2 <b><big>Frequently Asked Questions</big></b>
4 <a href="#f1_0" class="normal">1. General Questions</a><br />
5 <a href="#f1_10" class="normal">
6 1.1 What is SILC?</a><br />
7 <a href="#f1_20" class="normal">
8 1.2 When was SILC Project started?</a><br />
9 <a href="#f1_30" class="normal">
10 1.3 Why SILC in the first place?</a><br />
11 <a href="#f1_40" class="normal">
12 1.4 What license covers the SILC release?</a><br />
13 <a href="#f1_50" class="normal">
14 1.5 Why SILC? Why not IRC3?</a><br />
15 <a href="#f1_55" class="normal">
16 1.6 What platforms SILC supports?</a><br />
17 <a href="#f1_59" class="normal">
18 1.7 How do you pronounce SILC?</a><br />
19 <a href="#f1_60" class="normal">
20 1.8 Where can I find more information?</a><br />
21 <a href="#f1_70" class="normal">
22 1.9 I would like to help out, what can I do?</a>
25 <a href="#f2_0" class="normal">2. Protocol Questions</a><br />
26 <a href="#f2_10" class="normal">
27 2.1 What is the status of SILC protocol in the IETF?</a><br />
28 <a href="#f2_20" class="normal">
29 2.2 How much the SILC protocol is based on IRC?</a><br />
30 <a href="#f2_30" class="normal">
31 2.3 Why use SILC? Why not IRC with SSL?</a><br />
32 <a href="#f2_40" class="normal">
33 2.4 Can I talk from SILC network to IRC network?</a><br />
34 <a href="#f2_45" class="normal">
35 2.5 Does SILC support file transfer?</a><br />
36 <a href="#f2_46" class="normal">
37 2.6 Does SILC support DCC or alike?</a><br />
38 <a href="#f2_47" class="normal">
39 2.7 I am behind a firewall, can I use SILC?</a><br />
40 <a href="#f2_50" class="normal">
41 2.8 How secure SILC really is?</a><br />
42 <a href="#f2_60" class="normal">
43 2.9 Does SILC support instant messaging?</a><br />
44 <a href="#f2_70" class="normal">
45 2.10 Why SILC does not have LINKS command like in IRC?</a><br />
46 <a href="#f2_80" class="normal">
47 2.11 Why SILC does not have STATS command like in IRC?</a><br />
48 <a href="#f2_90" class="normal">
49 2.12 Is anyone outside a channel able to see the channel messages?</a><br />
50 <a href="#f2_100" class="normal">
51 2.13 Is it true that all messages are encrypted in SILC?</a><br />
52 <a href="#f2_110" class="normal">
53 2.14 Can server or SILC operator gain operator mode on a channel?</a><br />
54 <a href="#f2_120" class="normal">
55 2.15 I have suggestions to SILC Protocol, what can I do?</a>
58 <a href="#f3_0" class="normal">3. Client Questions</a><br />
59 <a href="#f3_10" class="normal">
60 3.1 Where can I find SILC clients?</a><br />
61 <a href="#f3_20" class="normal">
62 3.2 Can I use SILC with IRC client and vice versa?</a><br/>
63 <a href="#f3_25" class="normal">
64 3.3 The default theme sucks, where can I find a better one?</a><br />
65 <a href="#f3_30" class="normal">
66 3.4 How do I send a private message?</a><br />
67 <a href="#f3_40" class="normal">
68 3.5 How do I negotiate secret key with another user?</a><br />
69 <a href="#f3_50" class="normal">
70 3.6 How do I negotiate secret keys behind a NAT?</a><br />
71 <a href="#f3_60" class="normal">
72 3.7 How do I change channel modes?</a><br />
73 <a href="#f3_70" class="normal">
74 3.8 What does the founder mode on channel mean, and how do I set it?</a><br />
75 <a href="#f3_80" class="normal">
76 3.9 I am founder of invite only channel, how can I join the channel after I have left it?</a><br />
77 <a href="#f3_90" class="normal">
78 3.10 How can I op or deop somebody on channel?</a><br />
79 <a href="#f3_100" class="normal">
80 3.11 How do I set private key for channel, and what does that mean exactly?</a><br />
81 <a href="#f3_110" class="normal">
82 3.12 How do I transfer a file?</a><br />
83 <a href="#f3_120" class="normal">
84 3.13 How can I get other users public keys?</a><br />
85 <a href="#f3_130" class="normal">
86 3.14 How can I see the fingerprint of my public key?</a><br />
87 <a href="#f3_140" class="normal">
88 3.15 I gave WHOIS to a nick, and it returned multiple replies, why?</a><br />
89 <a href="#f3_150" class="normal">
90 3.16 Is there a command to see all linked servers?</a><br />
91 <a href="#f3_160" class="normal">
92 3.17 How do I list the users of a channel?</a><br />
93 <a href="#f3_170" class="normal">
