man7.org > Linux > man-pages

Linux/UNIX system programming training

keyctl_pkey_encrypt(3) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | RETURN VALUE | ERRORS | LINKING | SEE ALSO | COLOPHON 

KEYCTL_PKEY_ENCRYPT(3) Linux Public-Key Encryption KEYCTL_PKEY_ENCRYPT(3)

NAME         top

       keyctl_pkey_encrypt, keyctl_pkey_decrypt - Encrypt and decrypt
       data

SYNOPSIS         top

       #include <keyutils.h>

       long keyctl_pkey_encrypt(key_serial_t key, const char *info,
                                const void *data, size_t data_len,
                                void *enc, size_t enc_len);

       long keyctl_pkey_decrypt(key_serial_t key, const char *info,
                                const void *enc, size_t enc_len,
                                void *data, size_t data_len);

DESCRIPTION         top

       keyctl_pkey_encrypt() asks the kernel to use the crypto material
       attached to a key to encrypt a blob of data and
       keyctl_pkey_decrypt() asks the kernel to use the key to reverse
       the operation and recover the original data.  Note that these
       operations may involve the kernel calling out to cryptographic
       hardware.  The caller must have search permission on a key to be
       able to use them in this manner.

       When invoking the function, key indicates the key that will
       provide the cryptographic material and info points to a space- or
       tab-separated string of "key[=value]" parameters that indicate
       things like encoding forms and passwords to unlock the key; see
       asymmetric-key(7) for more information.

       data and datalen indicate the address and size of the decrypted
       data buffer and enc and enclen indicate the address and size of
       the encrypted data buffer.  The encrypt function draws data from
       the decrypted data buffer and places the output into the
       encryption buffer.  The decrypt function does the reverse, drawing
       from the encryption buffer and writing into the data buffer.

       keyctl_pkey_query(2) can be called to find out how large the
       buffers need to be.

       Note that not all asymmetric-type keys will support these
       operations; further, the operations available may depend on which
       components of the key material are available: typically encryption
       only requires the public key, but decryption requires the private
       key as well.  Which operations are supported on a particular key
       can also be determined using the query function.

RETURN VALUE         top

       On success keyctl_pkey_encrypt() and keyctl_pkey_decrypt() return
       the amount of data written into the output buffer.  On error, the
       value -1 will be returned and errno will have been set to an
       appropriate error.

ERRORS         top

       ENOKEY The key specified is invalid.

       EKEYEXPIRED
              The key specified has expired.

       EKEYREVOKED
              The key specified has been revoked.

       EACCES The key exists, but is not searchable by the calling
              process.

       ENOPKG Some facility needed to complete the requested operation is
              not available.  This is most probably a requested or
              required digest or encryption algorithm.

       EFAULT Bad address.

LINKING         top

       This is a library function that can be found in libkeyutils.  When
       linking, -lkeyutils should be specified to the linker.

SEE ALSO         top

       keyctl(1), add_key(2), keyctl(2), keyctl(3), keyctl_pkey_query(3),
       keyctl_pkey_sign(3), keyrings(7), keyutils(7)

COLOPHON         top

       This page is part of the keyutils (key management utilities)
       project.  Information about the project can be found at [unknown
       -- if you know, please contact man-pages@man7.org] If you have a
       bug report for this manual page, send it to
       keyrings@linux-nfs.org.  This page was obtained from the project's
       upstream Git repository
       ⟨http://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git⟩
       on 2025-08-11.  (At that time, the date of the most recent commit
       that was found in the repository was 2023-03-20.)  If you discover
       any rendering problems in this HTML version of the page, or you
       believe there is a better or more up-to-date source for the page,
       or you have corrections or improvements to the information in this
       COLOPHON (which is not part of the original manual page), send a
       mail to man-pages@man7.org

Linux                           8 Nov 2018         KEYCTL_PKEY_ENCRYPT(3)

Pages that refer to this page: keyctl(3)keyctl_pkey_query(3)asymmetric-key(7)

HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface.

For details of in-depth Linux/UNIX system programming training courses that I teach, look here.

Hosting by jambit GmbH.

Cover of TLPI