Travis CI build status

NAME

Kernel::Keyring - Wrapper for kernel keyring syscalls

SYNOPSIS

    use Kernel::Keyring;
    use Encode;

    # create keyring for current session with name 'Test'
    key_session 'Test';

    # add new user type key named 'password' with data 'secretPW' in session keyring (@s)
    my $id = key_add 'user', 'password', 'secretPW, '@s';

    # same with wide characters
    my $id2 = key_add 'user', 'secret_name', Encode::encode('UTF-8', '刘维克多'), '@s';

    # retrieve data for given id
    my $data = key_get_by_id $id;

    # set timeout on key to 60 seconds
    key_timeout $id, 60;

    # clear timeout
    key_timeout $id, 0;

    # set key permissions to all for possessor, none for anyone else
    key_perm $id, 0x3f000000;

    # revoke access to key
    key_revoke $id;

    # delete key for given keyring
    key_unlink $id, '@s';

DESCRIPTION

Kernel::Keyring is a rudimentary wrapper for libkeyutils based syscalls. Provided functions should suffice for the typical usecase: storing passwords/keys in a secure location, the kernel.

Module exports all functions by default.

All functions "die" with a proper message on errors.

PREREQUISITES

The module requires kernel support and the keyutils library to be installed.

Package names for Ubuntu/Debian: libkeyutils-dev libkeyutils1

Package names for RedHat: keyutils-devel keyutils-libs

Source as tar: http://people.redhat.com/~dhowells/keyutils/

More documentation is available on the manpages (man keyctl) if the keyutils package is installed

FUNCTIONS

key_add

    key_add($type, $name, $data, $keyring)

Adds key with given type, name and data to the keyring.

$type is usually the string user, more info on the manpage of keyctl.

$name is the name of the key, can be used to searching (not implemented yet).

$data is an arbitrary string of data. Strings with wide characters should be encoded to ensure proper string length. Else data might appear truncated on key retrieval.

$keyring can be be any of the following:

Thread keyring: @t

Process keyring: @p

Session keyring: @s

User specific keyring: @u

User default session keyring: @us

Group specific keyring: @g

The function returns the assigned key id on success, dies on error.

Corresponds to keyctl add <type> <desc> <data> <keyring> shell command from keyutils package

key_get_by_id

    key_add($id)

Retrieves key string with given id.

Corresponds to keyctl read <key> shell command from keyutils package

key_timeout

    key_timeout($id, $seconds)

Sets timeout on given id in seconds. Kernel automatically unlinks timed out keys.

Corresponds to keyctl timeout <key> <timeout> shell command from keyutils package

key_unlink

    key_unlink($id, $keyring)

Deletes key with given id from given keyring (e.g. @s). Supports only the two argument version for fast lookups.

Corresponds to keyctl unlink <key> <keyring> shell command from keyutils package

key_session

    key_session($name)

Creates a new keyring and attaches it to the current session. Doesn't place the program in a new shell, unlike the keyctl command. This function might be necessary for unattended applications, like server software. Without calling key_session first the session keyring is destroyed on user logout (after starting the app), resulting in "Key has been revoked" error messages. Omitting $name will result in the keyring name defaulting to a random 32bit number appended to "K::KR::" (seen in file /proc/keys).

Corresponds to keyctl session <name> shell command from keyutils package

key_perm

    key_perm($id, $mask)

Sets permission on given key id.

Mask should be given in hex format as a combination of (following paragraph taken from manpage of keyctl:

    Possessor UID       GID       Other     Permission Granted
    ========  ========  ========  ========  ==================
    01000000  00010000  00000100  00000001  View
    02000000  00020000  00000200  00000002  Read
    04000000  00040000  00000400  00000004  Write
    08000000  00080000  00000800  00000008  Search
    10000000  00100000  00001000  00000010  Link
    20000000  00200000  00002000  00000020  Set Attribute
    3f000000  003f0000  00003f00  0000003f  All

View permits the type, description and other parameters of a key to be viewed.

Read permits the payload (or keyring list) to be read if supported by the type.

Write permits the payload (or keyring list) to be modified or updated.

Search on a key permits it to be found when a keyring to which it is linked is searched.

Link permits a key to be linked to a keyring.

Set Attribute permits a key to have its owner, group membership, permissions mask and timeout changed.

Corresponds to keyctl setperm <key> <mask> shell command from keyutils package

key_revoke

    key_revoke($id)

Revokes access to the key with given id. No operations other than unlink are possible on revoked keys.

Corresponds to keyctl revoke <key> shell command from keyutils package

REPOSITORY

http://github.com/lixmal/Kernel-Keyring

AUTHOR

Viktor Liu <vma@randomcrap.eu>

COPYRIGHT AND LICENSING

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

Details can be found in the file LICENSE.

To install Kernel::Keyring, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Kernel::Keyring

CPAN shell

perl -MCPAN -e shell
install Kernel::Keyring

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)