1KEYCTL(2)                 Linux Key Management Calls                 KEYCTL(2)
2
3
4

NAME

6       keyctl - manipulate the kernel's key management facility
7

SYNOPSIS

9       #include <keyutils.h>
10
11       long keyctl(int cmd, ...);
12

DESCRIPTION

14       keyctl() has a number of functions available:
15
16       KEYCTL_GET_KEYRING_ID
17              Ask for a keyring's ID.
18
19       KEYCTL_JOIN_SESSION_KEYRING
20              Join or start named session keyring.
21
22       KEYCTL_UPDATE
23              Update a key.
24
25       KEYCTL_REVOKE
26              Revoke a key.
27
28       KEYCTL_CHOWN
29              Set ownership of a key.
30
31       KEYCTL_SETPERM
32              Set perms on a key.
33
34       KEYCTL_DESCRIBE
35              Describe a key.
36
37       KEYCTL_CLEAR
38              Clear contents of a keyring.
39
40       KEYCTL_LINK
41              Link a key into a keyring.
42
43       KEYCTL_UNLINK
44              Unlink a key from a keyring.
45
46       KEYCTL_SEARCH
47              Search for a key in a keyring.
48
49       KEYCTL_READ
50              Read a key or keyring's contents.
51
52       KEYCTL_INSTANTIATE
53              Instantiate a partially constructed key.
54
55       KEYCTL_NEGATE
56              Negate a partially constructed key.
57
58       KEYCTL_SET_REQKEY_KEYRING
59              Set default request-key keyring.
60
61       KEYCTL_SET_TIMEOUT
62              Set timeout on a key.
63
64       KEYCTL_ASSUME_AUTHORITY
65              Assume authority to instantiate key.
66
67       These  are  wrapped  by libkeyutils into individual functions to permit
68       compiler the compiler to check types.  See the See Also section at  the
69       bottom.
70

RETURN VALUE

72       On  success keyctl() returns the serial number of the key it found.  On
73       error, the value -1 will be returned and errno will have been set to an
74       appropriate error.
75

ERRORS

77       EACCES A key operation wasn't permitted.
78
79       EDQUOT The  key quota for the caller's user would be exceeded by creat‐
80              ing a key or linking it to the keyring.
81
82       EKEYEXPIRED
83              An expired key was found or specified.
84
85       EKEYREJECTED
86              A rejected key was found or specified.
87
88       EKEYREVOKED
89              A revoked key was found or specified.
90
91       ENOKEY No matching key was found or an invalid key was specified.
92

LINKING

94       Although this is a Linux system call, it is not present in libc but can
95       be  found  rather  in  libkeyutils.  When linking, -lkeyutils should be
96       specified to the linker.
97

SEE ALSO

99       keyctl(1), add_key(2), request_key(2), keyctl_set_timeout(3),
100       keyctl_chown(3), keyctl_clear(3), keyctl_describe(3),
101       keyctl_describe_alloc(3), keyctl_get_keyring_ID(3),
102       keyctl_instantiate(3), keyctl_join_session_keyring(3), keyctl_link(3),
103       keyctl_negate(3), keyctl_revoke(3), keyctl_search(3),
104       keyctl_setperm(3), keyctl_set_reqkey_keyring(3), keyctl_set_timeout(3),
105       keyctl_read(3), keyctl_read_alloc(3), keyctl_unlink(3),
106       keyctl_update(3), request-key(8)
107

COLOPHON

109       This page is part of release 3.53 of the Linux man-pages project.  A
110       description of the project, and information about reporting bugs, can
111       be found at http://www.kernel.org/doc/man-pages/.
112
113
114
115Linux                             2010-02-25                         KEYCTL(2)
Impressum