94 3.18 What is the difference between OPER and SILCOPER commands?</a>
97 <a href="#f4_0" class="normal">4. Server Questions</a><br />
98 <a href="#f4_10" class="normal">
99 4.1 Where can I find SILC servers?</a><br />
100 <a href="#f4_20" class="normal">
101 4.2 Can I run my own SILC server?</a><br />
102 <a href="#f4_30" class="normal">
103 4.3 What is the difference between SILC server and SILC router?</a><br />
104 <a href="#f4_40" class="normal">
105 4.4 Why server says permission denied to write to a log file?</a><br />
106 <a href="#f4_50" class="normal">
107 4.5 When I connect to to my server, it says "server does not support one of your proposed cipher", what is wrong?</a><br />
108 <a href="#f4_60" class="normal">
109 4.6 Why SILC server runs on privileged port 706?</a><br />
110 <a href="#f4_70" class="normal">
111 4.7 I see [Unknown] in the log file, what does it mean?</a>
114 <a href="#f5_0" class="normal">5. Toolkit Questions</a><br />
115 <a href="#f5_10" class="normal">
116 5.1 What is SILC Toolkit?</a><br />
117 <a href="#f5_20" class="normal">
118 5.2 Is the SILC Toolkit Reference Manual Available?</a><br />
119 <a href="#f5_30" class="normal">
120 5.3 How do I compile the Toolkit on Unix?</a><br />
121 <a href="#f5_40" class="normal">
122 5.4 How do I compile the Toolkit on Win32?</a><br />
123 <a href="#f5_50" class="normal">
124 5.5 Does the Toolkit package include any sample code?</a><br />
129 <b>1. General Questions</b><br /> <br />
132 <samp class="highlight">Q: What is SILC?</samp><br />
133 A: SILC (Secure Internet Live Conferencing) is a protocol which provides
134 secure conferencing services in the Internet over insecure channel. SILC
135 is IRC like although internally they are very different. Biggest
136 similarity between SILC and IRC is that they both provide conferencing
137 services and that SILC has almost same commands as IRC. Other than that
138 they are nothing alike.
140 Biggest differences are that SILC is secure what IRC is not in any way.
141 The network model is also entirely different compared to IRC.
145 <samp class="highlight">Q: When was SILC Project started?</samp><br />
146 A: The SILC development started in 1996 and early 1997. But, for various
147 reasons it suspended many times until it finally got some wind under its
148 wings in 1999. First public release was in summer 2000.
152 <samp class="highlight">Q: Why SILC in the first place?</samp><br />
153 A: Simply for fun, nothing more. And actually for need back in the days
154 when it was started. When SILC was first developed there really did not
155 exist anything like this. SILC has been very interesting and educational
160 <samp class="highlight">Q: What license covers the SILC release?</samp><br />
161 A: The SILC software developed here at silcnet.org, the SILC Client, the
162 SILC Server and the SILC Toolkit are covered by the GNU General Public
167 <samp class="highlight">Q: Why SILC? Why not IRC3?</samp><br />
168 A: Question that is justified no doubt of that. SILC was not started to
169 become a replacement for IRC. SILC was something that didn't exist in 1996
170 or even today except that SILC is now released. However, I did check out
171 the IRC3 project in 1997 when I started coding and planning the SILC protocol.
173 But, IRC3 is problematic. Why? Because it still doesn't exist. The
174 project is almost at the same spot where it was in 1997 when I checked it
175 out. And it was old project back then as well. That's the problem of IRC3
176 project. The same almost happened to SILC as well as I wasn't making real
177 progress over the years. I talked to the original author of IRC, Jarkko
178 Oikarinen, in 1997 and he directed me to the IRC3 project, although he
179 said that IRC3 is a lot of talking and not that much of anything else. I
180 am not trying to put down the IRC3 project but its problem is that no one
181 in the project is able to make a decision what is the best way to go about
182 making the IRC3 and I wasn't going to be part of that. The fact is that
183 if I would've gone to IRC3 project, nor IRC3 or SILC would exist today. I
184 think IRC3 could be something really great if they just would get their
185 act together and start coding the thing.
