1 .\" Copyright (C) 2016 Michael Kerrisk <mtk.manpages@gmail.com>
2 .\" and Copyright (C) 2016 Eugene Syromyatnikov <evgsyr@gmail.com>
3 .\" A very few fragments remain from an earlier version of this page
4 .\" written by David Howells (dhowells@redhat.com)
6 .\" %%%LICENSE_START(VERBATIM)
7 .\" Permission is granted to make and distribute verbatim copies of this
8 .\" manual provided the copyright notice and this permission notice are
9 .\" preserved on all copies.
11 .\" Permission is granted to copy and distribute modified versions of this
12 .\" manual under the conditions for verbatim copying, provided that the
13 .\" entire resulting derived work is distributed under the terms of a
14 .\" permission notice identical to this one.
16 .\" Since the Linux kernel and libraries are constantly changing, this
17 .\" manual page may be incorrect or out-of-date. The author(s) assume no
18 .\" responsibility for errors or omissions, or for damages resulting from
19 .\" the use of the information contained herein. The author(s) may not
20 .\" have taken the same level of care in the production of this manual,
21 .\" which is licensed free of charge, as they might when working
24 .\" Formatted or processed versions of this manual, if unaccompanied by
25 .\" the source, must acknowledge the copyright and authors of this work.
28 .TH KEYCTL 2 2021-03-22 Linux "Linux Key Management Calls"
30 keyctl \- manipulate the kernel's key management facility
33 .BR "#include <linux/keyctl.h>" " /* Definition of " KEY* " constants */"
34 .BR "#include <sys/syscall.h>" " /* Definition of " SYS_* " constants */"
35 .B #include <unistd.h>
37 .BI "long syscall(SYS_keyctl, int " operation ", unsigned long " arg2 ,
38 .BI " unsigned long " arg3 ", unsigned long " arg4 ,
39 .BI " unsigned long " arg5 );
43 glibc provides no wrapper for
45 necessitating the use of
49 allows user-space programs to perform key manipulation.
51 The operation performed by
53 is determined by the value of the
56 Each of these operations is wrapped by the
58 library (provided by the
60 package) into individual functions (noted below)
61 to permit the compiler to check types.
63 The permitted values for
67 .BR KEYCTL_GET_KEYRING_ID " (since Linux 2.6.10)"
68 Map a special key ID to a real key ID for this process.
70 This operation looks up the special key whose ID is provided in
74 If the special key is found,
75 the ID of the corresponding real key is returned as the function result.
76 The following values may be specified in
80 .B KEY_SPEC_THREAD_KEYRING
81 This specifies the calling thread's thread-specific keyring.
83 .BR thread\-keyring (7).
85 .B KEY_SPEC_PROCESS_KEYRING
86 This specifies the caller's process-specific keyring.
88 .BR process\-keyring (7).
90 .B KEY_SPEC_SESSION_KEYRING
91 This specifies the caller's session-specific keyring.
93 .BR session\-keyring (7).
95 .B KEY_SPEC_USER_KEYRING
96 This specifies the caller's UID-specific keyring.
98 .BR user\-keyring (7).
100 .B KEY_SPEC_USER_SESSION_KEYRING
101 This specifies the caller's UID-session keyring.
103 .BR user\-session\-keyring (7).
105 .BR KEY_SPEC_REQKEY_AUTH_KEY " (since Linux 2.6.16)"
106 .\" commit b5f545c880a2a47947ba2118b2509644ab7a2969
107 This specifies the authorization key created by
109 and passed to the process it spawns to generate a key.
110 This key is available only in a
111 .BR request\-key (8)-style
112 program that was passed an authorization key by the kernel and
113 ceases to be available once the requested key has been instantiated; see
116 .BR KEY_SPEC_REQUESTOR_KEYRING " (since Linux 2.6.29)"
117 .\" commit 8bbf4976b59fc9fc2861e79cab7beb3f6d647640
118 This specifies the key ID for the
121 This keyring is available only in a
122 .BR request\-key (8)-style
123 program that was passed an authorization key by the kernel and
124 ceases to be available once the requested key has been instantiated; see
128 The behavior if the key specified in
130 does not exist depends on the value of
136 contains a nonzero value, then\(emif it is appropriate to do so
137 (e.g., when looking up the user, user-session, or session key)\(ema new key
138 is created and its real key ID returned as the function result.
139 .\" The keyctl_get_keyring_ID.3 page says that a new key
140 .\" "will be created *if it is appropriate to do so**. What is the
141 .\" determiner for appropriate?
142 .\" David Howells: Some special keys such as KEY_SPEC_REQKEY_AUTH_KEY
143 .\" wouldn't get created but user/user-session/session keyring would
145 Otherwise, the operation fails with the error
148 If a valid key ID is specified in
150 and the key exists, then this operation simply returns the key ID.
151 If the key does not exist, the call fails with error
156 permission on a keyring in order for it to be found.
164 This operation is exposed by
167 .BR keyctl_get_keyring_ID (3).
169 .BR KEYCTL_JOIN_SESSION_KEYRING " (since Linux 2.6.10)"
170 Replace the session keyring this process subscribes to with
171 a new session keyring.
172 .\" This may be useful in conjunction with some sort of
173 .\" session management framework that is employed by the application.
178 an anonymous keyring with the description "_ses" is created
179 and the process is subscribed to that keyring as its session keyring,
180 displacing the previous session keyring.
186 is treated as the description (name) of a keyring,
187 and the behavior is as follows:
190 If a keyring with a matching description exists,
191 the process will attempt to subscribe to that keyring
192 as its session keyring if possible;
193 if that is not possible, an error is returned.
194 In order to subscribe to the keyring,
197 permission on the keyring.
199 If a keyring with a matching description does not exist,
200 then a new keyring with the specified description is created,
201 and the process is subscribed to that keyring as its session keyring.
211 This operation is exposed by
214 .BR keyctl_join_session_keyring (3).
216 .BR KEYCTL_UPDATE " (since Linux 2.6.10)"
217 Update a key's data payload.
223 specifies the ID of the key to be updated.
228 points to the new payload and
232 contains the new payload size in bytes.
236 permission on the key specified and the key type must support updating.
238 A negatively instantiated key (see the description of
240 can be positively instantiated with this operation.
246 This operation is exposed by
249 .BR keyctl_update (3).
251 .BR KEYCTL_REVOKE " (since Linux 2.6.10)"
252 Revoke the key with the ID provided in
256 The key is scheduled for garbage collection;
257 it will no longer be findable,
258 and will be unavailable for further operations.
