keys.txt - OpenGrok cross reference for /linux-4.1.27/Documentation/security/keys.txt

Lines Matching refs:keys
5 This service allows cryptographic keys, authentication tokens, cross-domain
10 other keys. Processes each have three standard keyring subscriptions that a
11 kernel service can search for relevant keys.
36 In this context, keys represent units of cryptographic data, authentication
58      kernel by a kernel service (such as a filesystem) before keys of that type
64      Should a type be removed from the system, all the keys of that type will
79      actual "key". In the case of a keyring, this is a list of keys to which
124 The key service provides a number of features besides keys:
130 	 Keyrings are special keys that contain a list of other keys. Keyring
148 	 separated from the rest of the description by a ':'. "logon" keys can
183  (*) Each user has two quotas against which the keys they own are tracked. One
184      limits the total number of keys and keyrings, the other limits the total
198      manipulate keys and keyrings.
201      for keys.
226      keys.
235      This permits keyrings to be searched and keys to be found. Searches can
257 controls can be applied to keys created within various contexts.  This support
264 newly-created keys.  If the contents of that file correspond to an SELinux
268 particular context to newly-created keys, using the "create" permission in the
292  (*) /proc/keys
294      This lists the keys that are currently viewable by the task reading the
299      The only keys included in the list are those that grant View permission to
301      security checks are still performed, and may further filter out keys that
341 	<inst>/<keys>		Total number of keys and number instantiated
342 	<keys>/<max>		Key count quota
347 quota limits on keys:
349  (*) /proc/sys/kernel/keys/root_maxkeys
350      /proc/sys/kernel/keys/root_maxbytes
352      These files hold the maximum number of keys that root may have and the
354      keys.
356  (*) /proc/sys/kernel/keys/maxkeys
357      /proc/sys/kernel/keys/maxbytes
359      These files hold the maximum number of keys that each non-root user may
361      users may have stored in their keys.
371 Userspace can manipulate keys directly through three new syscalls: add_key,
373 manipulating keys.
377 values available for referring to special keys and keyrings that relate to the
424      User defined keys can be created by specifying type "user". It is
451      See also Documentation/security/keys-request-key.txt.
567      This function clears the list of keys attached to a keyring. The calling
590      Any links within the keyring to keys that match the new key in terms of
615      checked for keys before recursion into its children occurs.
619      permission on will be recursed into, and only keys and keyrings for which
642      representing the IDs of all the keys to which it is subscribed. The user
707      This sets the default keyring to which implicitly requested keys will be
744      or expired keys.
756      Once authority is assumed, searches for keys will also search the
816      keys from all keyrings and deletes the key when its reference count
820      immediately, though they are still visible in /proc/keys until deleted
832 be broken down into two areas: keys and key types.
834 Dealing with keys is fairly straightforward. Firstly, the kernel service
838 call, and the key released upon close. How to deal with conflicting keys due to
846 Specific key types should have a header file under include/keys/ that should be
847 used to access that type.  For keys of type "user", for example, that would be:
849 	<keys/user-type.h>
851 Note that there are two different types of pointers to keys that may be
899     implicitly obtained request-key keys, as set by KEYCTL_SET_REQKEY_KEYRING.
901     See also Documentation/security/keys-request-key.txt.
1037 Under some circumstances, it may be desirable to deal with a bundle of keys.
1063      instantiated (uninstantiated keys cannot be "found").
1247       	  description to narrow down the search to a small number of keys.
1250       	  keys in the keyring until one is matched.  This must be used for any
1267      If match_preparse() is not provided, keys of this type will be matched
1301      This method is optional. It is called during /proc/keys reading to
1391 access any more keys. It may then look around for a user specific process to
1426 Dead keys (for which the type has been removed) will be automatically unlinked
1430 Similarly, revoked and expired keys will be garbage collected, but only after a
1433 	/proc/sys/kernel/keys/gc_delay