1KEYUTILS(7) Kernel key management KEYUTILS(7)
2
6 keyutils - in-kernel key management utilities
7
9 The keyutils package is a library and a set of utilities for accessing
10 the kernel keyrings facility.
11 A header file is supplied to provide the definitions and declarations
13 required to access the library:
14 #include <keyutils.h>
16 To link with the library, the following:
18 -lkeyutils
20 should be specified to the linker.
22 Three system calls are provided:
24 add_key(2)
26 Supply a new key to the kernel.
27 request_key(2)
29 Find an existing key for use, or, optionally, create one if one
30 does not exist.
31 keyctl(2)
33 Control a key in various ways. The library provides a variety
34 of wrappers around this system call and those should be used
35 rather than calling it directly.
36 See the add_key(2), request_key(2), and keyctl(2) manual pages for more
38 information.
39 The keyctl() wrappers are listed on the keyctl(3) manual page.
41
43 A program is provided to interact with the kernel facility by a number
44 of subcommands, e.g.:
45 keyctl add user foo bar @s
47 See the keyctl(1) manual page for information on that.
49 The kernel has the ability to upcall to userspace to fabricate new
51 keys. This can be triggered by request_key(), but userspace is better
52 off using add_key() instead if it possibly can.
53 The upcalling mechanism is usually routed via the request-key(8) pro‐
55 gram. What this does with any particular key is configurable in:
56 /etc/request-key.conf
58 /etc/request-key.d/
59 See the request-key.conf(5) and the request-key(8) manual pages for
61 more information.
62
64 keyctl(1), keyctl(3), keyrings(7), persistent-keyring(7),
65 process-keyring(7), session-keyring(7), thread-keyring(7),
66 user-keyring(7), user-session-keyring(7), pam_keyinit(8)
67Linux 21 Feb 2014 KEYUTILS(7)