259 Further attempts to use the key will fail with the error
266 permission on the key.
267 .\" Keys with the KEY_FLAG_KEEP bit set cause an EPERM
268 .\" error for KEYCTL_REVOKE. Does this need to be documented?
269 .\" David Howells: No significance for user space.
278 This operation is exposed by
281 .BR keyctl_revoke (3).
283 .BR KEYCTL_CHOWN " (since Linux 2.6.10)"
284 Change the ownership (user and group ID) of a key.
295 contains the new user ID (or \-1 in case the user ID shouldn't be changed).
300 contains the new group ID (or \-1 in case the group ID shouldn't be changed).
302 The key must grant the caller
306 For the UID to be changed, or for the GID to be changed to a group
307 the caller is not a member of, the caller must have the
310 .BR capabilities (7)).
312 If the UID is to be changed, the new user must have sufficient
313 quota to accept the key.
314 The quota deduction will be removed from the old user
315 to the new user should the UID be changed.
321 This operation is exposed by
324 .BR keyctl_chown (3).
326 .BR KEYCTL_SETPERM " (since Linux 2.6.10)"
327 Change the permissions of the key with the ID provided in the
331 to the permissions provided in the
336 If the caller doesn't have the
338 capability, it can change permissions only for the keys it owns.
339 (More precisely: the caller's filesystem UID must match the UID of the key.)
343 permission to the caller
345 of the caller's capabilities.
346 .\" FIXME Above, is it really intended that a privileged process can't
347 .\" override the lack of the 'setattr' permission?
351 specify masks of available operations
352 for each of the following user categories:
355 .IR possessor " (since Linux 2.6.14)"
356 .\" commit 664cceb0093b755739e56572b836a99104ee8a75
357 This is the permission granted to a process that possesses the key
358 (has it attached searchably to one of the process's keyrings);
363 This is the permission granted to a process
364 whose filesystem UID matches the UID of the key.
367 This is the permission granted to a process
368 whose filesystem GID or any of its supplementary GIDs
369 matches the GID of the key.
372 This is the permission granted to other processes
373 that do not match the
385 categories are exclusive: if a process matches the
387 category, it will not receive permissions granted in the
389 category; if a process matches the
393 category, then it will not receive permissions granted in the
399 category grants permissions that are cumulative with the grants from the
406 Each permission mask is eight bits in size,
407 with only six bits currently used.
408 The available permissions are:
412 This permission allows reading attributes of a key.
414 This permission is required for the
418 The permission bits for each category are
426 This permission allows reading a key's payload.
428 This permission is required for the
432 The permission bits for each category are
440 This permission allows update or instantiation of a key's payload.
441 For a keyring, it allows keys to be linked and unlinked from the keyring,
443 This permission is required for the
452 The permission bits for each category are
460 This permission allows keyrings to be searched and keys to be found.
461 Searches can recurse only into nested keyrings that have
465 This permission is required for the
466 .BR KEYCTL_GET_KEYRING_ID ,
467 .BR KEYCTL_JOIN_SESSION_KEYRING ,
470 .BR KEYCTL_INVALIDATE
473 The permission bits for each category are
481 This permission allows a key or keyring to be linked to.
483 This permission is required for the
486 .BR KEYCTL_SESSION_TO_PARENT
489 The permission bits for each category are
496 .IR setattr " (since Linux 2.6.15)."
497 This permission allows a key's UID, GID, and permissions mask to be changed.
499 This permission is required for the
506 The permission bits for each category are
507 .BR KEY_POS_SETATTR ,
508 .BR KEY_USR_SETATTR ,
509 .BR KEY_GRP_SETATTR ,
511 .BR KEY_OTH_SETATTR .
514 As a convenience, the following macros are defined as masks for
515 all of the permission bits in each of the user categories:
523 .IR arg4 " and " arg5
524 arguments are ignored.
526 This operation is exposed by
529 .BR keyctl_setperm (3).
531 .BR KEYCTL_DESCRIBE " (since Linux 2.6.10)"
532 Obtain a string describing the attributes of a specified key.
534 The ID of the key to be described is specified in
538 The descriptive string is returned in the buffer pointed to by
545 specifies the size of that buffer in bytes.
547 The key must grant the caller
551 The returned string is null-terminated and
552 contains the following information about the key:
555 .IR type ; uid ; gid ; perm ; description
566 are decimal strings, and
568 is a hexadecimal permissions mask.
569 The descriptive string is written with the following format:
573 .BR "Note: the intention is that the descriptive string should"
574 .BR "be extensible in future kernel versions".
577 field will not contain semicolons;
578 .\" FIXME But, the kernel does not enforce the requirement
579 .\" that the key description contains no semicolons!
580 .\" So, user space has no guarantee here??
581 .\" Either something more needs to be said here,
582 .\" or a kernel fix is required.
583 it should be parsed by working backwards from the end of the string
584 to find the last semicolon.
585 This allows future semicolon-delimited fields to be inserted
586 in the descriptive string in the future.
588 Writing to the buffer is attempted only when
590 is non-NULL and the specified buffer size
591 is large enough to accept the descriptive string
592 (including the terminating null byte).
593 .\" Function commentary says it copies up to buflen bytes, but see the
594 .\" (buffer && buflen >= ret) condition in keyctl_describe_key() in
595 .\" security/keyctl.c
596 In order to determine whether the buffer size was too small,
597 check to see if the return value of the operation is greater than
604 This operation is exposed by
607 .BR keyctl_describe (3).
610 Clear the contents of (i.e., unlink all keys from) a keyring.
613 (which must be of keyring type)
614 .\" or the error ENOTDIR results
619 .\" According to Documentation/security/keys.txt:
620 .\" This function can also be used to clear special kernel keyrings if they
621 .\" are appropriately marked if the user has CAP_SYS_ADMIN capability. The
622 .\" DNS resolver cache keyring is an example of this.
626 permission on the keyring.
635 This operation is exposed by
638 .BR keyctl_clear (3).
640 .BR KEYCTL_LINK " (since Linux 2.6.10)"
641 Create a link from a keyring to a key.
643 The key to be linked is specified in
647 the keyring is specified in
652 If a key with the same type and description is already linked in the keyring,
653 then that key is displaced from the keyring.
655 Before creating the link,
656 the kernel checks the nesting of the keyrings and returns appropriate errors
657 if the link would produce a cycle
658 or if the nesting of keyrings would be too deep
659 (The limit on the nesting of keyrings is determined by the kernel constant
660 .BR KEYRING_SEARCH_MAX_DEPTH ,
661 defined with the value 6, and is necessary to prevent overflows
662 on the kernel stack when recursively searching keyrings).
666 permission on the key being added and
668 permission on the keyring.
676 This operation is exposed by
681 .BR KEYCTL_UNLINK " (since Linux 2.6.10)"
682 Unlink a key from a keyring.
684 The ID of the key to be unlinked is specified in
688 the ID of the keyring from which it is to be unlinked is specified in
693 If the key is not currently linked into the keyring, an error results.
697 permission on the keyring from which the key is being removed.
699 If the last link to a key is removed,
700 then that key will be scheduled for destruction.
708 This operation is exposed by
711 .BR keyctl_unlink (3).
713 .BR KEYCTL_SEARCH " (since Linux 2.6.10)"
714 Search for a key in a keyring tree,
715 returning its ID and optionally linking it to a specified keyring.
717 The tree to be searched is specified by passing
718 the ID of the head keyring in
722 The search is performed breadth-first and recursively.
728 arguments specify the key to be searched for:
732 contains the key type
733 (a null-terminated character string up to 32 bytes in size,
734 including the terminating null byte), and
738 contains the description of the key
739 (a null-terminated character string up to 4096 bytes in size,
740 including the terminating null byte).
742 The source keyring must grant
744 permission to the caller.
745 When performing the recursive search, only keyrings that grant the caller
747 permission will be searched.
748 Only keys with for which the caller has
750 permission can be found.
752 If the key is found, its ID is returned as the function result.
754 If the key is found and
758 is nonzero, then, subject to the same constraints and rules as
760 the key is linked into the keyring whose ID is specified in
762 If the destination keyring specified in
764 already contains a link to a key that has the same type and description,
765 then that link will be displaced by a link to
766 the key found by this operation.
768 Instead of valid existing keyring IDs, the source
772 keyrings can be one of the special keyring IDs listed under
773 .BR KEYCTL_GET_KEYRING_ID .
775 This operation is exposed by
778 .BR keyctl_search (3).
780 .BR KEYCTL_READ " (since Linux 2.6.10)"
781 Read the payload data of a key.
783 The ID of the key whose payload is to be read is specified in
787 This can be the ID of an existing key,
788 or any of the special key IDs listed for
789 .BR KEYCTL_GET_KEYRING_ID .
790 .\" including KEY_SPEC_REQKEY_AUTH_KEY
792 The payload is placed in the buffer pointed by
796 the size of that buffer must be specified in
801 The returned data will be processed for presentation
802 according to the key type.
803 For example, a keyring will return an array of
805 entries representing the IDs of all the keys that are linked to it.
808 key type will return its data as is.
809 If a key type does not implement this function,
810 the operation fails with the error
816 as much of the payload data as will fit is copied into the buffer.
817 On a successful return,
818 the return value is always the total size of the payload data.
819 To determine whether the buffer was of sufficient size,
820 check to see that the return value is less than or equal to
821 the value supplied in
824 The key must either grant the caller
826 permission, or grant the caller
828 permission when searched for from the process keyrings
829 (i.e., the key is possessed).
835 This operation is exposed by
840 .BR KEYCTL_INSTANTIATE " (since Linux 2.6.10)"
841 (Positively) instantiate an uninstantiated key with a specified payload.
843 The ID of the key to be instantiated is provided in
848 The key payload is specified in the buffer pointed to by
852 the size of that buffer is specified in
857 The payload may be a NULL pointer and the buffer size may be 0
858 if this is supported by the key type (e.g., it is a keyring).
860 The operation may be fail if the payload data is in the wrong format
861 or is otherwise invalid.
867 is nonzero, then, subject to the same constraints and rules as
869 the instantiated key is linked into the keyring whose ID specified in
872 The caller must have the appropriate authorization key,
873 and once the uninstantiated key has been instantiated,
874 the authorization key is revoked.
875 In other words, this operation is available only from a
876 .BR request\-key (8)-style
880 for an explanation of uninstantiated keys and key instantiation.
882 This operation is exposed by
885 .BR keyctl_instantiate (3).
887 .BR KEYCTL_NEGATE " (since Linux 2.6.10)"
888 Negatively instantiate an uninstantiated key.
890 This operation is equivalent to the call:
892 keyctl(KEYCTL_REJECT, arg2, arg3, ENOKEY, arg4);
898 This operation is exposed by
901 .BR keyctl_negate (3).
903 .BR KEYCTL_SET_REQKEY_KEYRING " (since Linux 2.6.13)"
904 Set the default keyring to which implicitly requested keys
905 will be linked for this thread, and return the previous setting.
906 Implicit key requests are those made by internal kernel components,
907 .\" I.e., calls to the kernel's internal request_key() interface,
908 .\" which is distinct from the request_key(2) system call (which
909 .\" ultimately employs the kernel-internal interface).
910 such as can occur when, for example, opening files
911 on an AFS or NFS filesystem.
912 Setting the default keyring also has an effect when requesting
913 a key from user space; see
921 should contain one of the following values,
922 to specify the new default keyring:
925 .BR KEY_REQKEY_DEFL_NO_CHANGE
926 Don't change the default keyring.
927 This can be used to discover the current default keyring
928 (without changing it).
930 .BR KEY_REQKEY_DEFL_DEFAULT
931 This selects the default behaviour,
932 which is to use the thread-specific keyring if there is one,
933 otherwise the process-specific keyring if there is one,
934 otherwise the session keyring if there is one,
935 otherwise the UID-specific session keyring,
936 otherwise the user-specific keyring.
938 .BR KEY_REQKEY_DEFL_THREAD_KEYRING
939 Use the thread-specific keyring
940 .RB ( thread\-keyring (7))
941 as the new default keyring.
943 .BR KEY_REQKEY_DEFL_PROCESS_KEYRING
944 Use the process-specific keyring
945 .RB ( process\-keyring (7))
946 as the new default keyring.
948 .BR KEY_REQKEY_DEFL_SESSION_KEYRING
949 Use the session-specific keyring
950 .RB ( session\-keyring (7))
951 as the new default keyring.
953 .BR KEY_REQKEY_DEFL_USER_KEYRING
954 Use the UID-specific keyring
955 .RB ( user\-keyring (7))
956 as the new default keyring.
958 .BR KEY_REQKEY_DEFL_USER_SESSION_KEYRING
959 Use the UID-specific session keyring
960 .RB ( user\-session\-keyring (7))
961 as the new default keyring.
963 .BR KEY_REQKEY_DEFL_REQUESTOR_KEYRING " (since Linux 2.6.29)"
964 .\" 8bbf4976b59fc9fc2861e79cab7beb3f6d647640
965 Use the requestor keyring.
966 .\" FIXME The preceding explanation needs to be expanded.
967 .\" Is the following correct:
969 .\" The requestor keyring is the dest_keyring that
970 .\" was supplied to a call to request_key(2)?
972 .\" David Howells said: to be checked
975 All other values are invalid.
976 .\" (including the still-unsupported KEY_REQKEY_DEFL_GROUP_KEYRING)
985 The setting controlled by this operation is inherited by the child of
990 This operation is exposed by
993 .BR keyctl_set_reqkey_keyring (3).
995 .BR KEYCTL_SET_TIMEOUT " (since Linux 2.6.16)"
996 Set a timeout on a key.
998 The ID of the key is specified in
1002 The timeout value, in seconds from the current time,
1006 .IR "unsigned int" ).
1007 The timeout is measured against the realtime clock.
1009 Specifying the timeout value as 0 clears any existing timeout on the key.
1013 file displays the remaining time until each key will expire.
1014 (This is the only method of discovering the timeout on a key.)
1016 The caller must either have the
1018 permission on the key
1019 or hold an instantiation authorization token for the key (see
1020 .BR request_key (2)).
1022 The key and any links to the key will be
1023 automatically garbage collected after the timeout expires.
1024 Subsequent attempts to access the key will then fail with the error
1027 This operation cannot be used to set timeouts on revoked, expired,
1028 or negatively instantiated keys.
1036 This operation is exposed by
1039 .BR keyctl_set_timeout (3).
1041 .BR KEYCTL_ASSUME_AUTHORITY " (since Linux 2.6.16)"
1042 Assume (or divest) the authority for the calling thread
1043 to instantiate a key.
1049 specifies either a nonzero key ID to assume authority,
1050 or the value 0 to divest authority.
1054 is nonzero, then it specifies the ID of an uninstantiated key for which
1055 authority is to be assumed.
1056 That key can then be instantiated using one of
1057 .BR KEYCTL_INSTANTIATE ,
1058 .BR KEYCTL_INSTANTIATE_IOV ,
1062 Once the key has been instantiated,
1063 the thread is automatically divested of authority to instantiate the key.
1065 Authority over a key can be assumed only if the calling thread has present
1066 in its keyrings the authorization key that is
1067 associated with the specified key.
1068 (In other words, the
1069 .BR KEYCTL_ASSUME_AUTHORITY
1070 operation is available only from a
1071 .BR request\-key (8)-style
1074 for an explanation of how this operation is used.)
1075 The caller must have
1077 permission on the authorization key.
1079 If the specified key has a matching authorization key,
1080 then the ID of that key is returned.
1081 The authorization key can be read
1083 to obtain the callout information passed to
1084 .BR request_key (2).
1088 is 0, then the currently assumed authority is cleared (divested),
1089 and the value 0 is returned.
1092 .BR KEYCTL_ASSUME_AUTHORITY
1093 mechanism allows a program such as
1094 .BR request\-key (8)
1095 to assume the necessary authority to instantiate a new uninstantiated key
1096 that was created as a consequence of a call to
1097 .BR request_key (2).
1098 For further information, see
1100 and the kernel source file
1101 .IR Documentation/security/keys\-request\-key.txt .
1110 This operation is exposed by
1113 .BR keyctl_assume_authority (3).
1115 .BR KEYCTL_GET_SECURITY " (since Linux 2.6.26)"
1116 .\" commit 70a5bb72b55e82fbfbf1e22cae6975fac58a1e2d
1117 Get the LSM (Linux Security Module) security label of the specified key.
1119 The ID of the key whose security label is to be fetched is specified in
1123 The security label (terminated by a null byte)
1124 will be placed in the buffer pointed to by
1128 the size of the buffer must be provided in
1135 is specified as NULL or the buffer size specified in
1137 is too small, the full size of the security label string
1138 (including the terminating null byte)
1139 is returned as the function result,
1140 and nothing is copied to the buffer.
1142 The caller must have
1144 permission on the specified key.
1146 The returned security label string will be rendered in a form appropriate
1147 to the LSM in force.
1148 For example, with SELinux, it may look like:
1150 unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
1152 If no LSM is currently in force,
1153 then an empty string is placed in the buffer.
1157 argument is ignored.
1159 This operation is exposed by
1162 .BR keyctl_get_security (3)
1164 .BR keyctl_get_security_alloc (3).
1166 .BR KEYCTL_SESSION_TO_PARENT " (since Linux 2.6.32)"
1167 .\" commit ee18d64c1f632043a02e6f5ba5e045bb26a5465f
1168 Replace the session keyring to which the
1170 of the calling process
1171 subscribes with the session keyring of the calling process.
1172 .\" What is the use case for KEYCTL_SESSION_TO_PARENT?
1173 .\" David Howells: the Process Authentication Groups people requested this,
1174 .\" but then didn't use it; maybe there are no users.
1176 The keyring will be replaced in the parent process at the point
1177 where the parent next transitions from kernel space to user space.
1179 The keyring must exist and must grant the caller
1182 The parent process must be single-threaded and have
1183 the same effective ownership as this process
1184 and must not be set-user-ID or set-group-ID.
1185 The UID of the parent process's existing session keyring (f it has one),
1186 as well as the UID of the caller's session keyring
1187 much match the caller's effective UID.
1189 The fact that it is the parent process that is affected by this operation
1190 allows a program such as the shell to start a child process that
1191 uses this operation to change the shell's session keyring.
1205 This operation is exposed by
1208 .BR keyctl_session_to_parent (3).
1210 .BR KEYCTL_REJECT " (since Linux 2.6.39)"
1211 .\" commit fdd1b94581782a2ddf9124414e5b7a5f48ce2f9c
1212 Mark a key as negatively instantiated and set an expiration timer
1214 This operation provides a superset of the functionality of the earlier
1218 The ID of the key that is to be negatively instantiated is specified in
1225 .IR "unsigned int" )
1226 argument specifies the lifetime of the key, in seconds.
1230 .IR "unsigned int" )
1231 specifies the error to be returned when a search hits this key;
1232 typically, this is one of
1242 is nonzero, then, subject to the same constraints and rules as
1244 the negatively instantiated key is linked into the keyring
1245 whose ID is specified in
1248 The caller must have the appropriate authorization key.
1249 In other words, this operation is available only from a
1250 .BR request\-key (8)-style
1253 .BR request_key (2).
