keyutils - In-kernel key management utilities
package is a library and a set of utilities for accessing
the kernel keyrings
A header file is supplied to provide the definitions and declarations required
to access the library:
To link with the library, the following:
should be specified to the linker.
Three system calls are provided:
- Supply a new key to the kernel.
- Find an existing key for use, or, optionally, create one if
one does not exist.
- Control a key in various ways. The library provides a
variety of wrappers around this system call and those should be used
rather than calling it directly.
See the add_key
(2), and keyctl
pages for more information.
() wrappers are listed on the keyctl
(3) manual page.
A program is provided to interact with the kernel facility by a number of
keyctl add user foo bar @s
See the keyctl
(1) manual page for information on that.
The kernel has the ability to upcall to userspace to fabricate new keys. This
can be triggered by request_key
(), but userspace is better off using
() instead if it possibly can.
The upcalling mechanism is usually routed via the:
program. What this does with any particular key is configurable in:
See the request-key.conf
(5) and the request-key
(8) manual pages
for more information.