On Wed, May 27, 2020 at 06:04:57PM +0000, Johannes Thumshirn wrote: > On 27/05/2020 15:25, David Sterba wrote: > > The key for all userspace commands needs to be specified the same way as > > for kernel, ie. "--auth-key btrfs:foo" and use the appropriate ioctls to > > read the key bytes. > > Up to now I haven't been able to add a key to the kernel's keyring which > can be read back to user-space. I was researching a possibility to use libkcapi, the API to use kernel crypto implementaion, in order to avoid passing the raw key to userspace completely. Basically, setting up what hash and key to use, pass the buffer and get back the hash. API-wise it's just one more line to specify the key -- by the numerical id. But no such interface is there, only the raw bytes translating the request to the .setkey callback.
