keyctl_pkey_encrypt(3) — Linux manual page
KEYCTL_PKEY_ENCRYPT(3) Linux Public-Key EncryptionKEYCTL_PKEY_ENCRYPT(3)
NAME
keyctl_pkey_encrypt, keyctl_pkey_decrypt - Encrypt and decrypt
data
SYNOPSIS
#include <keyutils.h>
long keyctl_pkey_encrypt(key_serial_t key, const char *info,
const void *data, size_t data_len,
void *enc, size_t enc_len);
long keyctl_pkey_decrypt(key_serial_t key, const char *info,
const void *enc, size_t enc_len,
void *data, size_t data_len);
DESCRIPTION
keyctl_pkey_encrypt() asks the kernel to use the crypto material
attached to a key to encrypt a blob of data and
keyctl_pkey_decrypt() asks the kernel to use the key to reverse
the operation and recover the original data. Note that these
operations may involve the kernel calling out to cryptographic
hardware. The caller must have search permission on a key to be
able to use them in this manner.
When invoking the function, key indicates the key that will
provide the cryptographic material and info points to a space- or
tab-separated string of "key[=value]" parameters that indicate
things like encoding forms and passwords to unlock the key; see
asymmetric-key(7) for more information.
data and datalen indicate the address and size of the decrypted
data buffer and enc and enclen indicate the address and size of
the encrypted data buffer. The encrypt function draws data from
the decrypted data buffer and places the output into the
encryption buffer. The decrypt function does the reverse,
drawing from the encryption buffer and writing into the data
buffer.
keyctl_pkey_query(2) can be called to find out how large the
buffers need to be.
Note that not all asymmetric-type keys will support these
operations; further, the operations available may depend on which
components of the key material are available: typically
encryption only requires the public key, but decryption requires
the private key as well. Which operations are supported on a
particular key can also be determined using the query function.
RETURN VALUE
On success keyctl_pkey_encrypt() and keyctl_pkey_decrypt() return
the amount of data written into the output buffer. On error, the
value -1 will be returned and errno will have been set to an
appropriate error.
ERRORS
ENOKEY The key specified is invalid.
EKEYEXPIRED
The key specified has expired.
EKEYREVOKED
The key specified has been revoked.
EACCES The key exists, but is not searchable by the calling
process.
ENOPKG Some facility needed to complete the requested operation
is not available. This is most probably a requested or
required digest or encryption algorithm.
EFAULT Bad address.
LINKING
This is a library function that can be found in libkeyutils.
When linking, -lkeyutils should be specified to the linker.
SEE ALSO
keyctl(1), add_key(2), keyctl(2), keyctl(3),
keyctl_pkey_query(3), keyctl_pkey_sign(3), keyrings(7),
keyutils(7)
COLOPHON
This page is part of the keyutils (key management utilities)
project. Information about the project can be found at [unknown
-- if you know, please contact man-pages@man7.org] If you have a
bug report for this manual page, send it to
keyrings@linux-nfs.org. This page was obtained from the
project's upstream Git repository
⟨http://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git⟩
on 2024-06-14. (At that time, the date of the most recent commit
that was found in the repository was 2023-03-20.) If you
discover any rendering problems in this HTML version of the page,
or you believe there is a better or more up-to-date source for
the page, or you have corrections or improvements to the
information in this COLOPHON (which is not part of the original
manual page), send a mail to man-pages@man7.org
Linux 8 Nov 2018 KEYCTL_PKEY_ENCRYPT(3)
Pages that refer to this page: keyctl(3), keyctl_pkey_query(3), asymmetric-key(7)