|
HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|
|
NAME | DESCRIPTION | UTILITIES | SEE ALSO | COLOPHON |
|
|
|
KEYUTILS(7) Kernel key management KEYUTILS(7)
keyutils - in-kernel key management utilities
The keyutils package is a library and a set of utilities for
accessing the kernel keyrings facility.
A header file is supplied to provide the definitions and
declarations required to access the library:
#include <keyutils.h>
To link with the library, the following:
-lkeyutils
should be specified to the linker.
Three system calls are provided:
add_key(2)
Supply a new key to the kernel.
request_key(2)
Find an existing key for use, or, optionally, create one if
one does not exist.
keyctl(2)
Control a key in various ways. The library provides a
variety of wrappers around this system call and those
should be used rather than calling it directly.
See the add_key(2), request_key(2), and keyctl(2) manual pages for
more information.
The keyctl() wrappers are listed on the keyctl(3) manual page.
A program is provided to interact with the kernel facility by a
number of subcommands, e.g.:
keyctl add user foo bar @s
See the keyctl(1) manual page for information on that.
The kernel has the ability to upcall to userspace to fabricate new
keys. This can be triggered by request_key(), but userspace is
better off using add_key() instead if it possibly can.
The upcalling mechanism is usually routed via the request-key(8)
program. What this does with any particular key is configurable
in:
/etc/request-key.conf
/etc/request-key.d/
See the request-key.conf(5) and the request-key(8) manual pages
for more information.
keyctl(1), keyctl(3), keyrings(7), persistent-keyring(7),
process-keyring(7), session-keyring(7), thread-keyring(7),
user-keyring(7), user-session-keyring(7), pam_keyinit(8)
This page is part of the keyutils (key management utilities)
project. Information about the project can be found at [unknown
-- if you know, please contact [email protected]] If you have a
bug report for this manual page, send it to
[email protected]. This page was obtained from the project's
upstream Git repository
⟨http://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git⟩
on 2025-08-11. (At that time, the date of the most recent commit
that was found in the repository was 2023-03-20.) If you discover
any rendering problems in this HTML version of the page, or you
believe there is a better or more up-to-date source for the page,
or you have corrections or improvements to the information in this
COLOPHON (which is not part of the original manual page), send a
mail to [email protected]
Linux 21 Feb 2014 KEYUTILS(7)
Pages that refer to this page: add_key(2), keyctl(2), request_key(2), keyctl(3), keyctl_capabilities(3), keyctl_chown(3), keyctl_clear(3), keyctl_describe(3), keyctl_dh_compute(3), keyctl_get_keyring_ID(3), keyctl_get_persistent(3), keyctl_get_security(3), keyctl_instantiate(3), keyctl_invalidate(3), keyctl_join_session_keyring(3), keyctl_link(3), keyctl_move(3), keyctl_pkey_encrypt(3), keyctl_pkey_query(3), keyctl_pkey_sign(3), keyctl_read(3), keyctl_restrict_keyring(3), keyctl_revoke(3), keyctl_search(3), keyctl_session_to_parent(3), keyctl_setperm(3), keyctl_set_reqkey_keyring(3), keyctl_set_timeout(3), keyctl_update(3), keyctl_watch_key(3), asymmetric-key(7), keyrings(7)
|
HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|