189 <samp class="highlight">Q: What platforms SILC supports?</samp><br />
190 A: The SILC Client is available on various Unix systems and is reported to
191 work under cygwin on Windows. The SILC Server also works on various Unix
192 systems. However, the server has not been tested under cygwin as far as we
193 know. The SILC Toolkit is distributed for all platforms, Unix, Cygwin
198 <samp class="highlight">Q: How do you pronounce SILC?</samp><br />
199 A: SILC is usually pronounced as `silk', but you are free to pronounce
204 <samp class="highlight">Q: Where can I find more information?</samp><br />
205 A: For more technical information we suggest reading the SILC Protocol
206 specifications. You might also want to take a look at the <a
207 href="?page=docs" class="normal">documentation </a> page on the web page.
211 <samp class="highlight">Q: I would like to help out, what can I do?</samp><br />
212 A: You might want to take a look at the <a
213 href="?page=contribute" class="normal">Contributing</a> page and the <a
214 href="?page=todo" class="normal">TODO</a> list. You might also want to join the
215 SILC development mailing list.
219 <a name="f2_0"></a><br />
220 <b>2. Protocol Questions</b><br /> <br />
223 <samp class="highlight">Q: What is the status of SILC protocol in the IETF?</samp><br />
224 A: The SILC protocol specifications has been submitted currently as
225 individual submissions. There does not currently exist a working group
226 for this sort of project. Our goal is to fully standardize the SILC and
227 thus submit it as RFC to the <a href="http://www.ietf.org/" class="normal">
228 IETF</a> at a later time. This can happen only after we have requested
229 the IETF to accept SILC as RFC. As of today, we have not yet even requested
230 this from the IETF. We want to let the protocol mature a bit more.
234 <samp class="highlight">Q: How much SILC Protocol is based on IRC?</samp><br />
235 A: SILC is not based on IRC. The client superficially resembles IRC
236 client but everything that happens under the hood is nothing alike IRC.
237 SILC could *never* support IRC because the entire network toppology is
238 different (hopefully more scalable and powerful). So no, SILC protocol
239 (client or server) is not based on IRC. Instead, We've taken good things
240 from IRC and left all the bad things behind and not even tried to burden
241 the SILC with the IRCs problems that will burden IRC and future IRC
242 projects till the end. SILC client resembles IRC client because it is
243 easier for new users to start using SILC when they already know all the
248 <samp class="highlight">Q: Why use SILC? Why not IRC with SSL?</samp><br />
249 A: Sure, that is possible, although, does that secure the entire IRC
250 network? And does that increase or decrease the lags and splits in the
251 IRC network? Does that provide user based security where some specific
252 private message are secured? Does that provide security where some
253 specific channel messages are secured? And I know, you can answer yes to
254 some of these questions. But, security is not just about applying
255 encryption to traffic and SILC is not just about `encrypting the
256 traffic`. You cannot make insecure protocol suddenly secure just by
257 encrypting the traffic. SILC is not meant to be IRC replacement. IRC is
258 good for some things, SILC is good for same and some other things.
262 <samp class="highlight">Q: Can I talk from SILC network to IRC network?</samp><br />
263 A: Simple answer for this is No. The protocols are not compatible which
264 makes it impossible to directly talk from SILC network to IRC network or
265 vice versa. Developing a gateway between these two networks would
266 technically be possible but from security point of view strongly not
267 recommended. We have no plans for developing such a gateway.
271 <samp class="highlight">Q: Does SILC support file transfer?</samp><br />
272 A: Yes. The SILC protocol support SFTP as mandatory file transfer
273 protocol. It provides simple client to client file transfer, but also
274 a possibility for file and directory manipulation. Even though the SFTP
275 is the file transfer protocol the support for file transferring has been
276 done so that practically any file transfer protocol may be used with SILC
281 <samp class="highlight">Q: Does SILC support DCC or alike?</samp><br />
282 A: SILC does not support the DCC commonly used in IRC. It does not need
283 it since it has builtin support for same features that DCC have. You can
284 transfer files securely and encrypted directly with another client. You
285 can also negotiate secret key material with another client directly to
286 use it in private message encryption. The private messages are not,
287 however sent directly between clients. The protocol, on the hand
288 does not prohibit sending messages directly between clients if the
289 implementation would support it. The current SILC Client implementation
290 does not support it. This means that private messages travel through the
291 SILC Network. SILC protocol also has a capability to support DCC
292 and CTCP like protocols with SILC. None of them, however have not been
293 defined to be used with SILC at the present time.
