keyutils (7) - Linux Man Pages
keyutils: in-kernel key management utilities
keyutils - in-kernel key management utilities
DESCRIPTIONThe keyutils package is a library and a set of utilities for accessing the kernel keyrings facility.
A header file is supplied to provide the definitions and declarations required to access the library:
- #include <keyutils.h>
To link with the library, the following:
should be specified to the linker.
Three system calls are provided:
- Supply a new key to the kernel.
- Find an existing key for use, or, optionally, create one if one does not exist.
- Control a key in various ways. The library provides a variety of wrappers around this system call and those should be used rather than calling it directly.
The keyctl() wrappers are listed on the keyctl(3) manual page.
A program is provided to interact with the kernel facility by a number of subcommands, e.g.:
- keyctl add user foo bar @s
See the keyctl(1) manual page for information on that.
The kernel has the ability to upcall to userspace to fabricate new keys. This can be triggered by request_key(), but userspace is better off using add_key() instead if it possibly can.
The upcalling mechanism is usually routed via the request-key(8) program. What this does with any particular key is configurable in: