KEYUTILS(7) Kernel key management KEYUTILS(7)
keyutils - in-kernel key management utilities
The keyutils package is a library and a set of utilities for accessing
the kernel keyrings facility.
A header file is supplied to provide the definitions and declarations
required to access the library:
To link with the library, the following:
should be specified to the linker.
Three system calls are provided:
Supply a new key to the kernel.
Find an existing key for use, or, optionally, create one if one
does not exist.
Control a key in various ways. The library provides a variety
of wrappers around this system call and those should be used
rather than calling it directly.
See the add_key(2), request_key(2), and keyctl(2) manual pages for more
The keyctl() wrappers are listed on the keyctl(3) manual page.
A program is provided to interact with the kernel facility by a number
of subcommands, e.g.:
keyctl add user foo bar @s
See the keyctl(1) manual page for information on that.
The kernel has the ability to upcall to userspace to fabricate new
keys. This can be triggered by request_key(), but userspace is better
off using add_key() instead if it possibly can.
The upcalling mechanism is usually routed via the request-key(8) pro-
gram. What this does with any particular key is configurable in:
See the request-key.conf(5) and the request-key(8) manual pages for
keyctl(1), keyctl(3), keyrings(7), persistent-keyring(7),
process-keyring(7), session-keyring(7), thread-keyring(7),
user-keyring(7), user-session-keyring(7), pam_keyinit(8)
Linux 21 Feb 2014 KEYUTILS(7)
Man Pages Copyright Respective Owners. Site Copyright (C) 1994 - 2023
All Rights Reserved.