297 <samp class="highlight">Q: I am behind a firewall, can I use SILC?</samp><br />
298 A: Yes. If your network administrator can open the remote port 706 (TCP) you
299 can use SILC without problems. You may also compile your SILC client with
300 SOCKS support which will proxy your SILC session through the firewall.
304 <samp class="highlight">Q: How secure SILC really is?</samp><br />
305 A: We have tried to make SILC as secure as possible. However, there is
306 no security protocol or security software that has not been vulnerable to
307 some sort of attacks. SILC is in no means different from this. So, it is
308 suspected that there are security holes in the SILC. These holes just need
309 to be found so that they can be fixed. SILC's security features has been
310 developed from attacker's point of view, and we've tried to find all the
311 possible attacks and guard the protocol against them.
313 But to give you some parameters of security SILC uses the most secure
314 crytographic algorithms such as AES (Rijndael), Twofish, Blowfish, RC5,
315 etc. SILC does not have DES or 3DES as DES is insecure and 3DES is just
316 too slow. SILC also uses cryptographically strong random number generator
317 when it needs random numbers. Public key cryptography uses RSA (PKCS #1)
318 and Diffie-Hellman algorithms. Key lengths for ciphers are initially set
319 to 256. For public key algorithms the starting key length is 1024 bits.
321 But the best answer for this question is that SILC is as secure as its
322 weakest link. SILC is open and the protocol is open and in public thus
323 open for security analysis.
325 To give a list of attacks that are ineffective against SILC:
327 - Man-in-the-middle attacks are ineffective if proper public key
328 infrastructure is used, and if all public keys are always verified.<br />
329 - IP spoofing is ineffective (because of encryption and trusted keys).<br />
330 - Attacks that change the contents of the data or add extra data to the
331 packets are ineffective (because of encryption and integrity checks).<br />
332 - Passive attacks (listenning network traffic) are ineffective (because
333 of encryption). Everything is encrypted including authentication data
334 such as passwords when they are needed.<br />
335 - Any sort of cryptanalytic attacks are tried to make ineffective by
336 using the best cryptographic algorithms out there, and by designing the
337 protocol to guard against them.
341 <samp class="highlight">Q: Does SILC support instant messaging?</samp><br />
342 A: SILC is not an instant message (IM) system, like ICQ and the others.
343 SILC is more IRC like system, "real-time", connection-oriented chat and
344 that kind of stuff. But I guess IRC is too sometimes called an Instant
349 <samp class="highlight">Q: Why SILC does not have LINKS command like in
351 A: It was felt that this information as an own command in SILC is not
352 necessary. Moreover, the topology of the network might be undisclosed
353 information even though the servers and routers in the network are still
354 open. We feel that the network topology information, if it is wanted to be
355 public, and the list of accessible servers can be made available in other
356 ways than providing command like LINKS, which shows the active server
361 <samp class="highlight">Q: Why SILC does not have STATS command like in
363 A: This too was considered as information that the protocol should not
364 address. We feel that server implementations will need to implement some
365 sort of adminstrative plugin, or module which provides various means of
366 accessing statistical and other information in the server. And, we do
367 consider this implementation issue, not protocol design issue.
371 <samp class="highlight">Q: Is anyone outside a channel able to see the channel
372 messages?</samp><br />
373 A: A short answer is simply No. A longer answer involves assumptions
374 about security conditions. Initially channel keys are generated by the
375 server, so if the server would get compromised it would be possible for
376 an adversary to see the messages. However, users on the channel can
377 prevent this even if the server would be compromised. It is possible to
378 set so called channel private key that only the users on the channel
379 know about. The servers does not know about the key, and therefore cannot
380 see the messages even if they would be compromised. So, longer answer
381 results into same as the short one; No.
384 <a name="f2_100"></a>
385 <samp class="highlight">Q: Is it true that all messages are encrypted in SILC?</samp><br />
386 A: Most definitely yes. The SILC protocol makes it impossible to send
387 unencrypted messages or packets to the SILC network. All messages are
388 always encrypted, either using session keys, or other secret keys such as
389 channel keys or private message keys.
392 <a name="f2_110"></a>
393 <samp class="highlight">Q: Can server or SILC operator gain operator mode on a channel?</samp><br />
394 A: They cannot get operator status, founder status, join invite only channels,
395 escape active bans, escape user limits or anything alike, without explicitly
396 being allowed. Only way to get channel operator status is that someone
397 ops him. Server and SILC operators in the network are normal users with
398 the extra privileges of being able to adminstrate their server. They cannot
399 do anything more than a normal user.
402 <a name="f2_120"></a>
403 <samp class="highlight">Q: I have suggestions to SILC Protocol, what can I do?</samp><br />
404 A: All suggestions and improvements are of course welcome. You should read
405 the protocol specifications first to check out whether your idea is
406 covered by them already. The best place to make your idea public is the
407 SILC development mailing list. You might want to checkout the TODO list
408 from the CVS as well.
412 <a name="f3_0"></a><br />
413 <b>3. Client Questions</b><br /> <br />
416 <samp class="highlight">Q: Where can I find SILC clients?</samp><br />
417 A: The SILC client is available for free download from the silcnet.org web
418 page. Some people have also mentioned words Java and Perl when talking
419 about SILC clients. Nothing has appeared yet, though.
423 <samp class="highlight">Q: Can I use SILC with IRC client and vice versa?</samp><br />
424 A: Generally the answer would be no for both. However, there exist already
425 at least one IRC client that supports SILC, the <a href="http://irssi.org/"
426 class="normal">Irssi client</a>. The current SILC client is actually based
427 on the user interface of the Irssi client. So, yes it is possible to use
428 SILC with some IRC clients and vice versa. But, this does not mean that you
429 can talk from SILC network to IRC network, that is not possible.
433 <samp class="highlight">Q: The default theme sucks, where can I find a better one?</samp><br />
434 A: The Irssi SILC client's theme files are almost 100% compatible with
435 the original Irssi IRC client's themes. You can get those theme files
436 from the <a href="http://irssi.org/" class="normal">Irssi project website</a>.
437 You can also try to make a better theme by yourself.
441 <samp class="highlight">Q: How do I send a private message?</samp><br />
442 A: Sending private message is done by using the MSG command. For example,
443 command: <samp class="highlight">/MSG john hello</samp>, will send a
444 `hello' message to a nickname `john'. By default private messages are
445 secured with session keys, and the message is re-encrypted by the servers
446 when the message travels to the receiver. If you would like to secure the
447 private messages with a private key, you can negotiate a secret key with the
448 receiver. Always remember to give WHOIS command before sending a private
449 message to assure that you are sending the message to correct person.
453 <samp class="highlight">Q: How do I negotiate secret key with another user?</samp><br />
454 A: It is important to negotiate secret keys if you cannot trust the servers
455 and the network you are using. By negotiating a key with the user you
456 want to talk to assures that no one except you and your friend is able
457 to encrypt and decrypt the messages. The secret key negotiation is done with
458 the KEY command. Here is an example of how to negotiate keys for securing
461 By giving command: <samp class="highlight">/KEY MSG john agreement
462 192.168.2.100</samp>, you will send a key negotiation request to a nickname
463 `john'. The 192.168.2.100 IP address would be your machine's IP address.
464 You can also define an port to the KEY command after the IP address. If
465 you do not do that the operating system will bind to a port of its choosing.
466 John will receive a notification on the screen that you would like to
467 negotiate secret keys with him, and he will receive the IP address and port
468 where you are listenning for the negotiation. When he gives command:
469 <samp class="highlight">/KEY MSG You negotiate 192.168.2.100 31382</samp>,
470 the key negotiation is started. During the key negotiation you will be
471 prompted on the screen to verify and accept John's public key if you do not
472 have his public key already. The John will be prompted to accept your
473 public key as well. After the key negotiation is over all private messages
474 sent between you and John are secured with the negotiated secret key.
475 Note that you must verify the public key you are prompted for, and this is
476 very important since someone could be doing man-in-the-middle attack.
480 <samp class="highlight">Q: How do I negotiate secret keys behind a NAT?</samp><br />
481 A: If only you are behind a NAT, or firewall then key negotiation works,
482 but if both you and your friend are behind a NAT then key negotiation will
483 not work, since it is done peer to peer. If you are behind a NAT then you
484 obviously cannot receive key negotiations, and cannot bind to any IP address
485 and port. However, you can still use KEY command to negotiate the keys.
487 By giving command: <samp class="highlight">/KEY MSG john agreement</samp>,
488 without any other arguments (such as IP address and port) you will send
489 a negotiation request to John, but do not provide an address and port for
490 the John to connect to. When John receives the notification on the screen
491 that you would like to perform key negotiation, he can give command:
492 <samp class="highlight">/KEY MSG You agreement 172.16.100.78</samp>, which
493 will send key negotiation request back to you. You will receive the IP
494 address and port where you need to connect in order to perform the negotiation.
