README
¶
What is this?
Go bindings for Linux's libkeyutils. libkeyutils provides an interface to the Linux kernel's keyring APIs, useful for storing secrets.
It requires headers and libs for libkeyutils to be installed, e.g. apt-get install libkeyutils-dev.
How to build and install
sudo apt-get install -y libkeyutils-dev # on ubuntu
go get github.com/jandre/keyutils
How to use
Adding and reading a key from a keyring.
See example/add_and_read_key.go to see an example of adding and reading a
key from the user keyring.
For other examples, please see example/.
package main
import (
"log"
"github.com/jandre/keyutils"
)
func main() {
id, err := keyutils.AddKey(keyutils.USER, "test123", "hello", keyutils.KEY_SPEC_USER_KEYRING)
if err != nil {
log.Fatal("Error adding key:", err)
}
log.Println("Added key test123 with serial:", id)
val, err := keyutils.ReadKey(id)
if err != nil {
log.Fatal("Error reading key:", err)
}
log.Println("Read:", val)
}
$ go run example/main.go
2015/03/29 17:20:36 Added key test123 with serial: 222717072
2015/03/29 17:20:36 Read: hello
Documentation
See godoc
TODO
Many of the keyctl_* apis are not yet supported. Please read keyutils.go to see what APIs have been wrapped.
Documentation
¶
Overview ¶
keyutils provides libkeyutils bindings for Go.
To build, it requires libkeyutils binaries and headers, e.g.. apt-get install libkeyutils-dev
Index ¶
- Constants
- func Chown(key KeySerial, uid uint, gid uint) error
- func Clear(keyring KeySerial) error
- func Link(key KeySerial, keyRing KeySerial) error
- func ReadKey(key KeySerial) (string, error)
- func ReadKeyBytes(key KeySerial) ([]byte, error)
- func Revoke(key KeySerial) error
- func SetPerm(key KeySerial, mask KeyPerm) error
- func SetTimeout(key KeySerial, seconds uint) error
- func Unlink(key KeySerial, keyRing KeySerial) error
- type KeyDesc
- type KeyPerm
- type KeySerial
- func AddKey(keyType KeyType, desc string, data string, keyring KeySerial) (KeySerial, error)
- func AddKeyBytes(keyType KeyType, desc string, data []byte, keyring KeySerial) (KeySerial, error)
- func NewKeyRing(desc string, parentRing KeySerial) (KeySerial, error)
- func RequestKey(keyType KeyType, desc string, keyring KeySerial) (KeySerial, error)
- type KeyType
Constants ¶
const ( KEY_SPEC_THREAD_KEYRING KeySerial = KeySerial(C.KEY_SPEC_THREAD_KEYRING) KEY_SPEC_USER_KEYRING = KeySerial(C.KEY_SPEC_USER_KEYRING) KEY_SPEC_PROCESS_KEYRING = KeySerial(C.KEY_SPEC_PROCESS_KEYRING) KEY_SPEC_SESSION_KEYRING = KeySerial(C.KEY_SPEC_SESSION_KEYRING) KEY_SPEC_USER_SESSION_KEYRING = KeySerial(C.KEY_SPEC_USER_SESSION_KEYRING) )
const ( KEY_POS_VIEW = KeyPerm(C.KEY_POS_VIEW) KEY_POS_READ = KeyPerm(C.KEY_POS_READ) KEY_POS_WRITE = KeyPerm(C.KEY_POS_WRITE) KEY_POS_SEARCH = KeyPerm(C.KEY_POS_SEARCH) KEY_POS_LINK = KeyPerm(C.KEY_POS_LINK) KEY_POS_SETATTR = KeyPerm(C.KEY_POS_SETATTR) KEY_POS_ALL = KeyPerm(C.KEY_POS_ALL) KEY_USR_VIEW = KeyPerm(C.KEY_USR_VIEW) KEY_USR_READ = KeyPerm(C.KEY_USR_READ) KEY_USR_WRITE = KeyPerm(C.KEY_USR_WRITE) KEY_USR_SEARCH = KeyPerm(C.KEY_USR_SEARCH) KEY_USR_LINK = KeyPerm(C.KEY_USR_LINK) KEY_USR_SETATTR = KeyPerm(C.KEY_USR_SETATTR) KEY_USR_ALL = KeyPerm(C.KEY_USR_ALL) KEY_GRP_VIEW = KeyPerm(C.KEY_GRP_VIEW) KEY_GRP_READ = KeyPerm(C.KEY_GRP_READ) KEY_GRP_WRITE = KeyPerm(C.KEY_GRP_WRITE) KEY_GRP_SEARCH = KeyPerm(C.KEY_GRP_SEARCH) KEY_GRP_LINK = KeyPerm(C.KEY_GRP_LINK) KEY_GRP_SETATTR = KeyPerm(C.KEY_GRP_SETATTR) KEY_GRP_ALL = KeyPerm(C.KEY_GRP_ALL) KEY_OTH_VIEW = KeyPerm(C.KEY_OTH_VIEW) KEY_OTH_READ = KeyPerm(C.KEY_OTH_READ) KEY_OTH_WRITE = KeyPerm(C.KEY_OTH_WRITE) KEY_OTH_SEARCH = KeyPerm(C.KEY_OTH_SEARCH) KEY_OTH_LINK = KeyPerm(C.KEY_OTH_LINK) KEY_OTH_SETATTR = KeyPerm(C.KEY_OTH_SETATTR) KEY_OTH_ALL = KeyPerm(C.KEY_OTH_ALL) )
Variables ¶
This section is empty.
Functions ¶
func Chown ¶
Chown wraps keyctl_chown(3) to change ownership of the key.
See: http://man7.org/linux/man-pages/man3/keyctl_chown.3.html
func ReadKey ¶
ReadKey() is a wrapper for ReadKeyBytes() that reads a key with the given serial #, and converts whatever is in the output buffer to a string value.
func ReadKeyBytes ¶
ReadKeyBytes() reads a key with the given serial # using keyctl_read_alloc(3), and returns the bytes read.
func Revoke ¶
Revoke() will call keyctl_revoke(3) to revoke a key.
See: http://man7.org/linux/man-pages/man3/keyctl_revoke.3.html
func SetPerm ¶
SetPerm() will call keyctl_setperm(3) to set permissions on a key. mask is a bitwise `or` value of KeyPerm values, e.g. KEY_USR_VIEW | KEY_USR_READ
See: http://man7.org/linux/man-pages/man3/keyctl_setperm.3.html
func SetTimeout ¶
SetTimeout() will call keyctl_set_timeout(3) to set a `seconds` timeout on a key.
See: http://man7.org/linux/man-pages/man3/keyctl_set_timeout.3.html
Types ¶
type KeyDesc ¶
type KeyDesc struct {
Serial KeySerial
Type KeyType
Uid uint
Gid uint
Permissions uint
Description string
}
func DescribeKey ¶
DescribeKey() wraps keyctl_describe_alloc() to describe a key
func ListKeysInKeyRing ¶
ListKeysInKeyRing() will list all keys in keyring, returning a `KeyDesc` for each.
type KeySerial ¶
type KeySerial int32
func AddKey ¶
AddKey is a helper for AddKeyBytes() that accepts a data string instead of a byte array.
func NewKeyRing ¶
NewKeyRing() creates a keyring with description `desc` under the parent keyring `parentRing`
Source Files
Directories