Man page - keyutils(7)

Packages contains this manual

Package: keyutils
apt-get install keyutils

Manuals in package:

Documentations in package:

keyutils

Manual

KEYUTILS

NAME
DESCRIPTION
UTILITIES
SEE ALSO

NAME

keyutils - in-kernel key management utilities

DESCRIPTION

The keyutils package is a library and a set of utilities for accessing the kernel keyrings facility.

A header file is supplied to provide the definitions and declarations required to access the library:

#include <keyutils.h>

To link with the library, the following:

-lkeyutils

should be specified to the linker.

Three system calls are provided:
add_key (2)

Supply a new key to the kernel.

request_key (2)

Find an existing key for use, or, optionally, create one if one does not exist.

keyctl (2)

Control a key in various ways. The library provides a variety of wrappers around this system call and those should be used rather than calling it directly.

See the add_key (2), request_key (2), and keyctl (2) manual pages for more information.

The keyctl () wrappers are listed on the keyctl (3) manual page.

UTILITIES

A program is provided to interact with the kernel facility by a number of subcommands, e.g.:

keyctl add user foo bar @s

See the keyctl (1) manual page for information on that.

The kernel has the ability to upcall to userspace to fabricate new keys. This can be triggered by request_key (), but userspace is better off using add_key () instead if it possibly can.

The upcalling mechanism is usually routed via the request-key (8) program. What this does with any particular key is configurable in:

/etc/request-key.conf
/etc/request-key.d/

See the request-key.conf (5) and the request-key (8) manual pages for more information.