495 After receiving the notification you can give command: <samp class="highlight">
496 /KEY MSG john negotiate 172.16.100.78 31181</samp>, which will start the
497 key negotiation with John. This way you can negotiate the keys if you are
502 <samp class="highlight">Q: How do I change channel modes?</samp><br />
503 A: The command to manage channel modes is CMODE. With this command you
504 can change the channel status (to change it to secret channel for example),
505 set user limit on the channel, passphrase for the channel, set the channel
506 to use private keys on channel, and set the founder mode.
510 <samp class="highlight">Q: What does the founder mode on channel mean, and how do I set it?</samp><br />
511 A: Who ever creates the channel by being the first user to join the channel
512 becomes automatically the founder of the channel. Founder has some extra
513 privileges on the channel. For example, it is not possible to kick the
514 founder off the channel, and there are some channel modes that only the
515 founder of the channel can change. If the creator of the channel wishes
516 to preserve the channel founder mode even if he leave the channel he
517 can set the founder mode for the channel.
519 The mode is set by giving command: <samp class="highlight">/CMODE #channel
520 +f -pubkey</samp>. This will set the founder mode and will use the public
521 key of the founder as authenticator when the user is reclaiming the mode
522 back. If the founder leaves the channel he will be able to get the founder
523 mode back by using JOIN or CUMODE commmands. Giving command
524 <samp class="highlight">/JOIN #channel -founder -pubkey</samp>,
525 will get the founder mode back at the same time he joins the channel, or
526 giving commmand <samp class="highlight">/CUMODE #channel +f -pubkey</samp>,
527 will also give the founder mode back on the channel after he has joined
530 If the channel is destroyed after the last client leaves the channel,
531 the founder mode is also reset. Who ever creates the channel after that
532 will also get the channel founder mode automatically. Note also that the
533 founder mode is local. You can reclaim the mode back only on the same
534 server where you set the founder mode in the first place.
538 <samp class="highlight">Q: I am founder of invite only channel, how can I join the channel after I have left it?</samp><br />
539 A: Founder can override the invite only status by reclaiming the founder
540 status on the channel using the JOIN command. The channel must have the
541 founder mode set in order for it to work. Reclaiming founder status using
542 JOIN command is important also if the channel has user limit set, and has
543 active bans. Founder can override these conditions as well. However,
544 founder cannot override the passphrase of the channel if it is set. To
545 get the founder mode during JOIN and to override the invite only condition,
546 give command: <samp class="highlight">/JOIN #channel -founder -pubkey</samp>.
547 This will join the channel and attempt to reclaim the founder status back
548 to you. Note that you need to be on the same server where you gave the
549 founder mode for the channel for this to work.
553 <samp class="highlight">Q: How can I op or deop somebody on channel?</samp><br />
554 A: Giving operator status, or removing the operator status on a channel
555 requires you to have at least operator status, or founder status on the
556 channel. You can give operator status to another user by using CUMODE
557 command. To give ops give the command: <samp class="highlight">/CUMODE
558 #channel +o john</samp>, and to remove ops give command:
559 <samp class="highlight">/CUMODE #channel -o john</samp>. To indicate
560 current channel you can also use `*' character in #channel's stead.
563 <a name="f3_100"></a>
564 <samp class="highlight">Q: How do I set private key for channel, and what does that mean exactly?</samp><br />
565 A: Setting private key for channel requires first to set the private key mode
566 for the channel. You need to be the founder of the channel to be able to
567 do this. Give the command: <samp class="highlight">/CMODE #channel +k</samp>.
568 After this mode is set the old channel key will not be used to encrypt and
569 decrypt channel messages. To set the key for the channel use the KEY command.
570 Every user on the channel must do the same thing and set the same key.
571 If some user on the channel does not set the key (or does not know the key)
572 he won't be able to see any messages on the channel. Give the command:
573 <samp class="highlight">/KEY CHANNEL #channel set verysecretkey</samp>.
574 This command will set the `verysecretkey' passphrase as key to the #channel.
575 How exactly other users will know this key is out of scope of the SILC
576 protocol. SILC does not provide yet a possibility of negotiating secret key
577 with many users at the same time. For this reason the secret key on the
578 channel is usually a passphrase or a password that all users on the channel
579 have to know. Setting a private key for channel means that only the users
580 on the channel who know the key is able to encrypt and decrypt messages.
581 Servers do not know the key at all. If you remove the private key mode
582 from the channel, all users will start automatically using a new channel
583 key to secure channel messages.
586 <a name="f3_110"></a>
587 <samp class="highlight">Q: How do I transfer a file?</samp><br />
588 A: You can transfer files securely using the FILE command. This command
589 will automatically negotiate secret key with the remote user and the
590 file transfer stream is secured using that key. The file transfer
591 stream is always sent peer to peer. If you would like to send a file
592 to another user you can give command: <samp class="highlight">/FILE
593 SEND path/to/the/file john</samp>. This command sends, or actually
594 makes the `path/to/the/file' available for download for the user `john'.
595 The John will decide whether he wants to actually download the file.
596 When John gives the command: <samp class="highlight">/FILE RECEIVE</samp>,
597 the key negotiation is started. You and John will be prompted to verify
598 and accept each other's public key if you do not have it cached already.
599 After key negotiation is over the file transfer process starts.
600 If you want to cancel the file transfer session, or if John wants to
601 reject the file transfer request, giving the command: <samp class="highlight">
602 /FILE CLOSE</samp> will close the session.
605 <a name="f3_120"></a>
606 <samp class="highlight">Q: How can I get other users public keys?</samp><br />
607 A: You can get a user's public key using the GETKEY command. This command
608 will fetch the user's public key from the server where the user has connected
609 to. The server has verified that the user posesses the corresponding private
610 key, however, you will be prompted to verify and accept the public key.
611 All client public keys are saved in your local key directory in
612 ~/.silc/clientkeys/. You can also receive clients public keys during
613 key negotiation and file transfers. The GETKEY command can be used to fetch
614 a server's public key as well. Those keys are saved in ~/.silc/serverkeys/
618 <a name="f3_130"></a>
619 <samp class="highlight">Q: How can I see the fingerprint of my public key?</samp><br />
620 A: You can check out your own fingerprint by giving just WHOIS command without
621 any arguments. Additionally you can also dump the contents of the key file
622 using the silc program and giving -S option to it. Your own public key is
623 always saved in ~/.silc/public_key.pub file. To dump your key run silc as:
624 <samp class="highlight">silc -S .silc/public_key.pub</samp>. The same way
625 you can dump the contents of any public key inside ~/.silc/clientkeys/ and
626 ~/.silc/serverkeys/ directories. The WHOIS command will also show other
627 users public key fingerprints.
630 <a name="f3_140"></a>
631 <samp class="highlight">Q: I gave WHOIS to a nick, and it returned multiple replies, why?</samp><br />
632 A: This will happen if there are several same nicknames in the network at
633 the same time. As you may already know nicknames are not unique in SILC
634 network. This means there can be multiple same nicknames. This also means
635 that you can always have the nickname you want. If WHOIS returns multiple
636 replies, you can distinguish the users by their realname, username,
637 hostname and ultimately by the fingerprint of their public key, which the
638 WHOIS will also show. You will also notice an additional nickname inside a
639 parenthesis. It may show for example: <samp class="highlight">nickname: John
640 (John@otaku)</samp>. The real nickname is `John', but since there are
641 many John's in the network you can access this one using `John@otaku'.
642 So, if you were to send private message to this particular John you can do
643 it by giving command: <samp class="highlight">/MSG John@otaku hello</samp>.
644 This will send `hello' message to the John@otaku.
647 <a name="f3_150"></a>
648 <samp class="highlight">Q: Is there a command to see all linked servers?</samp><br />
649 A: No there is not. For longer answer see also <a href="#f2_70"
650 class="normal">this FAQ</a>.
653 <a name="f3_160"></a>
654 <samp class="highlight">Q: How do I list the users of a channel?</samp><br />
655 A: The command to list all users on a particular channel is USERS. It is
656 also aliased to WHO command in Irssi SILC Client. To see the users of the
657 current channel give the command: <samp class="highlight">/USERS *</samp>.
658 You can replace the `*' with the channel name of your choosing. If the
659 channel is private or secret channel, and you have not joined the channel,
660 you cannot list the users of that channel.
663 <a name="f3_170"></a>
664 <samp class="highlight">Q: What is the difference between OPER and SILCOPER commands?</samp><br />
665 A: The OPER command is used to gain server operator privileges on normal
666 SILC server, while SILCOPER is used to gain router operator (also known as
667 SILC operator) privileges on router server. You cannot use SILCOPER command
668 on normal SILC server, it works only on router server.
672 <a name="f4_0"></a><br />
673 <b>4. Server Questions</b><br /> <br />
676 <samp class="highlight">Q: Where can I find SILC servers?</samp><br />
677 A: The SILC server is available for free download from the silcnet.org
678 web page. We are not aware of any other SILC server implementations, so far.
