkit is distributed for all platforms, Unix, Cygwin
208 <samp class="highlight">Q: How do you pronounce SILC?</samp><br />
209 A: SILC is usually pronounced as `silk', but you are free to pronounce
214 <samp class="highlight">Q: Where can I find more information?</samp><br />
215 A: For more technical information we suggest reading the SILC Protocol
216 specifications. You might also want to take a look at the <a
217 href="?page=docs" class="normal">documentation </a> page on the web page.
221 <samp class="highlight">Q: I would like to help out, what can I do?</samp><br />
222 A: You might want to take a look at the <a
223 href="?page=contribute" class="normal">Contributing</a> page and the <a
224 href="?page=todo" class="normal">TODO</a> list. You might also want to join the
225 SILC development mailing list.
229 <a name="f2_0"></a><br />
230 <b>2. Protocol Questions</b><br /> <br />
233 <samp class="highlight">Q: What is the status of SILC protocol in the IETF?</samp><br />
234 A: The SILC protocol specifications has been submitted currently as
235 individual submissions. There does not currently exist a working group
236 for this sort of project. Our goal is to fully standardize the SILC and
237 thus submit it as RFC to the <a href="http://www.ietf.org/" class="normal">
238 IETF</a> at a later time. This can happen only after we have requested
239 the IETF to accept SILC as RFC. As of today, we have not yet even requested
240 this from the IETF. We want to let the protocol mature a bit more.
244 <samp class="highlight">Q: How much SILC Protocol is based on IRC?</samp><br />
245 A: SILC is not based on IRC. The client superficially resembles IRC
246 client but everything that happens under the hood is nothing alike IRC.
247 SILC could *never* support IRC because the entire network toppology is
248 different (hopefully more scalable and powerful). So no, SILC protocol
249 (client or server) is not based on IRC. Instead, We've taken good things
250 from IRC and left all the bad things behind and not even tried to burden
251 the SILC with the IRCs problems that will burden IRC and future IRC
252 projects till the end. SILC client resembles IRC client because it is
253 easier for new users to start using SILC when they already know all the
258 <samp class="highlight">Q: Why use SILC? Why not IRC with SSL?</samp><br />
259 A: Sure, that is possible, although, does that secure the entire IRC
260 network? And does that increase or decrease the lags and splits in the
261 IRC network? Does that provide user based security where some specific
262 private message are secured? Does that provide security where some
263 specific channel messages are secured? And I know, you can answer yes to
264 some of these questions. But, security is not just about applying
265 encryption to traffic and SILC is not just about `encrypting the
266 traffic`. You cannot make insecure protocol suddenly secure just by
267 encrypting the traffic. SILC is not meant to be IRC replacement. IRC is
268 good for some things, SILC is good for same and some other things.
272 <samp class="highlight">Q: Can I talk from SILC network to IRC network?</samp><br />
273 A: Simple answer for this is No. The protocols are not compatible which
274 makes it impossible to directly talk from SILC network to IRC network or
275 vice versa. Developing a gateway between these two networks would
276 technically be possible but from security point of view strongly not
277 recommended. We have no plans for developing such a gateway.
281 <samp class="highlight">Q: Does SILC support file transfer?</samp><br />
282 A: Yes. The SILC protocol support SFTP as mandatory file transfer
283 protocol. It provides simple client to client file transfer, but also
284 a possibility for file and directory manipulation. Even though the SFTP
285 is the file transfer protocol the support for file transferring has been
286 done so that practically any file transfer protocol may be used with SILC
291 <samp class="highlight">Q: Does SILC support DCC or alike?</samp><br />
292 A: SILC does not support the DCC commonly used in IRC. It does not need
293 it since it has builtin support for same features that DCC have. You can
294 transfer files securely and encrypted directly with another client. You
295 can also negotiate secret key material with another client directly to
296 use it in private message encryption. The private messages are not,
297 however sent directly between clients. The protocol, on the other hand
298 does not prohibit sending messages directly between clients if the
299 implementation would support it. The current SILC Client implementation
300 does not support it. This means that private messages travel through the
301 SILC Network. SILC protocol also has a capability to support DCC
302 and CTCP like protocols with SILC. None of them, however have not been
303 defined to be used with SILC at the present time.
