SILC Secure Internet Live Conferencing

SILC Client FAQ

1. SILC Client Questions
1.1 Where can I find SILC clients?
1.2 Can I use SILC with IRC client and vice versa?
1.3 I am behind a firewall, can I use the SILC Client?
1.4.The default theme sucks, where can I find a better one?
1.4 How do I send a private message?
1.5 How do I negotiate secret key with another user?
1.6 How do I negotiate secret keys behind a NAT?
1.7 How do I change channel modes?
1.8 What does the founder mode on channel mean, and how do I set it?
1.9 I am a founder of an invite only channel, how can I join the channel after I have left it?
1.10 How can I op or deop somebody on channel?
1.11 How do I set private key for channel, and what does that mean exactly?
1.12 How do I transfer a file?
1.11.How can I get other users public keys?
1.14 How can I see the fingerprint of my public key?
1.15 I gave WHOIS to a nick, and it returned multiple replies, why?
1.16 Is there a command to see all linked servers?
1.17 How do I list the users of a channel?
1.18 What is the difference between OPER and SILCOPER commands?
1.19 My Cygwin client crashes with message "Couldn't create //.silc directory"
1.20 Why /join #silc and /join silc doesn't join the same channel?
1.21 How do I detach my session from the server?
1.22 I detached but couldn't resume, how do I get rid of the ghost user in the network?
1.23 How do I turn on UTF-8 support in the client?
1.24 What are the Requested Attributes and how do I use them?
1.25 How do I set the Requested Attributes to myself?
1.26 I don't want to send the attributes, how do I turn them off?
1.27 How do I set my watch list to watch other users?
1.28 How do I reject watching?
1.29 How do I send digitally signed private message?
1.30 How do I send digitally signed channel message?
1.31 I don't want to verify any signature, can I turn it off?
1.32 [?] appears before nickname, what does it mean?
1.33 What are channel public keys?
1.34 How can I add/remove channel public keys?
1.35 How do I join a channel which uses channel public keys?
1.36 I lost/regenerated my key pair and cannot get founder rights on channel anymore, what to do?

1. SILC Client Questions

Q: Where can I find SILC clients?
A: The official SILC client is available for free download from the silcnet.org web page. There are also several independent projects working with the SILC Toolkit to come up with various other clients, mostly GUI clients. See our links page for links to other clients.

Q: Can I use SILC with IRC client and vice versa?
A: Generally the answer would be no for both. However, there exist already at least one IRC client that supports SILC, the Irssi client. The current SILC client is actually based on the user interface of the Irssi client. So, yes it is possible to use SILC with some IRC clients and vice versa. You can use SILC plug-in in Irssi and have support for both protocols in one client. But, this does not mean that you can talk from SILC network to IRC network, that is not possible.

Q: I am behind a firewall, can I use the SILC Client?
A: Yes. If your network administrator can open the remote port 706 (TCP) you can use SILC without problems. You may also compile your SILC Client with SOCKS support which will proxy your SILC session through the firewall.

Q: The default theme sucks, where can I find a better one?
A: The SILC Client's theme files are almost 100% compatible with the original Irssi IRC client's themes. You can get those theme files from the Irssi project website. You can also try to make a better theme by yourself.

Q: How do I send a private message?
A: Sending private message is done by using the MSG command. For example, command: /MSG john hello, will send a `hello' message to a nickname `john'. By default private messages are secured with session keys, and the message is re-encrypted by the servers when the message travels to the receiver. If you would like to secure the private messages with a private key, you can negotiate a secret key with the receiver. Always remember to give WHOIS command before sending a private message to assure that you are sending the message to correct person.

Q: How do I negotiate secret key with another user?
A: It is important to negotiate secret keys if you cannot trust the servers and the network you are using. By negotiating a key with the user you want to talk to assures that no one except you and your friend is able to encrypt and decrypt the messages. The secret key negotiation is done with the KEY command. Here is an example of how to negotiate keys for securing private messages.

By giving command: /KEY MSG john agreement 192.168.2.100, you will send a key negotiation request to a nickname `john'. The 192.168.2.100 IP address would be your machine's IP address. You can also define port to the KEY command after the IP address. If you do not do that the operating system will bind to a port of its choosing. John will receive a notification on the screen that you would like to negotiate secret keys with him, and he will receive the IP address and port where you are listening for the negotiation. When he gives command: /KEY MSG You negotiate 192.168.2.100 1.1.2, the key negotiation is started. During the key negotiation you will be prompted on the screen to verify and accept John's public key if you do not have his public key already. The John will be prompted to accept your public key as well. After the key negotiation is over all private messages sent between you and John are secured with the negotiated secret key. Note that you must verify the public key you are prompted for, and this is very important since someone could be doing man-in-the-middle attack.

