1KEYCTL_PKEY_ENCRYPT(3)    Linux Public-Key Encryption   KEYCTL_PKEY_ENCRYPT(3)
2
3
4

NAME

6       keyctl_pkey_encrypt, keyctl_pkey_decrypt - Encrypt and decrypt data
7

SYNOPSIS

9       #include <keyutils.h>
10
11       long keyctl_pkey_encrypt(key_serial_t key, const char *info,
12                                const void *data, size_t data_len,
13                                void *enc, size_t enc_len);
14
15       long keyctl_pkey_decrypt(key_serial_t key, const char *info,
16                                const void *enc, size_t enc_len,
17                                void *data, size_t data_len);
18

DESCRIPTION

20       keyctl_pkey_encrypt()  asks  the  kernel  to  use  the  crypto material
21       attached to a key to encrypt a blob of data  and  keyctl_pkey_decrypt()
22       asks the kernel to use the key to reverse the operation and recover the
23       original data.  Note that these operations may involve the kernel call‐
24       ing out to cryptographic hardware.  The caller must have search permis‐
25       sion on a key to be able to use them in this manner.
26
27       When invoking the function, key indicates the key that will provide the
28       cryptographic  material  and info points to a comma-separated string of
29       "key[=value]" parameters that indicate things like encoding  forms  and
30       passwords  to  unlock  the key; see asymmetric-key(7) for more informa‐
31       tion.
32
33       data and datalen indicate the address and size of  the  decrypted  data
34       buffer  and  enc  and  enclen  indicate  the  address  and  size of the
35       encrypted data buffer.   The  encrypt  function  draws  data  from  the
36       decrypted data buffer and places the output into the encryption buffer.
37       The decrypt function does the reverse, drawing from the encryption buf‐
38       fer and writing into the data buffer.
39
40       keyctl_pkey_query(2)  can  be  called to find out how large the buffers
41       need to be.
42
43       Note that not all asymmetric-type keys will support  these  operations;
44       further, the operations available may depend on which components of the
45       key material are available: typically encryption only requires the pub‐
46       lic key, but decryption requires the private key as well.  Which opera‐
47       tions are supported on a particular key can also  be  determined  using
48       the query function.
49

RETURN VALUE

51       On  success  keyctl_pkey_encrypt() and keyctl_pkey_decrypt() return the
52       amount of data written into the output buffer.  On error, the value  -1
53       will be returned and errno will have been set to an appropriate error.
54

ERRORS

56       ENOKEY The key specified is invalid.
57
58       EKEYEXPIRED
59              The key specified has expired.
60
61       EKEYREVOKED
62              The key specified has been revoked.
63
64       EACCES The key exists, but is not searchable by the calling process.
65
66       ENOPKG Some  facility needed to complete the requested operation is not
67              available.  This is most probably a requested or required digest
68              or encryption algorithm.
69
70       EFAULT Bad address.
71

LINKING

73       This  is  a  library  function  that can be found in libkeyutils.  When
74       linking, -lkeyutils should be specified to the linker.
75

SEE ALSO

77       keyctl(1), add_key(2), keyctl(2), keyctl(3), keyctl_pkey_query(3),
78       keyctl_pkey_sign(3), keyrings(7), keyutils(7)
79
80
81
82Linux                             8 Nov 2018            KEYCTL_PKEY_ENCRYPT(3)
Impressum