KEYCTL_PKEY_ENCRYPT(3) Linux Public-Key Encryption KEYCTL_PKEY_ENCRYPT(3)
NAME
keyctl_pkey_encrypt, keyctl_pkey_decrypt - Encrypt and decrypt data
SYNOPSIS
#include <keyutils.h>
long keyctl_pkey_encrypt(key_serial_t key, const char *info,
const void *data, size_t data_len,
void *enc, size_t enc_len);
long keyctl_pkey_decrypt(key_serial_t key, const char *info,
const void *enc, size_t enc_len,
void *data, size_t data_len);
DESCRIPTION
keyctl_pkey_encrypt() asks the kernel to use the crypto material at-
tached to a key to encrypt a blob of data and keyctl_pkey_decrypt()
asks the kernel to use the key to reverse the operation and recover the
original data. Note that these operations may involve the kernel call-
ing out to cryptographic hardware. The caller must have search permis-
sion on a key to be able to use them in this manner.
When invoking the function, key indicates the key that will provide the
cryptographic material and info points to a space- or tab-separated
string of "key[=value]" parameters that indicate things like encoding
forms and passwords to unlock the key; see asymmetric-key(7) for more
information.
data and datalen indicate the address and size of the decrypted data
buffer and enc and enclen indicate the address and size of the en-
crypted data buffer. The encrypt function draws data from the de-
crypted data buffer and places the output into the encryption buffer.
The decrypt function does the reverse, drawing from the encryption buf-
fer and writing into the data buffer.
keyctl_pkey_query(2) can be called to find out how large the buffers
need to be.
Note that not all asymmetric-type keys will support these operations;
further, the operations available may depend on which components of the
key material are available: typically encryption only requires the pub-
lic key, but decryption requires the private key as well. Which opera-
tions are supported on a particular key can also be determined using
the query function.
RETURN VALUE
On success keyctl_pkey_encrypt() and keyctl_pkey_decrypt() return the
amount of data written into the output buffer. On error, the value -1
will be returned and errno will have been set to an appropriate error.
ERRORS
ENOKEY The key specified is invalid.
EKEYEXPIRED
The key specified has expired.
EKEYREVOKED
The key specified has been revoked.
EACCES The key exists, but is not searchable by the calling process.
ENOPKG Some facility needed to complete the requested operation is not
available. This is most probably a requested or required digest
or encryption algorithm.
EFAULT Bad address.
LINKING
This is a library function that can be found in libkeyutils. When
linking, -lkeyutils should be specified to the linker.
SEE ALSO
keyctl(1), add_key(2), keyctl(2), keyctl(3), keyctl_pkey_query(3),
keyctl_pkey_sign(3), keyrings(7), keyutils(7)
Linux 8 Nov 2018 KEYCTL_PKEY_ENCRYPT(3)
Generated by dwww version 1.15 on Wed Jun 26 18:11:57 CEST 2024.