How to fix Linux / POSIX EKEYREVOKED Key Has Been Revoked?

Remove and recreate the key: Revoked keys are permanently unusable; delete and recreate them.

EKEYREVOKED

Linux / POSIXERRORNotableSecurityHIGH confidence

Key Has Been Revoked

Production Risk

Revoked keys cannot be recovered; recreate and re-provision.

What this means

EKEYREVOKED (errno 128) is returned when a key has been explicitly revoked. A revoked key cannot be used or renewed.

Why it happens

1keyctl revoke was called on the key
2Key revoked due to security policy violation

How to reproduce

Accessing a revoked key.

trigger — this will error

// After keyctl revoke <key-id>
key_serial_t key = request_key("user", "revoked-key", NULL, KEY_SPEC_SESSION_KEYRING);
// Returns -1, errno = EKEYREVOKED

expected output

request_key: Key has been revoked (EKEYREVOKED)

Fix

Remove and recreate the key

WHEN When EKEYREVOKED is returned

Remove and recreate the key

# Remove the revoked key
keyctl unlink <key-id> @u
# Create a fresh replacement
keyctl add user my-key "new-value" @u

Why this works

Revoked keys are permanently unusable; delete and recreate them.

Sources

Official documentation ↗

Linux Programmer Manual keyrings(7)

Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev

At a glance

PlatformLinux errno Codes

CodeEKEYREVOKED

ClassSecurity

SeverityERROR

TierNotable

ConfidenceHIGH

← All Linux / POSIX errors