307 <samp class="highlight">Q: I am behind a firewall, can I use SILC?</samp><br />
308 A: Yes. If your network administrator can open the remote port 706 (TCP) you
309 can use SILC without problems. You may also compile your SILC client with
310 SOCKS support which will proxy your SILC session through the firewall.
314 <samp class="highlight">Q: How secure SILC really is?</samp><br />
315 A: We have tried to make SILC as secure as possible. However, there is
316 no security protocol or security software that has not been vulnerable to
317 some sort of attacks. SILC is in no means different from this. So, it is
318 suspected that there are security holes in the SILC. These holes just need
319 to be found so that they can be fixed. SILC's security features has been
320 developed from attacker's point of view, and we've tried to find all the
321 possible attacks and guard the protocol against them.
323 But to give you some parameters of security SILC uses the most secure
324 crytographic algorithms such as AES (Rijndael), Twofish, Blowfish, RC5,
325 etc. SILC does not have DES or 3DES as DES is insecure and 3DES is just
326 too slow. SILC also uses cryptographically strong random number generator
327 when it needs random numbers. Public key cryptography uses RSA (PKCS #1)
328 and Diffie-Hellman algorithms. Key lengths for ciphers are initially set
329 to 256. For public key algorithms the starting key length is 1024 bits.
331 But the best answer for this question is that SILC is as secure as its
332 weakest link. SILC is open and the protocol is open and in public thus
333 open for security analysis.
335 To give a list of attacks that are ineffective against SILC:
337 - Man-in-the-middle attacks are ineffective if proper public key
338 infrastructure is used, and if all public keys are always verified.<br />
339 - IP spoofing is ineffective (because of encryption and trusted keys).<br />
340 - Attacks that change the contents of the data or add extra data to the
341 packets are ineffective (because of encryption and integrity checks).<br />
342 - Passive attacks (listenning network traffic) are ineffective (because
343 of encryption). Everything is encrypted including authentication data
344 such as passwords when they are needed.<br />
345 - Any sort of cryptanalytic attacks are tried to make ineffective by
346 using the best cryptographic algorithms out there, and by designing the
347 protocol to guard against them.
351 <samp class="highlight">Q: Does SILC support instant messaging?</samp><br />
352 A: SILC is not an instant message (IM) system, like ICQ and the others.
353 SILC is more IRC like system, "real-time", connection-oriented chat and
354 that kind of stuff. But I guess IRC is too sometimes called an Instant
359 <samp class="highlight">Q: Why SILC does not have LINKS command like in
361 A: It was felt that this information as an own command in SILC is not
362 necessary. Moreover, the topology of the network might be undisclosed
363 information even though the servers and routers in the network are still
364 open. We feel that the network topology information, if it is wanted to be
365 public, and the list of accessible servers can be made available in other
366 ways than providing command like LINKS, which shows the active server
371 <samp class="highlight">Q: Why SILC does not have STATS command like in
373 A: This too was considered as information that the protocol should not
374 address. We feel that server implementations will need to implement some
375 sort of adminstrative plugin, or module which provides various means of
376 accessing statistical and other information in the server. And, we do
377 consider this implementation issue, not protocol design issue.
381 <samp class="highlight">Q: Is anyone outside a channel able to see the channel
382 messages?</samp><br />
383 A: A short answer is simply No. A longer answer involves assumptions
384 about security conditions. Initially channel keys are generated by the
385 server, so if the server would get compromised it would be possible for
386 an adversary to see the messages. However, users on the channel can
387 prevent this even if the server would be compromised. It is possible to
388 set so called channel private key that only the users on the channel
389 know about. The servers does not know about the key, and therefore cannot
390 see the messages even if they would be compromised. So, longer answer
391 results into same as the short one; No.
395 <samp class="highlight">Q: How can I register my channel in SILC?</samp><br />
396 A: There is no channel registration in SILC. When you join a non-existing
397 channel, it is created and it will exist until the last person leaves it.
398 When you join a new channel you became the founder (see also
399 <a href="#f3_70" class="normal">
400 Q: What does the founder mode on channel mean, and how do I set it?</a> and
401 <a href="#f3_80" class="normal">
402 Q: I am founder of invite only channel, how can I join the channel after
404 and you can preserve your founder status while the channel exists. Cell or
405 network wide founder status or persistent founder status (preserving even
406 empty channels for limited time) is a debated TODO item and it may or may
407 not happen. If it does, its effect could be similar to channel registration.
