keyutils-1.6.1

Introduction to keyutils

Keyutils is a set of utilities for managing the key retention facility in the kernel, which can be used by filesystems, block devices and more to gain and retain the authorization and encryption keys required to perform secure operations.

This package is known to build and work properly using an LFS-10.1 platform.

Package Information

keyutils Dependencies

Required

MIT Kerberos V5-1.19.1

User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/keyutils

Installation of keyutils

Install keyutils by running the following commands:

sed -i 's:$(LIBDIR)/$(PKGCONFIG_DIR):/usr/lib/pkgconfig:' Makefile &&
make

To test the results, issue, as the root user:

sed -i '/find/s:/usr/bin/::' tests/Makefile &&
make -k test 

Note that several tests will fail if certain uncommon kernel options were not used when the kernel was built. These include CONFIG_BIG_KEYS, CONFIG_KEY_DH_OPERATIONS, and CONFIG_CRYPTO_DH.

Now, as the root user:

make NO_ARLIB=1 install

Command Explanations

sed ... Makefile: This command ensures the pkgconfig file is placed in the correct directory.

NO_ARLIB=1: This make flag disables installing the static library.

Configuring keyutils

Config Files

/etc/request-key.conf and /etc/request-key.d/*

Contents

Installed Programs: keyctl, key.dns_resolver, and request-key
Installed Library: libkeyutils.so
Installed Directory: /etc/request-key.d and /usr/share/keyutils

Short Descriptions

keyctl

controls the key management facility with a variety of subcommands

key.dns_resolver

is invoked by request-key on behalf of the kernel when kernel services (such as NFS, CIFS and AFS) need to perform a hostname lookup and the kernel does not have the key cached. It is not ordinarily intended to be called directly

request-key

is invoked by the kernel when the kernel is asked for a key that it doesn't have immediately available. The kernel creates a temporary key and then calls out to this program to instantiate it. It is not intended to be called directly

libkeyutils.so

contains the keyutils library API instantiation

Last updated on 2021-02-19 22:13:48 -0800