1255 The caller must have the appropriate authorization key,
1256 and once the uninstantiated key has been instantiated,
1257 the authorization key is revoked.
1258 In other words, this operation is available only from a
1259 .BR request\-key (8)-style
1263 for an explanation of uninstantiated keys and key instantiation.
1265 This operation is exposed by
1268 .BR keyctl_reject (3).
1270 .BR KEYCTL_INSTANTIATE_IOV " (since Linux 2.6.39)"
1271 .\" commit ee009e4a0d4555ed522a631bae9896399674f063
1272 Instantiate an uninstantiated key with a payload specified
1273 via a vector of buffers.
1275 This operation is the same as
1276 .BR KEYCTL_INSTANTIATE ,
1277 but the payload data is specified as an array of
1284 void *iov_base; /* Starting address of buffer */
1285 size_t iov_len; /* Size of buffer (in bytes) */
1290 The pointer to the payload vector is specified in
1293 .IR "const struct iovec\ *" ).
1294 The number of items in the vector is specified in
1297 .IR "unsigned int" ).
1305 are interpreted as for
1306 .BR KEYCTL_INSTANTIATE .
1308 This operation is exposed by
1311 .BR keyctl_instantiate_iov (3).
1313 .BR KEYCTL_INVALIDATE " (since Linux 3.5)"
1314 .\" commit fd75815f727f157a05f4c96b5294a4617c0557da
1315 Mark a key as invalid.
1317 The ID of the key to be invalidated is specified in
1322 To invalidate a key,
1323 the caller must have
1325 permission on the key.
1326 .\" CAP_SYS_ADMIN is permitted to invalidate certain special keys
1328 This operation marks the key as invalid
1329 and schedules immediate garbage collection.
1330 The garbage collector removes the invalidated key from all keyrings and
1331 deletes the key when its reference count reaches zero.
1332 After this operation,
1333 the key will be ignored by all searches,
1334 even if it is not yet deleted.
1336 Keys that are marked invalid become invisible to normal key operations
1337 immediately, though they are still visible in
1339 (marked with an 'i' flag)
1340 until they are actually removed.
1349 This operation is exposed by
1352 .BR keyctl_invalidate (3).
1354 .BR KEYCTL_GET_PERSISTENT " (since Linux 3.13)"
1355 .\" commit f36f8c75ae2e7d4da34f4c908cebdb4aa42c977e
1356 Get the persistent keyring
1357 .RB ( persistent\-keyring (7))
1358 for a specified user and link it to a specified keyring.
1360 The user ID is specified in
1364 If the value \-1 is specified, the caller's real user ID is used.
1365 The ID of the destination keyring is specified in
1370 The caller must have the
1372 capability in its user namespace in order to fetch the persistent keyring
1373 for a user ID that does not match either the real or effective user ID
1376 If the call is successful,
1377 a link to the persistent keyring is added to the keyring
1378 whose ID was specified in
1381 The caller must have
1383 permission on the keyring.
1385 The persistent keyring will be created by the kernel
1386 if it does not yet exist.
1389 .B KEYCTL_GET_PERSISTENT
1390 operation is performed, the persistent keyring will
1391 have its expiration timeout reset to the value in:
1395 /proc/sys/kernel/keys/persistent_keyring_expiry
1399 Should the timeout be reached,
1400 the persistent keyring will be removed and
1401 everything it pins can then be garbage collected.
1403 Persistent keyrings were added to Linux in kernel version 3.13.
1411 This operation is exposed by
1414 .BR keyctl_get_persistent (3).
1416 .BR KEYCTL_DH_COMPUTE " (since Linux 4.7)"
1417 .\" commit ddbb41148724367394d0880c516bfaeed127b52e
1418 Compute a Diffie-Hellman shared secret or public key,
1419 optionally applying key derivation function (KDF) to the result.
1423 argument is a pointer to a set of parameters containing
1424 serial numbers for three
1426 keys used in the Diffie-Hellman calculation,
1427 packaged in a structure of the following form:
1431 struct keyctl_dh_params {
1432 int32_t private; /* The local private key */
1433 int32_t prime; /* The prime, known to both parties */
1434 int32_t base; /* The base integer: either a shared
1435 generator or the remote public key */
1440 Each of the three keys specified in this structure must grant the caller
1443 The payloads of these keys are used to calculate the Diffie-Hellman
1446 base \(ha private mod prime
1448 If the base is the shared generator, the result is the local public key.
1449 If the base is the remote public key, the result is the shared secret.
1455 points to a buffer where the result of the calculation is placed.
1456 The size of that buffer is specified in
1461 The buffer must be large enough to accommodate the output data,
1462 otherwise an error is returned.
1466 in which case the buffer is not used and
1467 the operation returns the minimum required buffer size
1468 (i.e., the length of the prime).
1470 Diffie-Hellman computations can be performed in user space,
1471 but require a multiple-precision integer (MPI) library.
1472 Moving the implementation into the kernel gives access to
1473 the kernel MPI implementation,
1474 and allows access to secure or acceleration hardware.
1476 Adding support for DH computation to the
1478 system call was considered a good fit due to the DH algorithm's use
1479 for deriving shared keys;
1480 it also allows the type of the key to determine
1481 which DH implementation (software or hardware) is appropriate.
1482 .\" commit f1c316a3ab9d24df6022682422fe897492f2c0c8
1488 then the DH result itself is returned.
1489 Otherwise (since Linux 4.12), it is a pointer to a structure which specifies
1490 parameters of the KDF operation to be applied:
1494 struct keyctl_kdf_params {
1495 char *hashname; /* Hash algorithm name */
1496 char *otherinfo; /* SP800\-56A OtherInfo */
1497 __u32 otherinfolen; /* Length of otherinfo data */
1498 __u32 __spare[8]; /* Reserved */
1505 field is a null-terminated string which specifies a hash name
1506 (available in the kernel's crypto API; the list of the hashes available
1507 is rather tricky to observe; please refer to the
1508 .UR https://www.kernel.org\:/doc\:/html\:/latest\:/crypto\:/architecture.html
1509 "Kernel Crypto API Architecture"
1511 documentation for the information regarding how hash names are constructed and
1512 your kernel's source and configuration regarding what ciphers
1513 and templates with type
1514 .B CRYPTO_ALG_TYPE_SHASH
1516 to be applied to DH result in KDF operation.
1522 data as described in SP800-56A section 5.8.1.2 and is algorithm-specific.
