|KEYCTL_PKEY_ENCRYPT(3)||Linux Public-Key Encryption||KEYCTL_PKEY_ENCRYPT(3)|
#include <keyutils.h> long keyctl_pkey_encrypt(key_serial_t key, const char *info, const void *data, size_t data_len, void *enc, size_t enc_len); long keyctl_pkey_decrypt(key_serial_t key, const char *info, const void *enc, size_t enc_len, void *data, size_t data_len);
When invoking the function, key indicates the key that will provide the cryptographic material and info points to a space- or tab-separated string of "key[=value]" parameters that indicate things like encoding forms and passwords to unlock the key; see asymmetric-key(7) for more information.
data and datalen indicate the address and size of the decrypted data buffer and enc and enclen indicate the address and size of the encrypted data buffer. The encrypt function draws data from the decrypted data buffer and places the output into the encryption buffer. The decrypt function does the reverse, drawing from the encryption buffer and writing into the data buffer.
keyctl_pkey_query(2) can be called to find out how large the buffers need to be.
Note that not all asymmetric-type keys will support these operations; further, the operations available may depend on which components of the key material are available: typically encryption only requires the public key, but decryption requires the private key as well. Which operations are supported on a particular key can also be determined using the query function.
- The key specified is invalid.
- The key specified has expired.
- The key specified has been revoked.
- The key exists, but is not searchable by the calling process.
- Some facility needed to complete the requested operation is not available. This is most probably a requested or required digest or encryption algorithm.
- Bad address.
|8 Nov 2018||Linux|