KEYRINGS(7)                 Kernel key management                KEYRINGS(7)

NAME         top

       keyutils - in-kernel key management utilities

DESCRIPTION         top

       The keyutils package is a library and a set of utilities for
       accessing the kernel keyrings facility.

       A header file is supplied to provide the definitions and declarations
       required to access the library:

              #include <keyutils.h>

       To link with the library, the following:


       should be specified to the linker.

       Three system calls are provided: add_key() Supply a new key to the
       kernel.  request_key() Find an existing key for use, or, optionally,
       create one if one does not exist.  keyctl() Control a key in various
       ways.  The library provides a variety of wrappers around this system
       call and those should be used rather than calling it directly.

       See the add_key(2), request_key(2), and keyctl(2) manual pages for
       more information.

       The keyctl() wrappers are listed on the keyctl(3) manual page.

UTILITIES         top

       A program is provided to interact with the kernel facility by a
       number of subcommands, e.g.:

              keyctl add user foo bar @s

       See the keyctl(1) manual page for information on that.

       The kernel has the ability to upcall to userspace to fabricate new
       keys.  This can be triggered by request_key(), but userspace is
       better off using add_key() instead if it possibly can.

       The upcalling mechanism is usually routed via the:


       program.  What this does with any particular key is configurable in:


       See the request-key.conf(5) and the request-key(8) manual pages for
       more information.

SEE ALSO         top

       keyctl(1), keyctl(3), keyrings(7), persistent-keyring(7),
       process-keyring(7), session-keyring(7), thread-keyring(7),
       user-keyring(7), user-session-keyring(7), pam_keyinit(8)

COLOPHON         top

       This page is part of the keyutils (key management utilities) project.
       Information about the project can be found at [unknown -- if you
       know, please contact] If you have a bug report for
       this manual page, send it to  This page was
       obtained from the project's upstream Git repository 
       on 2017-03-13.  If you discover any rendering problems in this HTML
       version of the page, or you believe there is a better or more up-to-
       date source for the page, or you have corrections or improvements to
       the information in this COLOPHON (which is not part of the original
       manual page), send a mail to

Linux                            21 Feb 2014                     KEYRINGS(7)