1523 This data is concatenated with the result of DH operation and is provided as
1524 an input to the KDF operation.
1525 Its size is provided in the
1527 field and is limited by
1528 .B KEYCTL_KDF_MAX_OI_LEN
1529 constant that defined in
1530 .I security/keys/internal.h
1535 field is currently unused.
1536 .\" commit 4f9dabfaf8df971f8a3b6aa324f8f817be38d538
1537 It was ignored until Linux 4.13 (but still should be
1538 user-addressable since it is copied to the kernel),
1539 and should contain zeros since Linux 4.13.
1541 The KDF implementation complies with SP800-56A as well
1542 as with SP800-108 (the counter KDF).
1544 .\" keyutils commit 742c9d7b94051d3b21f9f61a73ed6b5f3544cb82
1545 .\" keyutils commit d68a981e5db41d059ac782071c35d1e8f3aaf61c
1546 This operation is exposed by
1548 (from version 1.5.10 onwards) via the functions
1549 .BR keyctl_dh_compute (3)
1551 .BR keyctl_dh_compute_alloc (3).
1553 .BR KEYCTL_RESTRICT_KEYRING " (since Linux 4.12)"
1554 .\" commit 6563c91fd645556c7801748f15bc727c77fcd311
1555 .\" commit 7228b66aaf723a623e578aa4db7d083bb39546c9
1556 Apply a key-linking restriction to the keyring with the ID provided in
1560 The caller must have
1562 permission on the key.
1565 is NULL, any attempt to add a key to the keyring is blocked;
1566 otherwise it contains a pointer to a string with a key type name and
1568 contains a pointer to string that describes the type-specific restriction.
1569 As of Linux 4.12, only the type "asymmetric" has restrictions defined:
1573 Allows only keys that are signed by a key linked to the built-in keyring
1574 (".builtin_trusted_keys").
1576 .B builtin_and_secondary_trusted
1577 Allows only keys that are signed by a key linked to the secondary keyring
1578 (".secondary_trusted_keys") or, by extension, a key in a built-in keyring,
1579 as the latter is linked to the former.
1581 .BI key_or_keyring: key
1583 .BI key_or_keyring: key :chain
1586 specifies the ID of a key of type "asymmetric",
1587 then only keys that are signed by this key are allowed.
1591 specifies the ID of a keyring,
1592 then only keys that are signed by a key linked
1593 to this keyring are allowed.
1595 If ":chain" is specified, keys that are signed by a keys linked to the
1596 destination keyring (that is, the keyring with the ID specified in the
1598 argument) are also allowed.
1601 Note that a restriction can be configured only once for the specified keyring;
1602 once a restriction is set, it can't be overridden.
1607 .\" FIXME Document KEYCTL_RESTRICT_KEYRING, added in Linux 4.12
1608 .\" commit 6563c91fd645556c7801748f15bc727c77fcd311
1609 .\" Author: Mat Martineau <mathew.j.martineau@linux.intel.com>
1610 .\" See Documentation/security/keys.txt
1612 For a successful call, the return value depends on the operation:
1614 .B KEYCTL_GET_KEYRING_ID
1615 The ID of the requested keyring.
1617 .B KEYCTL_JOIN_SESSION_KEYRING
1618 The ID of the joined session keyring.
1621 The size of the description (including the terminating null byte),
1622 irrespective of the provided buffer size.
1625 The ID of the key that was found.
1628 The amount of data that is available in the key,
1629 irrespective of the provided buffer size.
1631 .B KEYCTL_SET_REQKEY_KEYRING
1632 The ID of the previous default keyring
1633 to which implicitly requested keys were linked
1635 .BR KEY_REQKEY_DEFL_USER_* ).
1637 .B KEYCTL_ASSUME_AUTHORITY
1638 Either 0, if the ID given was 0,
1639 or the ID of the authorization key matching the specified key,
1640 if a nonzero key ID was provided.
1642 .B KEYCTL_GET_SECURITY
1643 The size of the LSM security label string
1644 (including the terminating null byte),
1645 irrespective of the provided buffer size.
1647 .B KEYCTL_GET_PERSISTENT
1648 The ID of the persistent keyring.
1650 .B KEYCTL_DH_COMPUTE
1651 The number of bytes copied to the buffer, or, if
1653 is 0, the required buffer size.
1655 All other operations
1658 On error, \-1 is returned, and
1660 is set to indicate the error.
1664 The requested operation wasn't permitted.
1669 .B KEYCTL_DH_COMPUTE
1670 and there was an error during crypto module initialization.
1676 and the requested link would result in a cycle.
1681 .BR KEYCTL_RESTRICT_KEYRING
1682 and the requested keyring restriction would result in a cycle.
1685 The key quota for the caller's user would be exceeded by creating a key or
1686 linking it to the keyring.
1691 .BR KEYCTL_RESTRICT_KEYRING
1692 and keyring provided in
1694 argument already has a restriction set.
1699 .B KEYCTL_DH_COMPUTE
1700 and one of the following has failed:
1704 .IR "struct keyctl_dh_params" ,
1707 argument, from user space;
1710 .IR "struct keyctl_kdf_params" ,
1711 provided in the non-NULL
1713 argument, from user space
1714 (in case kernel supports performing KDF operation on DH operation result);
1716 copying of data pointed by the
1719 .I "struct keyctl_kdf_params"
1722 copying of data pointed by the
1725 .I struct keyctl_kdf_params
1726 from user space if the
1730 copying of the result to user space.
1737 and an invalid permission bit was specified in
1744 and the size of the description in
1746 (including the terminating null byte) exceeded 4096 bytes.
1749 size of the string (including the terminating null byte) specified in
1754 (the key description)
1755 exceeded the limit (32 bytes and 4096 bytes respectively).
1757 .BR EINVAL " (Linux kernels before 4.12)"
1760 .BR KEYCTL_DH_COMPUTE ,
1768 .B KEYCTL_DH_COMPUTE
1769 And the digest size of the hashing algorithm supplied is zero.
1774 .B KEYCTL_DH_COMPUTE
1775 and the buffer size provided is not enough to hold the result.
1776 Provide 0 as a buffer size in order to obtain the minimum buffer size.
1781 .B KEYCTL_DH_COMPUTE
1782 and the hash name provided in the
1785 .I struct keyctl_kdf_params
1788 argument is too big (the limit is implementation-specific and varies between
1789 kernel versions, but it is deemed big enough for all valid algorithm names).
1792 .\" commit 4f9dabfaf8df971f8a3b6aa324f8f817be38d538
1795 .B KEYCTL_DH_COMPUTE
1799 .I struct keyctl_kdf_params
1802 argument contains nonzero values.
1805 An expired key was found or specified.
1808 A rejected key was found or specified.
1811 A revoked key was found or specified.
1817 and the requested link would cause the maximum nesting depth
1818 for keyrings to be exceeded.
1823 .B KEYCTL_DH_COMPUTE
1824 and the buffer length exceeds
1825 .B KEYCTL_KDF_MAX_OUTPUT_LEN
1826 (which is 1024 currently)
1830 .I struct keyctl_kdf_parms
1834 .B KEYCTL_KDF_MAX_OI_LEN
1835 (which is 64 currently).
1837 .BR ENFILE " (Linux kernels before 3.13)"
1841 and the keyring is full.
1843 .\" commit b2a4df200d570b2c33a57e1ebfa5896e4bc81b69
1844 the available space for storing keyring links was limited to
1845 a single page of memory; since Linux 3.13, there is no fixed limit.)
1851 and the key to be unlinked isn't linked to the keyring.
1856 .B KEYCTL_DH_COMPUTE
1857 and the hashing algorithm specified in the
1860 .I struct keyctl_kdf_params
1863 argument hasn't been found.
1868 .B KEYCTL_RESTRICT_KEYRING
1869 and the type provided in
1871 argument doesn't support setting key linking restrictions.
1874 No matching key was found or an invalid key was specified.
1878 .B KEYCTL_GET_KEYRING_ID
1881 the key specified in
1885 was zero (meaning don't create the key if it didn't exist).
1888 One of kernel memory allocation routines failed during the execution of the
1892 A key of keyring type was expected but the ID of a key with
1893 a different type was provided.
1899 and the key type does not support reading
1907 and the key type does not support updating.
1912 .BR KEYCTL_RESTRICT_KEYRING ,
1913 the type provided in
1915 argument was "asymmetric", and the key specified in the restriction specification
1918 has type other than "asymmetric" or "keyring".
1923 .BR KEYCTL_GET_PERSISTENT ,
1925 specified a UID other than the calling thread's real or effective UID,
1926 and the caller did not have the
1933 .BR KEYCTL_SESSION_TO_PARENT
1935 all of the UIDs (GIDs) of the parent process do not match
1936 the effective UID (GID) of the calling process;
1937 the UID of the parent's existing session keyring or
1938 the UID of the caller's session keyring did not match
1939 the effective UID of the caller;
1940 the parent process is not single-thread;
1941 or the parent process is
1948 .B KEYCTL_DH_COMPUTE
1949 and the initialization of crypto modules has timed out.
1951 This system call first appeared in Linux 2.6.10.
1953 This system call is a nonstandard Linux extension.
1955 A wrapper is provided in the
1958 When employing the wrapper in that library, link with
1960 However, rather than using this system call directly,
1961 you probably want to use the various library functions
1962 mentioned in the descriptions of individual operations above.
1964 The program below provide subset of the functionality of the
1965 .BR request\-key (8)
1966 program provided by the
1969 For informational purposes,
1970 the program records various information in a log file.
1973 .BR request_key (2),
1975 .BR request\-key (8)
1976 program is invoked with command-line arguments that
1977 describe a key that is to be instantiated.
1978 The example program fetches and logs these arguments.
1979 The program assumes authority to instantiate the requested key,
1980 and then instantiates that key.
1982 The following shell session demonstrates the use of this program.
1984 we compile the program and then use it to temporarily replace the standard
1985 .BR request\-key (8)
1987 (Note that temporarily disabling the standard
1988 .BR request\-key (8)
1989 program may not be safe on some systems.)
1990 While our example program is installed,
1991 we use the example program shown in
1997 $ \fBcc \-o key_instantiate key_instantiate.c \-lkeyutils\fP
1998 $ \fBsudo mv /sbin/request\-key /sbin/request\-key.backup\fP
1999 $ \fBsudo cp key_instantiate /sbin/request\-key\fP
2000 $ \fB./t_request_key user mykey somepayloaddata\fP
2002 $ \fBsudo mv /sbin/request\-key.backup /sbin/request\-key\fP
2006 Looking at the log file created by this program,
2007 we can see the command-line arguments supplied to our example program:
2011 $ \fBcat /tmp/key_instantiate.log\fP
2012 Time: Mon Nov 7 13:06:47 2016
2014 Command line arguments:
2015 argv[0]: /sbin/request\-key
2017 key_to_instantiate: 20d035bf
2022 session_keyring: 256e6a6
2024 Key description: user;1000;1000;3f010000;mykey
2025 Auth key payload: somepayloaddata
2026 Destination keyring: 256e6a6
2027 Auth key description: .request_key_auth;1000;1000;0b010000;20d035bf
2031 The last few lines of the above output show that the example program
2034 the description of the key to be instantiated,
2035 which included the name of the key
2038 the payload of the authorization key, which consisted of the data
2039 .RI ( somepayloaddata )
2041 .BR request_key (2);
2043 the destination keyring that was specified in the call to
2044 .BR request_key (2);
2047 the description of the authorization key,
2048 where we can see that the name of the authorization key matches
2049 the ID of the key that is to be instantiated
2052 The example program in
2054 specified the destination keyring as
2055 .BR KEY_SPEC_SESSION_KEYRING .
2056 By examining the contents of
2058 we can see that this was translated to the ID of the destination keyring
2060 shown in the log output above;
2061 we can also see the newly created key with the name
2068 $ \fBcat /proc/keys | egrep \(aqmykey|256e6a6\(aq\fP
2069 0256e6a6 I\-\-Q\-\-\- 194 perm 3f030000 1000 1000 keyring _ses: 3
2070 20d035bf I\-\-Q\-\-\- 1 perm 3f010000 1000 1000 user mykey: 16
2076 /* key_instantiate.c */
2078 #include <sys/types.h>
2079 #include <keyutils.h>
2089 #ifndef KEY_SPEC_REQUESTOR_KEYRING
2090 #define KEY_SPEC_REQUESTOR_KEYRING \-8
2094 main(int argc, char *argv[])
2099 key_serial_t key_to_instantiate, dest_keyring;
2100 key_serial_t thread_keyring, process_keyring, session_keyring;
2104 char auth_key_payload[256];
2105 int akp_size; /* Size of auth_key_payload */
2108 fp = fopen("/tmp/key_instantiate.log", "w");
2115 fprintf(fp, "Time: %s\en", ctime(&t));
2118 * The kernel passes a fixed set of arguments to the program
2119 * that it execs; fetch them.
2121 operation = argv[1];
2122 key_to_instantiate = atoi(argv[2]);
2123 uid = atoi(argv[3]);
2124 gid = atoi(argv[4]);
2125 thread_keyring = atoi(argv[5]);
2126 process_keyring = atoi(argv[6]);
2127 session_keyring = atoi(argv[7]);
2129 fprintf(fp, "Command line arguments:\en");
2130 fprintf(fp, " argv[0]: %s\en", argv[0]);
2131 fprintf(fp, " operation: %s\en", operation);
2132 fprintf(fp, " key_to_instantiate: %jx\en",
2133 (uintmax_t) key_to_instantiate);
2134 fprintf(fp, " UID: %jd\en", (intmax_t) uid);
2135 fprintf(fp, " GID: %jd\en", (intmax_t) gid);
2136 fprintf(fp, " thread_keyring: %jx\en",
2137 (uintmax_t) thread_keyring);
2138 fprintf(fp, " process_keyring: %jx\en",
2139 (uintmax_t) process_keyring);
2140 fprintf(fp, " session_keyring: %jx\en",
2141 (uintmax_t) session_keyring);
2145 * Assume the authority to instantiate the key named in argv[2].
2147 if (keyctl(KEYCTL_ASSUME_AUTHORITY, key_to_instantiate) == \-1) {
2148 fprintf(fp, "KEYCTL_ASSUME_AUTHORITY failed: %s\en",
2154 * Fetch the description of the key that is to be instantiated.
2156 if (keyctl(KEYCTL_DESCRIBE, key_to_instantiate,
2157 dbuf, sizeof(dbuf)) == \-1) {
2158 fprintf(fp, "KEYCTL_DESCRIBE failed: %s\en", strerror(errno));
2162 fprintf(fp, "Key description: %s\en", dbuf);
2165 * Fetch the payload of the authorization key, which is
2166 * actually the callout data given to request_key().
2168 akp_size = keyctl(KEYCTL_READ, KEY_SPEC_REQKEY_AUTH_KEY,
2169 auth_key_payload, sizeof(auth_key_payload));
2170 if (akp_size == \-1) {
2171 fprintf(fp, "KEYCTL_READ failed: %s\en", strerror(errno));
2175 auth_key_payload[akp_size] = \(aq\e0\(aq;
2176 fprintf(fp, "Auth key payload: %s\en", auth_key_payload);
2179 * For interest, get the ID of the authorization key and
2182 auth_key = keyctl(KEYCTL_GET_KEYRING_ID,
2183 KEY_SPEC_REQKEY_AUTH_KEY);
2184 if (auth_key == \-1) {
2185 fprintf(fp, "KEYCTL_GET_KEYRING_ID failed: %s\en",
2190 fprintf(fp, "Auth key ID: %jx\en", (uintmax_t) auth_key);
2193 * Fetch key ID for the request_key(2) destination keyring.
2195 dest_keyring = keyctl(KEYCTL_GET_KEYRING_ID,
2196 KEY_SPEC_REQUESTOR_KEYRING);
2197 if (dest_keyring == \-1) {
2198 fprintf(fp, "KEYCTL_GET_KEYRING_ID failed: %s\en",
2203 fprintf(fp, "Destination keyring: %jx\en", (uintmax_t) dest_keyring);
2206 * Fetch the description of the authorization key. This
2207 * allows us to see the key type, UID, GID, permissions,
2208 * and description (name) of the key. Among other things,
2209 * we will see that the name of the key is a hexadecimal
2210 * string representing the ID of the key to be instantiated.
2212 if (keyctl(KEYCTL_DESCRIBE, KEY_SPEC_REQKEY_AUTH_KEY,
2213 dbuf, sizeof(dbuf)) == \-1) {
2214 fprintf(fp, "KEYCTL_DESCRIBE failed: %s\en", strerror(errno));
2218 fprintf(fp, "Auth key description: %s\en", dbuf);
2221 * Instantiate the key using the callout data that was supplied
2222 * in the payload of the authorization key.
2224 if (keyctl(KEYCTL_INSTANTIATE, key_to_instantiate,
2225 auth_key_payload, akp_size + 1, dest_keyring) == \-1) {
2226 fprintf(fp, "KEYCTL_INSTANTIATE failed: %s\en",
2239 .BR request_key (2),
2240 .\" .BR find_key_by_type_and_name (3)
2241 .\" There is a man page, but this function seems not to exist
2243 .BR keyctl_assume_authority (3),
2244 .BR keyctl_chown (3),
2245 .BR keyctl_clear (3),
2246 .BR keyctl_describe (3),
2247 .BR keyctl_describe_alloc (3),
2248 .BR keyctl_dh_compute (3),
2249 .BR keyctl_dh_compute_alloc (3),
2250 .BR keyctl_get_keyring_ID (3),
2251 .BR keyctl_get_persistent (3),
2252 .BR keyctl_get_security (3),
2253 .BR keyctl_get_security_alloc (3),
2254 .BR keyctl_instantiate (3),
2255 .BR keyctl_instantiate_iov (3),
2256 .BR keyctl_invalidate (3),
2257 .BR keyctl_join_session_keyring (3),
2258 .BR keyctl_link (3),
2259 .BR keyctl_negate (3),
2260 .BR keyctl_read (3),
2261 .BR keyctl_read_alloc (3),
2262 .BR keyctl_reject (3),
2263 .BR keyctl_revoke (3),
2264 .BR keyctl_search (3),
2265 .BR keyctl_session_to_parent (3),
2266 .BR keyctl_set_reqkey_keyring (3),
2267 .BR keyctl_set_timeout (3),
2268 .BR keyctl_setperm (3),
2269 .BR keyctl_unlink (3),
2270 .BR keyctl_update (3),
2271 .BR recursive_key_scan (3),
2272 .BR recursive_session_key_scan (3),
2273 .BR capabilities (7),
2274 .BR credentials (7),
2277 .BR persistent\-keyring (7),
2278 .BR process\-keyring (7),
2279 .BR session\-keyring (7),
2280 .BR thread\-keyring (7),
2281 .BR user\-keyring (7),
2282 .BR user_namespaces (7),
2283 .BR user\-session\-keyring (7),
2284 .BR request\-key (8)
2286 The kernel source files under
2287 .IR Documentation/security/keys/
2288 (or, before Linux 4.13, in the file
2289 .IR Documentation/security/keys.txt ).