Q: How do I negotiate secret keys behind a NAT?
A: If only you are behind a NAT, or firewall then key negotiation works, but if both you and your friend are behind a NAT then key negotiation will not work, since it is done peer to peer. If you are behind a NAT then you obviously cannot receive key negotiations, and cannot bind to any IP address and port. However, you can still use KEY command to negotiate the keys.

By giving command: /KEY MSG john agreement, without any other arguments (such as IP address and port) you will send a negotiation request to John, but do not provide an address and port for the John to connect to. When John receives the notification on the screen that you would like to perform key negotiation, he can give command: /KEY MSG You agreement 172.16.100.78, which will send key negotiation request back to you. You will receive the IP address and port where you need to connect in order to perform the negotiation. After receiving the notification you can give command: /KEY MSG john negotiate 172.16.100.78 1.181, which will start the key negotiation with John. This way you can negotiate the keys if you are behind a NAT.

Q: How do I change channel modes?
A: The command to manage channel modes is CMODE. With this command you can change the channel status (to change it to secret channel for example), set user limit on the channel, passphrase for the channel, set the channel to use private keys on channel, and set the founder mode.

Q: What does the founder mode on channel mean, and how do I set it?
A: Who ever creates the channel by being the first user to join the channel becomes automatically the founder of the channel. Founder has some extra privileges on the channel. For example, it is not possible to kick the founder off the channel, and there are some channel modes that only the founder of the channel can change. If the creator of the channel wishes to preserve the channel founder mode even if he leave the channel he can set the founder mode for the channel.

The mode is set by giving command: /CMODE channel +f. This will set the founder mode and will use the public key of the founder as authenticator when the user is reclaiming the mode back. If the founder leaves the channel he will be able to get the founder mode back by using JOIN or CUMODE commmands. Giving command /JOIN channel -founder, will get the founder mode back at the same time he joins the channel, or giving commmand /CUMODE channel +f yournick, will also give the founder mode back on the channel after he has joined the channel.

The founder mode also means that the channel becomes permanent when it is set. This means that when the last client leaves the channel the channel is not destroyed when the founder mode is set. Next time someone joins the channel he will not become the founder of the channel if the channel already existed (but were empty). If the founder mode is not set when last user leaves the channel, the channel will be destroyed. When you set the mode for the channel and leave the channel you can reclaim the founder rights to yourself back at any time when you rejoin the channel.

Q: I am a founder of an invite only channel, how can I join the channel after I have left it?
A: Founder can override the invite only status by reclaiming the founder status on the channel using the JOIN command. The channel must have the founder mode set in order for it to work. Reclaiming founder status using JOIN command is important also if the channel has user limit set, and has active bans. Founder can override these conditions as well. However, founder cannot override the passphrase of the channel if it is set. To get the founder mode during JOIN and to override the invite only condition, give command: /JOIN channel -founder. This will join the channel and attempt to reclaim the founder status back to you.

Q: How can I op or deop somebody on channel?
A: Giving operator status, or removing the operator status on a channel requires you to have at least operator status, or founder status on the channel. You can give operator status to another user by using CUMODE command. To give ops give the command: /CUMODE channel +o john, and to remove ops give command: /CUMODE channel -o john. To indicate current channel you can also use `*' character in channel's stead.

Q: How do I set private key for channel, and what does that mean exactly?
A: Setting private key for channel requires first to set the private key mode for the channel. You need to be the founder of the channel to be able to do this. Give the command: /CMODE channel +k. After this mode is set the old channel key will not be used to encrypt and decrypt channel messages. To set the key for the channel use the KEY command. Every user on the channel must do the same thing and set the same key. If some user on the channel does not set the key (or does not know the key) he won't be able to see any messages on the channel. Give the command: /KEY CHANNEL channel set verysecretkey. This command will set the `verysecretkey' passphrase as key to channel. How exactly other users will know this key is out of scope of the SILC protocol. SILC does not provide yet a possibility of negotiating secret key with many users at the same time. For this reason the secret key on the channel is usually a passphrase or a password that all users on the channel have to know. Setting a private key for channel means that only the users on the channel who know the key is able to encrypt and decrypt messages. Servers do not know the key at all. If you remove the private key mode from the channel, all users will start automatically using a new channel key to secure channel messages.