410 <a name="f2_100"></a>
411 <samp class="highlight">Q: Is it true that all messages are encrypted in SILC?</samp><br />
412 A: Most definitely yes. The SILC protocol makes it impossible to send
413 unencrypted messages or packets to the SILC network. All messages are
414 always encrypted, either using session keys, or other secret keys such as
415 channel keys or private message keys.
418 <a name="f2_110"></a>
419 <samp class="highlight">Q: Can server or SILC operator gain operator mode on a channel?</samp><br />
420 A: They cannot get operator status, founder status, join invite only channels,
421 escape active bans, escape user limits or anything alike, without explicitly
422 being allowed. Only way to get channel operator status is that someone
423 ops him. Server and SILC operators in the network are normal users with
424 the extra privileges of being able to adminstrate their server. They cannot
425 do anything more than a normal user.
428 <a name="f2_120"></a>
429 <samp class="highlight">Q: Channel name doesn't have #-character or does it?</samp><br />
430 A: The #-character is not mandatory part of channel name, like it is in
431 IRC. This means that giving the command /JOIN #silc and /JOIN silc
432 will join to different channels. This is intentional since the
433 #-character clearly is IRC feature and has nothing to do with SILC. If
434 you want it to have the character then just join to the channel with
435 #-character in the name.
438 <a name="f2_130"></a>
439 <samp class="highlight">Q: I have suggestions to SILC Protocol, what can I do?</samp><br />
440 A: All suggestions and improvements are of course welcome. You should read
441 the protocol specifications first to check out whether your idea is
442 covered by them already. The best place to make your idea public is the
443 SILC development mailing list. You might want to checkout the TODO list
444 from the CVS as well.
448 <a name="f3_0"></a><br />
449 <b>3. Client Questions</b><br /> <br />
452 <samp class="highlight">Q: Where can I find SILC clients?</samp><br />
453 A: The SILC client is available for free download from the silcnet.org web
454 page. Some people have also mentioned words Java and Perl when talking
455 about SILC clients. Nothing has appeared yet, though.
459 <samp class="highlight">Q: Can I use SILC with IRC client and vice versa?</samp><br />
460 A: Generally the answer would be no for both. However, there exist already
461 at least one IRC client that supports SILC, the <a href="http://irssi.org/"
462 class="normal">Irssi client</a>. The current SILC client is actually based
463 on the user interface of the Irssi client. So, yes it is possible to use
464 SILC with some IRC clients and vice versa. But, this does not mean that you
465 can talk from SILC network to IRC network, that is not possible.
469 <samp class="highlight">Q: The default theme sucks, where can I find a better one?</samp><br />
470 A: The Irssi SILC client's theme files are almost 100% compatible with
471 the original Irssi IRC client's themes. You can get those theme files
472 from the <a href="http://irssi.org/" class="normal">Irssi project website</a>.
473 You can also try to make a better theme by yourself.
477 <samp class="highlight">Q: How do I send a private message?</samp><br />
478 A: Sending private message is done by using the MSG command. For example,
479 command: <samp class="highlight">/MSG john hello</samp>, will send a
480 `hello' message to a nickname `john'. By default private messages are
481 secured with session keys, and the message is re-encrypted by the servers
482 when the message travels to the receiver. If you would like to secure the
483 private messages with a private key, you can negotiate a secret key with the
484 receiver. Always remember to give WHOIS command before sending a private
485 message to assure that you are sending the message to correct person.
489 <samp class="highlight">Q: How do I negotiate secret key with another user?</samp><br />
490 A: It is important to negotiate secret keys if you cannot trust the servers
491 and the network you are using. By negotiating a key with the user you
492 want to talk to assures that no one except you and your friend is able
493 to encrypt and decrypt the messages. The secret key negotiation is done with
494 the KEY command. Here is an example of how to negotiate keys for securing
497 By giving command: <samp class="highlight">/KEY MSG john agreement
498 192.168.2.100</samp>, you will send a key negotiation request to a nickname
499 `john'. The 192.168.2.100 IP address would be your machine's IP address.
