keyctl_pkey_query(3) — Linux manual page


KEYCTL_PKEY_QUERY(3)     Linux Key Management Calls     KEYCTL_PKEY_QUERY(3)

NAME         top

       keyctl_pkey_query - Query public key parameters

SYNOPSIS         top

       #include <keyutils.h>

       long keyctl_pkey_query(key_serial_t key, const char *info,
                              struct keyctl_pkey_query *result);

DESCRIPTION         top

       keyctl_pkey_query() queries the public key parameters associated with
       a kernel key that supports these operations (typically asymmetric-
       type).  The caller must have search permission on the target key to
       be able to query its parameters.

       When invoking the function, key indicates the key to be queried, info
       points to a space- or tab-separated string of "key[=value]"
       parameters and result points to a buffer in which the result will be

       The parameters that can be used in the info parameter string are
       dependent on the type of key.  Parameters can specify such things as
       encoding types (such as "enc=pkcs1"); see asymmetric-key(7) for more

       If successful, the result is written into the following struct:

           struct keyctl_pkey_query {
                   unsigned int    supported_ops;
                   unsigned int    key_size;
                   unsigned short  max_data_size;
                   unsigned short  max_sig_size;
                   unsigned short  max_enc_size;
                   unsigned short  max_dec_size;

       The supported_ops field contains a bitmask of the following con‐


       indicating what operations are supported and thus which of the other
       keyctl_pkey_*() operations can be used with this key.

       The key_size field indicates the number of bits in the key size and
       the max_data_size, max_sig_size, max_enc_size and max_dec_size fields
       indicate the maximum sizes in bytes of a blob of data to be signed, a
       signature blob, a blob to be encrypted and a blob to be decrypted

RETURN VALUE         top

       On success keyctl_pkey_query() returns 0.  On error, the value -1
       will be returned and errno will have been set to an appropriate

ERRORS         top

       ENOKEY The key specified is invalid.

              The key specified has expired.

              The key specified has been revoked.

       EACCES The key exists, but is not searchable by the calling process.

       ENOPKG Some facility needed to complete the requested operation is
              not available.  This is most probably a requested or required
              digest or encryption algorithm.

       EFAULT Bad address.

LINKING         top

       This is a library function that can be found in libkeyutils.  When
       linking, -lkeyutils should be specified to the linker.

SEE ALSO         top

       keyctl(1), add_key(2), keyctl(2), keyctl(3), keyctl_pkey_encrypt(3),
       keyctl_pkey_sign(3), asymmetric-key(7), keyrings(7), keyutils(7)

COLOPHON         top

       This page is part of the keyutils (key management utilities) project.
       Information about the project can be found at [unknown -- if you
       know, please contact] If you have a bug report for
       this manual page, send it to  This page was
       obtained from the project's upstream Git repository
       on 2020-08-13.  (At that time, the date of the most recent commit
       that was found in the repository was 2020-07-07.)  If you discover
       any rendering problems in this HTML version of the page, or you
       believe there is a better or more up-to-date source for the page, or
       you have corrections or improvements to the information in this
       COLOPHON (which is not part of the original manual page), send a mail

Linux                            8 Nov 2018             KEYCTL_PKEY_QUERY(3)

Pages that refer to this page: keyctl(3)keyctl_pkey_decrypt(3)keyctl_pkey_encrypt(3)keyctl_pkey_sign(3)keyctl_pkey_verify(3)asymmetric(7)asymmetric-key(7)