| NAME | SYNOPSIS | DESCRIPTION | KEY TYPES | RETURN VALUE | ERRORS | LINKING | SEE ALSO | COLOPHON | The Linux Programming Interface |
ADD_KEY(2) Linux Key Management Calls ADD_KEY(2)
add_key - Add a key to the kernel's key management facility
#include <keyutils.h>
key_serial_t add_key(const char *type, const char *description,
const void *payload, size_t plen, key_serial_t keyring);
add_key() asks the kernel to create or update a key of the given type and
description, instantiate it with the payload of length plen, and to attach it
to the nominated keyring and to return its serial number.
The key type may reject the data if it's in the wrong format or in some other
way invalid.
If the destination keyring already contains a key that matches the specified
type and description then, if the key type supports it, that key will be
updated rather than a new key being created; if not, a new key will be created
and it will displace the link to the extant key from the keyring.
The destination keyring serial number may be that of a valid keyring to which
the caller has write permission, or it may be a special keyring ID:
KEY_SPEC_THREAD_KEYRING
This specifies the caller's thread-specific keyring.
KEY_SPEC_PROCESS_KEYRING
This specifies the caller's process-specific keyring.
KEY_SPEC_SESSION_KEYRING
This specifies the caller's session-specific keyring.
KEY_SPEC_USER_KEYRING
This specifies the caller's UID-specific keyring.
KEY_SPEC_USER_SESSION_KEYRING
This specifies the caller's UID-session keyring.
There are a number of key types available in the core key management code, and
these can be specified to this function:
"user" Keys of the user-defined key type may contain a blob of arbitrary data,
and the description may be any valid string, though it is preferred
that the description be prefixed with a string representing the service
to which the key is of interest and a colon (for instance "afs:mykey").
The payload may be empty or NULL for keys of this type.
"keyring"
Keyrings are special key types that may contain links to sequences of
other keys of any type. If this interface is used to create a keyring,
then a NULL payload should be specified, and plen should be zero.
On success add_key() returns the serial number of the key it created or
updated. On error, the value -1 will be returned and errno will have been set
to an appropriate error.
ENOKEY The keyring doesn't exist.
EKEYEXPIRED
The keyring has expired.
EKEYREVOKED
The keyring has been revoked.
EINVAL The payload data was invalid.
ENOMEM Insufficient memory to create a key.
EDQUOT The key quota for this user would be exceeded by creating this key or
linking it to the keyring.
EACCES The keyring wasn't available for modification by the user.
Although this is a Linux system call, it is not present in libc but can be
found rather in libkeyutils. When linking, -lkeyutils should be specified to
the linker.
keyctl(1), keyctl(2), request_key(2)
This page is part of release 3.32 of the Linux man-pages project. A
description of the project, and information about reporting bugs, can be found
at http://www.kernel.org/doc/man-pages/.
Linux 2010-02-25 ADD_KEY(2)
HTML rendering created 2010-12-03 by Michael Kerrisk, author of The Linux Programming Interface