500 You can also define an port to the KEY command after the IP address. If
501 you do not do that the operating system will bind to a port of its choosing.
502 John will receive a notification on the screen that you would like to
503 negotiate secret keys with him, and he will receive the IP address and port
504 where you are listenning for the negotiation. When he gives command:
505 <samp class="highlight">/KEY MSG You negotiate 192.168.2.100 31382</samp>,
506 the key negotiation is started. During the key negotiation you will be
507 prompted on the screen to verify and accept John's public key if you do not
508 have his public key already. The John will be prompted to accept your
509 public key as well. After the key negotiation is over all private messages
510 sent between you and John are secured with the negotiated secret key.
511 Note that you must verify the public key you are prompted for, and this is
512 very important since someone could be doing man-in-the-middle attack.
516 <samp class="highlight">Q: How do I negotiate secret keys behind a NAT?</samp><br />
517 A: If only you are behind a NAT, or firewall then key negotiation works,
518 but if both you and your friend are behind a NAT then key negotiation will
519 not work, since it is done peer to peer. If you are behind a NAT then you
520 obviously cannot receive key negotiations, and cannot bind to any IP address
521 and port. However, you can still use KEY command to negotiate the keys.
523 By giving command: <samp class="highlight">/KEY MSG john agreement</samp>,
524 without any other arguments (such as IP address and port) you will send
525 a negotiation request to John, but do not provide an address and port for
526 the John to connect to. When John receives the notification on the screen
527 that you would like to perform key negotiation, he can give command:
528 <samp class="highlight">/KEY MSG You agreement 172.16.100.78</samp>, which
529 will send key negotiation request back to you. You will receive the IP
530 address and port where you need to connect in order to perform the negotiation.
531 After receiving the notification you can give command: <samp class="highlight">
532 /KEY MSG john negotiate 172.16.100.78 31181</samp>, which will start the
533 key negotiation with John. This way you can negotiate the keys if you are
538 <samp class="highlight">Q: How do I change channel modes?</samp><br />
539 A: The command to manage channel modes is CMODE. With this command you
540 can change the channel status (to change it to secret channel for example),
541 set user limit on the channel, passphrase for the channel, set the channel
542 to use private keys on channel, and set the founder mode.
546 <samp class="highlight">Q: What does the founder mode on channel mean, and how do I set it?</samp><br />
547 A: Who ever creates the channel by being the first user to join the channel
548 becomes automatically the founder of the channel. Founder has some extra
549 privileges on the channel. For example, it is not possible to kick the
550 founder off the channel, and there are some channel modes that only the
551 founder of the channel can change. If the creator of the channel wishes
552 to preserve the channel founder mode even if he leave the channel he
553 can set the founder mode for the channel.
555 The mode is set by giving command: <samp class="highlight">/CMODE #channel
556 +f -pubkey</samp>. This will set the founder mode and will use the public
557 key of the founder as authenticator when the user is reclaiming the mode
558 back. If the founder leaves the channel he will be able to get the founder
559 mode back by using JOIN or CUMODE commmands. Giving command
560 <samp class="highlight">/JOIN #channel -founder -pubkey</samp>,
561 will get the founder mode back at the same time he joins the channel, or
562 giving commmand <samp class="highlight">/CUMODE #channel +f -pubkey</samp>,
563 will also give the founder mode back on the channel after he has joined
566 If the channel is destroyed after the last client leaves the channel,
567 the founder mode is also reset. Who ever creates the channel after that
568 will also get the channel founder mode automatically. Note also that the
569 founder mode is local. You can reclaim the mode back only on the same
570 server where you set the founder mode in the first place.
574 <samp class="highlight">Q: I am founder of invite only channel, how can I join the channel after I have left it?</samp><br />
575 A: Founder can override the invite only status by reclaiming the founder
576 status on the channel using the JOIN command. The channel must have the
577 founder mode set in order for it to work. Reclaiming founder status using
578 JOIN command is important also if the channel has user limit set, and has
579 active bans. Founder can override these conditions as well. However,
580 founder cannot override the passphrase of the channel if it is set. To
581 get the founder mode during JOIN and to override the invite only condition,
582 give command: <samp class="highlight">/JOIN #channel -founder -pubkey</samp>.
583 This will join the channel and attempt to reclaim the founder status back
584 to you. Note that you need to be on the same server where you gave the
585 founder mode for the channel for this to work.
589 <samp class="highlight">Q: How can I op or deop somebody on channel?</samp><br />
590 A: Giving operator status, or removing the operator status on a channel
591 requires you to have at least operator status, or founder status on the
592 channel. You can give operator status to another user by using CUMODE
593 command. To give ops give the command: <samp class="highlight">/CUMODE
594 #channel +o john</samp>, and to remove ops give command:
595 <samp class="highlight">/CUMODE #channel -o john</samp>. To indicate
596 current channel you can also use `*' character in #channel's stead.
599 <a name="f3_100"></a>
600 <samp class="highlight">Q: How do I set private key for channel, and what does that mean exactly?</samp><br />
601 A: Setting private key for channel requires first to set the private key mode
602 for the channel. You need to be the founder of the channel to be able to
603 do this. Give the command: <samp class="highlight">/CMODE #channel +k</samp>.
604 After this mode is set the old channel key will not be used to encrypt and
605 decrypt channel messages. To set the key for the channel use the KEY command.
606 Every user on the channel must do the same thing and set the same key.
607 If some user on the channel does not set the key (or does not know the key)
608 he won't be able to see any messages on the channel. Give the command:
609 <samp class="highlight">/KEY CHANNEL #channel set verysecretkey</samp>.
610 This command will set the `verysecretkey' passphrase as key to the #channel.
611 How exactly other users will know this key is out of scope of the SILC
612 protocol. SILC does not provide yet a possibility of negotiating secret key
613 with many users at the same time. For this reason the secret key on the
614 channel is usually a passphrase or a password that all users on the channel
615 have to know. Setting a private key for channel means that only the users
616 on the channel who know the key is able to encrypt and decrypt messages.
617 Servers do not know the key at all. If you remove the private key mode
618 from the channel, all users will start automatically using a new channel
619 key to secure channel messages.
622 <a name="f3_110"></a>
623 <samp class="highlight">Q: How do I transfer a file?</samp><br />
624 A: You can transfer files securely using the FILE command. This command
625 will automatically negotiate secret key with the remote user and the
626 file transfer stream is secured using that key. The file transfer
627 stream is always sent peer to peer. If you would like to send a file
628 to another user you can give command: <samp class="highlight">/FILE
629 SEND path/to/the/file john</samp>. This command sends, or actually
630 makes the `path/to/the/file' available for download for the user `john'.
631 The John will decide whether he wants to actually download the file.
632 When John gives the command: <samp class="highlight">/FILE RECEIVE</samp>,
633 the key negotiation is started. You and John will be prompted to verify
634 and accept each other's public key if you do not have it cached already.
635 After key negotiation is over the file transfer process starts.
636 If you want to cancel the file transfer session, or if John wants to
637 reject the file transfer request, giving the command: <samp class="highlight">
638 /FILE CLOSE</samp> will close the session.
641 <a name="f3_120"></a>
642 <samp class="highlight">Q: How can I get other users public keys?</samp><br />
643 A: You can get a user's public key using the GETKEY command. This command
644 will fetch the user's public key from the server where the user has connected
645 to. The server has verified that the user posesses the corresponding private
646 key, however, you will be prompted to verify and accept the public key.
647 All client public keys are saved in your local key directory in
648 ~/.silc/clientkeys/. You can also receive clients public keys during
649 key negotiation and file transfers. The GETKEY command can be used to fetch
650 a server's public key as well. Those keys are saved in ~/.silc/serverkeys/
654 <a name="f3_130"></a>
655 <samp class="highlight">Q: How can I see the fingerprint of my public key?</samp><br />
656 A: You can check out your own fingerprint by giving just WHOIS command without
657 any arguments. Additionally you can also dump the contents of the key file
658 using the silc program and giving -S option to it. Your own public key is
659 always saved in ~/.silc/public_key.pub file. To dump your key run silc as:
660 <samp class="highlight">silc -S .silc/public_key.pub</samp>. The same way
661 you can dump the contents of any public key inside ~/.silc/clientkeys/ and
662 ~/.silc/serverkeys/ directories. The WHOIS command will also show other
663 users public key fingerprints.
