|
NAME | SYNOPSIS | DESCRIPTION | RETURN VALUE | ERRORS | LINKING | SEE ALSO | COLOPHON |
KEYCTL_PKEY_ENCRYPT(3) Linux Public-Key Encryption KEYCTL_PKEY_ENCRYPT(3)
keyctl_pkey_encrypt, keyctl_pkey_decrypt - Encrypt and decrypt data
#include <keyutils.h>
long keyctl_pkey_encrypt(key_serial_t key, const char *info,
const void *data, size_t data_len,
void *enc, size_t enc_len);
long keyctl_pkey_decrypt(key_serial_t key, const char *info,
const void *enc, size_t enc_len,
void *data, size_t data_len);
keyctl_pkey_encrypt() asks the kernel to use the crypto material
attached to a key to encrypt a blob of data and keyctl_pkey_decrypt()
asks the kernel to use the key to reverse the operation and recover
the original data. Note that these operations may involve the kernel
calling out to cryptographic hardware. The caller must have search
permission on a key to be able to use them in this manner.
When invoking the function, key indicates the key that will provide
the cryptographic material and info points to a space- or tab-
separated string of "key[=value]" parameters that indicate things
like encoding forms and passwords to unlock the key; see asymmetric-
key(7) for more information.
data and datalen indicate the address and size of the decrypted data
buffer and enc and enclen indicate the address and size of the
encrypted data buffer. The encrypt function draws data from the
decrypted data buffer and places the output into the encryption
buffer. The decrypt function does the reverse, drawing from the
encryption buffer and writing into the data buffer.
keyctl_pkey_query(2) can be called to find out how large the buffers
need to be.
Note that not all asymmetric-type keys will support these operations;
further, the operations available may depend on which components of
the key material are available: typically encryption only requires
the public key, but decryption requires the private key as well.
Which operations are supported on a particular key can also be
determined using the query function.
On success keyctl_pkey_encrypt() and keyctl_pkey_decrypt() return the
amount of data written into the output buffer. On error, the value
-1 will be returned and errno will have been set to an appropriate
error.
ENOKEY The key specified is invalid.
EKEYEXPIRED
The key specified has expired.
EKEYREVOKED
The key specified has been revoked.
EACCES The key exists, but is not searchable by the calling process.
ENOPKG Some facility needed to complete the requested operation is
not available. This is most probably a requested or required
digest or encryption algorithm.
EFAULT Bad address.
This is a library function that can be found in libkeyutils. When
linking, -lkeyutils should be specified to the linker.
keyctl(1), add_key(2), keyctl(2), keyctl(3), keyctl_pkey_query(3),
keyctl_pkey_sign(3), keyrings(7), keyutils(7)
This page is part of the keyutils (key management utilities) project.
Information about the project can be found at [unknown -- if you
know, please contact man-pages@man7.org] If you have a bug report for
this manual page, send it to keyrings@linux-nfs.org. This page was
obtained from the project's upstream Git repository
⟨http://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git⟩
on 2020-08-13. (At that time, the date of the most recent commit
that was found in the repository was 2020-07-07.) If you discover
any rendering problems in this HTML version of the page, or you
believe there is a better or more up-to-date source for the page, or
you have corrections or improvements to the information in this
COLOPHON (which is not part of the original manual page), send a mail
to man-pages@man7.org
Linux 8 Nov 2018 KEYCTL_PKEY_ENCRYPT(3)
Pages that refer to this page: keyctl(3)