Lines Matching full:key
4 Asymmetric / Public-key Cryptography Key Type
10 - Key identification.
13 - Asymmetric key subtypes.
21 The "asymmetric" key type is designed to be a container for the keys used in
22 public-key cryptography, without imposing any particular restrictions on the
23 form or mechanism of the cryptography or form of the key.
25 The asymmetric key is given a subtype that defines what sort of data is
26 associated with the key and provides operations to describe and destroy it.
27 However, no requirement is made that the key data actually be stored in the
28 key.
30 A completely in-kernel key retention and operation subtype can be defined, but
32 a TPM) that might be used to both retain the relevant key and perform
33 operations using that key. In such a case, the asymmetric key would then
39 subtype of the key and define the operations that can be done on that key.
42 key, or it may interpret it as a reference to a key held somewhere else in the
46 Key Identification
49 If a key is added with an empty name, the instantiation data parsers are given
50 the opportunity to pre-parse a key and to determine the description the key
51 should be given from the content of the key.
53 This can then be used to refer to the key, either by complete match or by
54 partial match. The key type may also use other criteria to refer to a key.
56 The asymmetric key type's match function can then perform a wider range of
61 function will examine a key's fingerprint to see if the hex digits given
66 will match a key with fingerprint::
77 Looking in /proc/keys, the last 8 hex digits of the key fingerprint are
92 Three enums are defined there for representing public-key cryptography
101 and key identifier representations::
105 Note that the key type representation types are required because key
107 instance, PGP generates key identifiers by hashing the key data plus some
110 The operations defined upon a key are:
114 Other operations are possible (such as encryption) with the same key data
116 (eg. decryption and signature generation) require extra key data.
123 an asymmetric key to provide or to provide access to the public key::
125 int verify_signature(const struct key *key,
128 The caller must have already obtained the key from some source and can then use
154 The function may also return -ENOTSUPP if an unsupported public-key algorithm
155 or public-key/hash algorithm combination is specified or the key doesn't
158 if the key argument is the wrong type or is incompletely set up.
161 Asymmetric Key Subtypes
165 performed on that key and that determines what data is attached as the key
168 The subtype is selected by the key data parser and the parser must initialise
169 the data required for it. The asymmetric key retains a reference on the
182 void (*describe)(const struct key *key, struct seq_file *m);
188 int (*verify_signature)(const struct key *key,
202 against the key. For instance the name of the public key algorithm type
203 could be displayed. The key type will display the tail of the key
208 Mandatory. This should free the memory associated with the key. The
209 asymmetric key will look after freeing the fingerprint and releasing the
214 Mandatory. This is a function for querying the capabilities of a key.
232 The asymmetric key type doesn't generally want to store or to deal with a raw
233 blob of data that holds the key data. It would have to parse it and error
236 dates) and may contain useful data about the key (identifiers, capabilities).
238 Also, the blob may represent a pointer to some hardware containing the key
239 rather than the key itself.
245 - Pointer to TPM key.
246 - Pointer to UEFI key.
247 - PKCS#8 private key [RFC 5208].
248 - PKCS#5 encrypted private key [RFC 2898].
250 During key instantiation each parser in the list is tried until one doesn't
274 This is called to preparse the key from the key creation and update paths.
275 In particular, it is called during the key creation _before_ a key is
276 allocated, and as such, is permitted to provide the key's description in
298 the key and attach it to ->description, ->payload[asym_subtype] should be
302 quotalen should be updated to indicate how much quota this key should
313 is recognised, but the key cannot for some reason be set up, some other
316 The key's fingerprint string may be partially matched upon. For a
317 public-key algorithm such as RSA and DSA this will likely be a printable
318 hex version of the key's fingerprint.
333 signature of the key being linked. Keys without a valid signature are not
343 The kernel builtin trusted keyring will be searched for the signing key.
354 signing key. If the secondary trusted keyring is not configured, this
359 3) Restrict using a separate key or keyring
362 - "key_or_keyring:<key or keyring serial number>[:chain]"
364 Whenever a key link is requested, the link will only succeed if the key
365 being linked is signed by one of the designated keys. This key may be
366 specified directly by providing a serial number for one asymmetric key, or
367 a group of keys may be searched for the signing key by providing the
419 In all of these cases, if the signing key is found the signature of the key to
420 be linked will be verified using the signing key. The requested key is added
423 returned if the signature check fails or the key is blacklisted. Other errors