keyutils — in-kernel key management utilities

Description

The keyutils package is a library and a set of utilities for accessing the kernel keyrings facility.

A header file is supplied to provide the definitions and declarations required to access the library:

#include <keyutils.h>

To link with the library, the following:

-lkeyutils

should be specified to the linker.

Three system calls are provided:

add_key(2)

Supply a new key to the kernel.

request_key(2)

Find an existing key for use, or, optionally, create one if one does not exist.

keyctl(2)

Control a key in various ways.  The library provides a variety of wrappers around this system call and those should be used rather than calling it directly.

See the add_key(2), request_key(2), and keyctl(2) manual pages for more information.

The keyctl() wrappers are listed on the keyctl(3) manual page.

Utilities

A program is provided to interact with the kernel facility by a number of subcommands, e.g.:

keyctl add user foo bar @s

See the keyctl(1) manual page for information on that.

The kernel has the ability to upcall to userspace to fabricate new keys.  This can be triggered by request_key(), but userspace is better off using add_key() instead if it possibly can.

The upcalling mechanism is usually routed via the request-key(8) program.  What this does with any particular key is configurable in:

/etc/request-key.conf
/etc/request-key.d/

See the request-key.conf(5) and the request-key(8) manual pages for more information.

See Also

keyctl(1), keyctl(3), keyrings(7), persistent-keyring(7), process-keyring(7), session-keyring(7), thread-keyring(7), user-keyring(7), user-session-keyring(7), pam_keyinit(8)

Referenced By

add_key(2), asymmetric-key(7), keyctl(2), keyctl(3), keyctl_chown(3), keyctl_clear(3), keyctl_describe(3), keyctl_dh_compute(3), keyctl_get_keyring_ID(3), keyctl_get_persistent(3), keyctl_get_security(3), keyctl_instantiate(3), keyctl_invalidate(3), keyctl_join_session_keyring(3), keyctl_link(3), keyctl_pkey_encrypt(3), keyctl_pkey_query(3), keyctl_pkey_sign(3), keyctl_read(3), keyctl_restrict_keyring(3), keyctl_revoke(3), keyctl_search(3), keyctl_session_to_parent(3), keyctl_setperm(3), keyctl_set_reqkey_keyring(3), keyctl_set_timeout(3), keyctl_update(3), keyrings(7), request_key(2).

21 Feb 2014 Linux Kernel key management