add_key(2) System Calls Manual add_key(2) add_key - LIBRARY Standard C library (libc, -lc) #include key_serial_t add_key(const char *type, const char *description, const void payload[.plen], size_t plen, key_serial_t keyring); : glibc ; . add_key() type description, payload plen, keyring . , . keyring type description , , , ; , ( ) . keyring , . : KEY_SPEC_THREAD_KEYRING (thread-keyring(7)). KEY_SPEC_PROCESS_KEYRING (process-keyring(7)). KEY_SPEC_SESSION_KEYRING (session-keyring(7)). KEY_SPEC_USER_KEYRING UID (user-keyring(7)). KEY_SPEC_USER_SESSION_KEYRING UID (user-session-keyring(7)). type , . , . type add_key() : "keyring" -- , . , payload NULL, plen . "user" , . . (blob) 32767 . "logon" ( Linux 3.3) "user", . , . description <>, description <<:>> . "big_key" ( Linux 3.13) "user", 1 . , tmpfs ( ), . keyrings(7). On success, add_key() returns the serial number of the key it created or updated. On error, -1 is returned and errno is set to indicate the error. EACCES . EDQUOT , . EFAULT type, description payload . EINVAL ( null), type description, (32 4096 , ). EINVAL . EINVAL type "logon", description - "service:". EKEYEXPIRED . EKEYREVOKED . ENOKEY . ENOMEM . EPERM The type started with a period ('.'). Key types that begin with a period are reserved to the implementation. EPERM type was "keyring" and the description started with a period ('.'). Keyrings with descriptions (names) that begin with a period are reserved to the implementation. Linux. Linux 2.6.10. glibc does not provide a wrapper for this system call. A wrapper is provided in the libkeyutils library. (The accompanying package provides the header file.) When employing the wrapper in that library, link with -lkeyutils. , , , , , . : $ ./a.out user mykey "Some payload" Key ID is 64a4dca $ grep '64a4dca' /proc/keys 064a4dca I--Q--- 1 perm 3f010000 1000 1000 user mykey: 12 #include #include #include #include #include int main(int argc, char *argv[]) { key_serial_t key; if (argc != 4) { fprintf(stderr, "Usage: %s type description payload\n", argv[0]); exit(EXIT_FAILURE); } key = add_key(argv[1], argv[2], argv[3], strlen(argv[3]), KEY_SPEC_SESSION_KEYRING); if (key == -1) { perror("add_key"); exit(EXIT_FAILURE); } printf("Key ID is %jx\n", (uintmax_t) key); exit(EXIT_SUCCESS); } . keyctl(1), keyctl(2), request_key(2), keyctl(3), keyrings(7), keyutils(7), persistent-keyring(7), process-keyring(7), session-keyring(7), thread-keyring(7), user-keyring(7), user-session-keyring(7) Documentation/security/keys/core.rst Documentation/keys/request-key.rst (, Linux 4.13, Documentation/security/keys.txt Documentation/security/keys-request-key.txt). Dmitry Bolkhovskikh Yuri Kozlov ; GNU 3 , . . , , . Linux man-pages 6.06 31 2023 . add_key(2)