The keyutils package is a library and a set of utilities for
accessing the kernel keyrings facility.
A header file is supplied to provide the definitions and declarations
required to access the library:
To link with the library, the following:
should be specified to the linker.
Three system calls are provided: add_key() Supply a new key to the
kernel. request_key() Find an existing key for use, or, optionally,
create one if one does not exist. keyctl() Control a key in various
ways. The library provides a variety of wrappers around this system
call and those should be used rather than calling it directly.
See the add_key(2), request_key(2), and keyctl(2) manual pages for
The keyctl() wrappers are listed on the keyctl(3) manual page.
A program is provided to interact with the kernel facility by a
number of subcommands, e.g.:
keyctl add user foo bar @s
See the keyctl(1) manual page for information on that.
The kernel has the ability to upcall to userspace to fabricate new
keys. This can be triggered by request_key(), but userspace is
better off using add_key() instead if it possibly can.
The upcalling mechanism is usually routed via the:
program. What this does with any particular key is configurable in:
See the request-key.conf(5) and the request-key(8) manual pages for
This page is part of the keyutils (key management utilities) project.
Information about the project can be found at [unknown -- if you
know, please contact firstname.lastname@example.org] If you have a bug report for
this manual page, send it to email@example.com. This page was
obtained from the project's upstream Git repository
on 2017-03-13. If you discover any rendering problems in this HTML
version of the page, or you believe there is a better or more up-to-
date source for the page, or you have corrections or improvements to
the information in this COLOPHON (which is not part of the original
manual page), send a mail to firstname.lastname@example.org
Linux 21 Feb 2014 KEYRINGS(7)