Q: How do I transfer a file?
A: You can transfer files securely using the FILE command. This command will automatically negotiate secret key with the remote user and the file transfer stream is secured using that key. The file transfer stream is always sent peer to peer. If you would like to send a file to another user you can give command: /FILE SEND path/to/the/file john. This command sends, or actually makes the `path/to/the/file' available for download for the user `john'. The John will decide whether he wants to actually download the file. When John gives the command: /FILE ACCEPT, the key negotiation is started. You and John will be prompted to verify and accept each other's public key if you do not have it cached already. After key negotiation is over the file transfer process starts. If you want to cancel the file transfer session, or if John wants to reject the file transfer request, giving the command: /FILE CLOSE will close the session.

Q: How can I get other users public keys?
A: You can get a user's public key using the GETKEY command. This command will fetch the user's public key from the server where the user has connected to. The server has verified that the user posesses the corresponding private key, however, you will be prompted to verify and accept the public key. All client public keys are saved in your local key directory in ~/.silc/clientkeys/. You can also receive clients public keys during key negotiation and file transfers. The GETKEY command can be used to fetch a server's public key as well. Those keys are saved in ~/.silc/serverkeys/ directory.

Q: How can I see the fingerprint of my public key?
A: You can check out your own fingerprint by giving just WHOIS command without any arguments. Additionally you can also dump the contents of the key file using the silc program and giving -S option to it. Your own public key is always saved in ~/.silc/public_key.pub file. To dump your key run silc as: silc -S .silc/public_key.pub. The same way you can dump the contents of any public key inside ~/.silc/clientkeys/ and ~/.silc/serverkeys/ directories. The WHOIS command will also show other users public key fingerprints.

Q: I gave WHOIS to a nick, and it returned multiple replies, why?
A: This will happen if there are several same nicknames in the network at the same time. As you may already know nicknames are not unique in SILC network. This means there can be multiple same nicknames. This also means that you can always have the nickname you want. If WHOIS returns multiple replies, you can distinguish the users by their realname, username, hostname and ultimately by the fingerprint of their public key, which the WHOIS will also show. You will also notice an additional nickname inside a parenthesis. It may show for example: nickname: John (John@otaku). The real nickname is `John', but since there are many John's in the network you can access this one using `John@otaku'. So, if you were to send private message to this particular John you can do it by giving command: /MSG John@otaku hello. This will send `hello' message to the John@otaku.

Q: Is there a command to see all linked servers?
A: No there is not. For longer answer see SILC Protocol FAQ.

Q: How do I list the users of a channel?
A: The command to list all users on a particular channel is USERS. It is also aliased to WHO command in Irssi SILC Client. To see the users of the current channel give the command: /USERS *. You can replace the `*' with the channel name of your choosing. If the channel is private or secret channel, and you have not joined the channel, you cannot list the users of that channel.

Q: What is the difference between OPER and SILCOPER commands?
A: The OPER command is used to gain server operator privileges on normal SILC server, while SILCOPER is used to gain router operator (also known as SILC operator) privileges on router server. You cannot use SILCOPER command on normal SILC server, it works only on router server.

Q: My Cygwin client crashes with message "Couldn't create //.silc directory"
A: A solutions should be setting HOME enviroment variable to the directory where you have unpacked your SILC Client. Type to your command prompt something like:
c:\>set HOME=c:\silc

Q: Why /join #silc and /join silc doesn't join the same channel?
A: The #-character is not mandatory part of channel name in SILC. So #silc and silc are two different channels. The #-character in channel name is IRC feature and has nothing to do with SILC. If you have a #-character in the channel name, then it is part of the channel name, just like %-character, or &-character could be part of channel name.

Q: How do I detach my session from the server?
A: You can detach your session by simply giving DETACH command. Your connection to the server will be closed automatically. Next time you connect any server in the network your session will be automatically resumed. If there is an error during session resuming your connection will be closed and you need to reconnect to the server. In this case the old sessionn cannot be resumed anymore.

Q: I detached but couldn't resume, how do I get rid of the ghost user in the network?
A: The resuming may fail for several reasons and it is possible that the ghost remains in the network for a while. You can use the /KILL your_old_nick -pubkey command to kill the ghost client. Note that, you can kill only yourself and you must be connected to the same server where that ghost client was connected to. Read also the help for the KILL command for more information.

Q: How do I turn on UTF-8 support in the client?
A: You can give /set term_type command to see what encoding is currently used. If it is something else than "utf-8" you can turn on the UTF-8 by giving command /set term_type utf-8. Your terminal naturally need to support UTF-8 properly. In SILC all text messages are UTF-8 encoded, and the client is able to display the message correctly even if your terminal does not support UTF-8. However, if your terminal supports UTF-8 you should turn it on with /set term_type utf-8 command.

Q: What are the Requested Attributes and how do I use them?
A: The WHOIS command (see /HELP WHOIS and /HELP ATTR) supports extensions called requested attributes, or user online precense and information attributes, as they are officially called. The attributes can be used to get more detailed information about the user you can querying with WHOIS. The attributes can return to you for example the user's business card (Vcard), pictures, user's mood, geolocation, public keys and certificates, differnet kind of online status messages (text and multimedia messages), and other information.

The attributes are optional and WHOIS may not return those even if you request for them. On the other hand, server may reply on the behalf of the user if that user does not send the attributes to you. In this case the server tries to fulfill your request by providing as much information as the server knows about the user. To get attributes with the WHOIS command, give /WHOIS nick -details. The WHOIS query usually takes a bit longer in this case. Note that, you may not receive the details at all if the user you queried has denied it, or server may return just partial information.

When the attributes are received the SILC Client asks you whether you would like to save the attributes. If you want to save all the data you received (like business card and pictures, etc.) answer yes. The data is saved into so called 'friends list' into the ~/.silc/friends/ directory. The entry is saved there by the fingerprint of the user's public key.

Q: How do I set the Requested Attributes to myself?
A: By default, the SILC Client has enabled that other users can retrieve your requested attributes. See /HELP ATTR for all attributes. You can use the ATTR command to set the attributes you would like other users to get.

Q: I don't want to send the attributes, how do I turn them off?
A: If you don't want other users to get your attributes, give command /ATTR allow OFF. Your attributes will not be sent to other users. Note that, the server you are connected to may return to other users some information about you (in addition of normal WHOIS information it may return more information if it knows more).

Q: How do I set my watch list to watch other users?
A: You can set nicknames to be watched into your watch list using the WATCH command. When the users you watch come online, leave the network, change modes or nickname will be notified to you, unless they have rejected watching. You can use the watch list to see for example when your friends come online or leave the network. See /HELP WATCH for more information.

Q: How do I reject watching?
A: Give the command UMODE +w to reject watching. In this case none of your status changes will be notified. See /HELP UMODE for more information.

Q: How do I send digitally signed private message?
A: You can send digitally signed private message by giving command /SMSG Nick your message. This will send private message to Nick and digitally signs it with your private key. The receiver can verify the signature if it has your public key and trusts it.

Q: How do I send digitally signed channel message?
A: You can send digitally signed channel message by giving command /SMSG -channel Channel your message. This will send the message to Channel and digitally signs it. Anyone that has your public key and trusts it can verify the signature.

Q: I don't want to verify any signature, can I turn it off?
A: Yes you can, by giving /set ignore_message_signatures ON.

Q: [?] appears before nickname, what does it mean?
A: This means that the user sent digitally signed message but you do not have their public key. Use the GETKEY command to get their public key. After getting the key [S] should appear before the nickname to indicate that the signature was successfully verified. If [F] appears before nickname the signature verification failed. This should not happen unless active attack is in process.

Q: What are channel public keys?
A: Channel public key mode (see /HELP CMODE) can be set on channel to allow joining to the channel for only those users whose public key has been added to the channel public key list. When a user joins to the channel he must provide a digital signature which is used to authenticate the joining to the channel. If the channel public key is not on the channel public key list the user cannot join. This feature is same as channel passphrase but works with digital signatures.

Q: How can I add/remove channel public keys?
A: First, see the /HELP CMODE for more help. You can add a public key to the channel public key list by giving command /CMODE +C +/path/to/public_key.pub, and to remove public key give command /CMODE +C -/path/to/public_key.pub. To view the list of channel public keys on the channel give command /CMODE +C without any arguments. If you remove the mode by giving /CMODE -C the mode is removed and all channel public keys are removed.

Q: How do I join a channel which uses channel public keys?
A: If the channel has channel public key authentication mode set you must provide authentication to the JOIN command to be able to join. Your public key also must be added to the channel public key list before you are able to join. To join channel give command /JOIN channel -auth. This will use your default key pair to do the authentication. If you have other key pair that you must use during authentication you can give the public key and private key file paths to the -auth option. See /HELP JOIN for more detailed information.

Q: I lost/regenerated my key pair and cannot get founder rights on channel anymore, what to do?
A: If you lost your private key then you won't be able to get the founder rights back at all. Your only chance is to wait that server is rebooted and hope that the founder mode is reset in the reboot. If you still have the old private key after you regenerated the new one then you can switch the new keys into use as founder keys by using the /CMODE command. It allows you to specify which key pair you use as founder key pair. Don't loose your private keys.