add_key(2)

1ADD_KEY(2)                Linux Key Management Calls                ADD_KEY(2)
2
3
4

NAME

6       add_key - Add a key to the kernel's key management facility
7

SYNOPSIS

9       #include <keyutils.h>
10
11       key_serial_t add_key(const char *type, const char *description,
12       const void *payload, size_t plen, key_serial_t keyring);
13

DESCRIPTION

15       add_key()  asks  the kernel to create or update a key of the given type
16       and description, instantiate it with the payload of length plen, and to
17       attach it to the nominated keyring and to return its serial number.
18
19       The key type may reject the data if it's in the wrong format or in some
20       other way invalid.
21
22       If the destination keyring already contains  a  key  that  matches  the
23       specified  type and description then, if the key type supports it, that
24       key will be updated rather than a new key being created; if not, a  new
25       key  will  be  created  and it will displace the link to the extant key
26       from the keyring.
27
28       The destination keyring serial number may be that of a valid keyring to
29       which  the  caller has write permission, or it may be a special keyring
30       ID:
31
32       KEY_SPEC_THREAD_KEYRING
33              This specifies the caller's thread-specific keyring.
34
35       KEY_SPEC_PROCESS_KEYRING
36              This specifies the caller's process-specific keyring.
37
38       KEY_SPEC_SESSION_KEYRING
39              This specifies the caller's session-specific keyring.
40
41       KEY_SPEC_USER_KEYRING
42              This specifies the caller's UID-specific keyring.
43
44       KEY_SPEC_USER_SESSION_KEYRING
45              This specifies the caller's UID-session keyring.
46

KEY TYPES

48       There are a number of key types available in the  core  key  management
49       code, and these can be specified to this function:
50
51       “user” Keys  of  the  user-defined key type may contain a blob of arbi‐
52              trary data, and the description may be any valid string,  though
53              it  is  preferred that the description be prefixed with a string
54              representing the service to which the key is of interest  and  a
55              colon  (for  instance “afs:mykey”).  The payload may be empty or
56              NULL for keys of this type.
57
58       “keyring”
59              Keyrings are  special  key  types  that  may  contain  links  to
60              sequences  of other keys of any type.  If this interface is used
61              to create a keyring, then a NULL payload  should  be  specified,
62              and plen should be zero.
63

RETURN VALUE

65       On success add_key() returns the serial number of the key it created or
66       updated.  On error, the value -1 will be returned and errno  will  have
67       been set to an appropriate error.
68

ERRORS

70       ENOKEY The keyring doesn't exist.
71
72       EKEYEXPIRED
73              The keyring has expired.
74
75       EKEYREVOKED
76              The keyring has been revoked.
77
78       EINVAL The payload data was invalid.
79
80       ENOMEM Insufficient memory to create a key.
81
82       EDQUOT The  key  quota for this user would be exceeded by creating this
83              key or linking it to the keyring.
84
85       EACCES The keyring wasn't available for modification by the user.
86

LINKING

88       Although this is a Linux system call, it is not present in libc but can
89       be  found  rather  in  libkeyutils.  When linking, -lkeyutils should be
90       specified to the linker.
91