Struct keyutils::Key

pub struct Key { /* private fields */ }

Representation of a kernel key.

Implementations

impl Key

pub unsafe fn new(id: KeyringSerial) -> Self

Instantiate a key from an ID.

This is unsafe because no key is known to exist with the given ID.

Safety

This method assumes that the given serial is a valid key ID at the kernel level.

pub fn request<'s, 'a, K, D, I, T>( description: D, info: I, target: T ) -> Result<Self>where K: KeyType, D: Borrow<K::Description>, I: Into<Option<&'s str>>, T: Into<Option<TargetKeyring<'a>>>,

Requests a key with the given type and description by searching the thread, process, and session keyrings.

If it is not found, the info string (if provided) will be handed off to /sbin/request-key to generate the key.

If target is given, the found keyring will be linked into it. If target is not given and a new key is constructed due to the request, it will be linked into the default keyring (see Keyring::set_default).

pub fn is_keytype<K>(&self) -> Result<bool>where K: KeyType,

Determine whether the key is of a specific implementation or not.

pub fn update<K, P>(&mut self, payload: P) -> Result<()>where K: KeyType, P: Borrow<K::Payload>,

Update the payload in the key.

pub fn revoke(self) -> Result<()>

Revokes the key. Requires write permission on the key.

pub fn chown(&mut self, uid: uid_t) -> Result<()>

Change the user which owns the key.

Requires the setattr permission on the key and the SysAdmin capability to change it to anything other than the current user.

pub fn chgrp(&mut self, gid: gid_t) -> Result<()>

Change the group which owns the key.

Requires the setattr permission on the key and the SysAdmin capability to change it to anything other than a group of which the current user is a member.

pub fn set_permissions(&mut self, perms: Permission) -> Result<()>

Set the permissions on the key.

Requires the setattr permission on the key and the SysAdmin capability if the current user does not own the key.

pub fn description(&self) -> Result<Description>

Retrieve metadata about the key.

Panics

If the kernel returns malformed data, the parser will panic.

pub fn read(&self) -> Result<Vec<u8>>

Read the payload of the key. Requires read permissions on the key.

pub fn set_timeout(&mut self, timeout: Duration) -> Result<()>

Set an expiration timer on the keyring to timeout.

Any partial seconds are ignored. A timeout of 0 means “no expiration”. Requires the setattr permission on the key.

pub fn security(&self) -> Result<String>

The security context of the key.

Depends on the security manager loaded into the kernel (e.g., SELinux or AppArmor).

pub fn invalidate(self) -> Result<()>

Invalidates the key and schedules it for removal.

Requires the search permission on the key.

pub fn manage(&mut self) -> Result<KeyManager>

Create an object to manage a key request.

Before a key may be managed on a thread, an authorization key must be attached to an available thread keyring.

Only one key may be managed on a thread at a time. Managing a second key will invalidate any previous KeyManager constructions.

See KeyManager::request_key_auth_key.

pub fn compute_dh(private: &Key, prime: &Key, base: &Key) -> Result<Vec<u8>>

Compute a Diffie-Hellman prime for use as a shared secret or public key.

pub fn compute_dh_kdf<O>( private: &Key, prime: &Key, base: &Key, hash: KeyctlHash, other: Option<O> ) -> Result<Vec<u8>>where O: AsRef<[u8]>,

Compute a key from a Diffie-Hellman shared secret.

The base key contains the remote public key to create a share secret which is then processed using hash.

See SP800-56A for details.

pub fn pkey_query_support( &self, query: &PublicKeyOptions ) -> Result<KeySupportInfo>

Query which optionally supported features may be used by the key.

pub fn encrypt( &self, options: &PublicKeyOptions, data: &[u8] ) -> Result<Vec<u8>>

Encrypt data using the key.

pub fn decrypt( &self, options: &PublicKeyOptions, data: &[u8] ) -> Result<Vec<u8>>

Decrypt data using the key.

pub fn sign(&self, options: &PublicKeyOptions, data: &[u8]) -> Result<Vec<u8>>

Sign data using the key.

pub fn verify( &self, options: &PublicKeyOptions, data: &[u8], signature: &[u8] ) -> Result<bool>

Verify a signature of the data using the key.

Trait Implementations

impl Clone for Key

fn clone(&self) -> Key

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Key

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl PartialEq<Key> for Key

fn eq(&self, other: &Key) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Eq for Key

impl StructuralEq for Key

impl StructuralPartialEq for Key