666 <a name="f3_140"></a>
667 <samp class="highlight">Q: I gave WHOIS to a nick, and it returned multiple replies, why?</samp><br />
668 A: This will happen if there are several same nicknames in the network at
669 the same time. As you may already know nicknames are not unique in SILC
670 network. This means there can be multiple same nicknames. This also means
671 that you can always have the nickname you want. If WHOIS returns multiple
672 replies, you can distinguish the users by their realname, username,
673 hostname and ultimately by the fingerprint of their public key, which the
674 WHOIS will also show. You will also notice an additional nickname inside a
675 parenthesis. It may show for example: <samp class="highlight">nickname: John
676 (John@otaku)</samp>. The real nickname is `John', but since there are
677 many John's in the network you can access this one using `John@otaku'.
678 So, if you were to send private message to this particular John you can do
679 it by giving command: <samp class="highlight">/MSG John@otaku hello</samp>.
680 This will send `hello' message to the John@otaku.
683 <a name="f3_150"></a>
684 <samp class="highlight">Q: Is there a command to see all linked servers?</samp><br />
685 A: No there is not. For longer answer see also <a href="#f2_70"
686 class="normal">this FAQ</a>.
689 <a name="f3_160"></a>
690 <samp class="highlight">Q: How do I list the users of a channel?</samp><br />
691 A: The command to list all users on a particular channel is USERS. It is
692 also aliased to WHO command in Irssi SILC Client. To see the users of the
693 current channel give the command: <samp class="highlight">/USERS *</samp>.
694 You can replace the `*' with the channel name of your choosing. If the
695 channel is private or secret channel, and you have not joined the channel,
696 you cannot list the users of that channel.
699 <a name="f3_170"></a>
700 <samp class="highlight">Q: What is the difference between OPER and SILCOPER commands?</samp><br />
701 A: The OPER command is used to gain server operator privileges on normal
702 SILC server, while SILCOPER is used to gain router operator (also known as
703 SILC operator) privileges on router server. You cannot use SILCOPER command
704 on normal SILC server, it works only on router server.
707 <a name="f3_180"></a>
708 <samp class="highlight">Q: My Cygwin client crashes with message "Couldn't create //.silc directory"</samp><br />
709 A: A solutions should be setting HOME enviroment variable to the directory where you
710 have unpacked your SILC Client. Type to your command prompt something like: <br />
711 <tt class="normal">c:\>set HOME=c:\silc</tt>
714 <a name="f3_190"></a>
715 <samp class="highlight">Q: Why /join #silc and /join silc doesn't join the same channel?</samp><br />
716 A: The #-character is not mandatory part of channel name in SILC. So
717 #silc and silc are two different channels. The #-character in channel
718 name is IRC feature and has nothing to do with SILC. If you have
719 #-character in the channel name, then it is part of the channel name, just
720 like %-character, or &-character could be part of channel name.
724 <a name="f4_0"></a><br />
725 <b>4. Server Questions</b><br /> <br />
728 <samp class="highlight">Q: Where can I find SILC servers?</samp><br />
729 A: The SILC server is available for free download from the silcnet.org
730 web page. We are not aware of any other SILC server implementations, so far.
734 <samp class="highlight">Q: Can I run my own SILC server?</samp><br />
735 A: Yes of course. Download the SILC server package, compile and install
736 it. Be sure to check out the installation instructions and the README
737 file. You also should decide whether you want to run SILC server or SILC
742 <samp class="highlight">Q: What is the difference between SILC
743 server and SILC router?</samp><br />
744 A: The topology of the SILC network includes SILC routers and the SILC
745 servers (and SILC clients of course). Normal SILC server does not have
746 direct connections with other SILC servers. They connect directly to the
747 SILC router. SILC Routers may have several server connections and they
748 may connect to several SILC routers. The SILC routers are the servers in
749 the network that know everything about everything. The SILC servers know
750 only local information and query global information from the router when
753 If you are running SILC server you want to run it as router only if you
754 want to have server connections in it and are prepared to accept server
755 connections. You also need to get the router connected to some other
756 router to be able to join the SILC network. You may run the server as
757 normal SILC server if you do not want to accept other server connections
758 or cannot run it as router.