682 <samp class="highlight">Q: Can I run my own SILC server?</samp><br />
683 A: Yes of course. Download the SILC server package, compile and install
684 it. Be sure to check out the installation instructions and the README
685 file. You also should decide whether you want to run SILC server or SILC
690 <samp class="highlight">Q: What is the difference between SILC
691 server and SILC router?</samp><br />
692 A: The topology of the SILC network includes SILC routers and the SILC
693 servers (and SILC clients of course). Normal SILC server does not have
694 direct connections with other SILC servers. They connect directly to the
695 SILC router. SILC Routers may have several server connections and they
696 may connect to several SILC routers. The SILC routers are the servers in
697 the network that know everything about everything. The SILC servers know
698 only local information and query global information from the router when
701 If you are running SILC server you want to run it as router only if you
702 want to have server connections in it and are prepared to accept server
703 connections. You also need to get the router connected to some other
704 router to be able to join the SILC network. You may run the server as
705 normal SILC server if you do not want to accept other server connections
706 or cannot run it as router.
710 <samp class="highlight">Q: Why server says permission denied to write to a
711 log file?</samp><br />
712 A: The owner of the log files must be same user that the server is run
713 under, by default it is user `nobody'. Just change the permissions and
718 <samp class="highlight">Q: When I connect to my server it says "server does
719 not support one of your proposed ciphers", what is wrong?</samp><br />
720 A: Most likely the ciphers and others has not been compiled as SIMs
721 (modules) and they are configured as modules in the silcd.conf. If they
722 are not compiled as modules remove the module paths from the ciphers and
723 hash functions from the silcd.conf, so that the server use the builtin
724 ciphers. Then try connecting to the server again. It is also possible
725 that the client IS proposing some ciphers that your server does not support.
729 <samp class="highlight">Q: Why SILC server runs on privileged port 706?</samp><br />
730 A: Ports 706/tcp and 706/udp have been assigned for the SILC protocol by
731 <a href="http://www.iana.org" class="normal">IANA</a>. Server on the network
732 listening above privileged ports (>1023) SHOULD NOT be trusted as it could
733 have been set up by untrusted party. The server normally drops root privileges
734 after startup and then run as user previously defined in silcd.conf.
738 <samp class="highlight">Q: I see [Unknown] in the log file, what does it mean?</samp><br />
739 A: You can see in the log file for example: <samp class="highlight">
740 [Info] Closing connection 192.168.78.139:3214 [Unknown]</samp>. The [Unknown]
741 means that the connection was not authenticated yet, and it is not known
742 whether the connection was a client, server or router. There will appear
743 [Client], [Server] or [Router] if the connection is authenticated at that
748 <a name="f5_0"></a><br />
749 <b>5. Toolkit Questions</b><br /> <br />
752 <samp class="highlight">Q: What is SILC Toolkit?</samp><br />
753 A: SILC Toolkit is a package intended for software developers who would
754 like to develope their own SILC based applications or help in the
755 development of the SILC. The Toolkit includes SILC Protocol Core library,
756 SILC Crypto library, SILC Key Exchange (SKE) library, SILC Math
757 library, SILC Modules (SIM) library, SILC Utility library, SILC Client
758 library and few other libraries.
762 <samp class="highlight">Q: Is the SILC Toolkit Reference Manual Available?</samp><br />
763 A: Yes, partially completed reference manual is available in the Toolkit
764 releases as HTML package and they are available from the silcnet.org
765 website as well at the <a href="?page=docs" class="normal">documentation </a> page.
769 <samp class="highlight">Q: How do I compile the Toolkit on Unix?</samp><br />
770 A: You should read the INSTALL file from the package and follow its
771 instructions. The compilation on Unix is as simple as compiling any other
772 SILC package. Give, `./configure' command and then `make' command.
776 <samp class="highlight">Q: How do I compile the Toolkit on Win32?</samp><br />
777 A: We have prepared instructions to compile the Toolkit on Win32 in the
778 Toolkit package. Please, read the README.WIN32 file from the package for
779 detailed instructions how to compile the Toolkit for Cygwin, MinGW and
780 native Win32 systems. We have also prepared ready MSVC++ Workspace files
781 in the win32/ directory in the package that will compile automatically
786 <samp class="highlight">Q: Does the Toolkit package include any sample code?</samp><br />
787 A: Yes, naturally. It includes sample codes for two different SILC Client
788 implementations, and SILC Server. The silcer/ directory includes a simple
789 GUI client based on GTK--, and Win32 samples are included in the win32/
790 directory, for simple client.