762 <samp class="highlight">Q: Why server says permission denied to write to a
763 log file?</samp><br />
764 A: The owner of the log files must be same user that the server is run
765 under, by default it is user `nobody'. Just change the permissions and
770 <samp class="highlight">Q: When I connect to my server it says "server does
771 not support one of your proposed ciphers", what is wrong?</samp><br />
772 A: Most likely the ciphers and others has not been compiled as SIMs
773 (modules) and they are configured as modules in the silcd.conf. If they
774 are not compiled as modules remove the module paths from the ciphers and
775 hash functions from the silcd.conf, so that the server use the builtin
776 ciphers. Then try connecting to the server again. It is also possible
777 that the client IS proposing some ciphers that your server does not support.
781 <samp class="highlight">Q: Why SILC server runs on privileged port 706?</samp><br />
782 A: Ports 706/tcp and 706/udp have been assigned for the SILC protocol by
783 <a href="http://www.iana.org" class="normal">IANA</a>. Server on the network
784 listening above privileged ports (>1023) SHOULD NOT be trusted as it could
785 have been set up by untrusted party. The server normally drops root privileges
786 after startup and then run as user previously defined in silcd.conf.
790 <samp class="highlight">Q: I see [Unknown] in the log file, what does it mean?</samp><br />
791 A: You can see in the log file for example: <samp class="highlight">
792 [Info] Closing connection 192.168.78.139:3214 [Unknown]</samp>. The [Unknown]
793 means that the connection was not authenticated yet, and it is not known
794 whether the connection was a client, server or router. There will appear
795 [Client], [Server] or [Router] if the connection is authenticated at that
800 <samp class="highlight">Q: How can I generate a new server key pair?</samp><br />
801 A: You can generate a new key pair using the silcd command with the -C
802 option. When SILC Server is installed a key pair is generated
803 automatically for you. However, it is suggested that you check the
804 information found in that key and generate a new key pair if the
805 information is incorrect. You can check the information of your public
806 key by giving command: <samp class="highlight">silc -S file.pub</samp>.
808 If you want to generate a new key pair then you can give for example
809 command: <samp class="highlight">
810 silcd -C . --identifier="UN=silc-oper, HN=silc.silcnet.org, RN=SILC Router
811 Admin, E=silc-oper@silcnet.org, O=SILC Project, C=SK"</samp>. This will
812 create the key pair to current directory, with the specified identifier.
813 Please, give the --help option to the silcd to see usage help for the -C
814 and --identifier options.
818 <a name="f5_0"></a><br />
819 <b>5. Toolkit Questions</b><br /> <br />
822 <samp class="highlight">Q: What is SILC Toolkit?</samp><br />
823 A: SILC Toolkit is a package intended for software developers who would
824 like to develope their own SILC based applications or help in the
825 development of the SILC. The Toolkit includes SILC Protocol Core library,
826 SILC Crypto library, SILC Key Exchange (SKE) library, SILC Math
827 library, SILC Modules (SIM) library, SILC Utility library, SILC Client
828 library and few other libraries.
832 <samp class="highlight">Q: Is the SILC Toolkit Reference Manual Available?</samp><br />
833 A: Yes, partially completed reference manual is available in the Toolkit
834 releases as HTML package and they are available from the silcnet.org
835 website as well at the <a href="?page=docs" class="normal">documentation </a> page.
839 <samp class="highlight">Q: How do I compile the Toolkit on Unix?</samp><br />
840 A: You should read the INSTALL file from the package and follow its
841 instructions. The compilation on Unix is as simple as compiling any other
842 SILC package. Give, `./configure' command and then `make' command.
846 <samp class="highlight">Q: How do I compile the Toolkit on Win32?</samp><br />
847 A: We have prepared instructions to compile the Toolkit on Win32 in the
848 Toolkit package. Please, read the README.WIN32 file from the package for
849 detailed instructions how to compile the Toolkit for Cygwin, MinGW and
850 native Win32 systems. We have also prepared ready MSVC++ Workspace files
851 in the win32/ directory in the package that will compile automatically
856 <samp class="highlight">Q: Does the Toolkit package include any sample code?</samp><br />
857 A: Yes, naturally. It includes sample codes for two different SILC Client
858 implementations, and SILC Server. The silcer/ directory includes a simple
859 GUI client based on GTK--, and Win32 samples are included in the win32/
860 directory, for simple client.