Home
QNX Software Development Platform
QNX SDP is a cross-compiling and debugging environment, including an IDE and command-line tools, for building binary images and programs for target boards running the QNX OS 8.0.
Utilities & Libraries
C Library Reference
F
fs_crypto_domain_add_flags()
Create an encryption domain and unlock it if requested

QNX Momentics IDE User's Guide
This User's Guide describes version 8.0 of the Integrated Development Environment (IDE) that's part of the QNX Tool Suite.
QNX Software Development Platform
QNX SDP is a cross-compiling and debugging environment, including an IDE and command-line tools, for building binary images and programs for target boards running the QNX OS 8.0.
- Quickstart Guide
- System Architecture
  The System Architecture guide accompanies the QNX OS and is intended for both application developers and end-users.
- OS Components & Operations
- Graphics
- Programming
- System Security Guide
  The QNX System Security Guide is intended for both system integrators who are responsible for the security of a QNX OS system and developers who want to create a QNX OS resource manager free from vulnerabilities.
- Utilities & Libraries
  - C Library Reference
    - What's in a Function Description?
    - Manifests
    - Character Sets
    - A
    - B
    - C
    - D
    - E
    - F
      - fabs(), fabsf(), fabsl()
        Compute the absolute value of a double number
      - faccessat()
        Check if a file or directory at a given location can be accessed
      - fchdir()
        Change the working directory
      - fchecktrust()
        Determine if a file is trusted
      - fchmod()
        Change the permissions for a file
      - fchmodat()
        Change the permissions for a file at a given location
      - fchown()
        Change the user ID and group ID of a file
      - fchownat()
        Change the user ID and group ID of a file at a given location
      - fclose()
        Close a stream
      - fcloseall()
        Close all open stream files
      - fcntl()
        Provide control over an open file
      - fdatasync()
        Synchronize file data
      - fdim(), fdimf(), fdiml()
        Compute the positive difference between two floating-point numbers
      - fdistrusted()
        Determine if a file is trusted
      - fdopen()
        Associate a stream with a file descriptor
      - fdopendir()
        Open the directory associated with a file descriptor
      - feclearexcept()
        Clear the specified floating-point status flags
      - fedisableexcept()
        Mask the specified floating-point exceptions
      - feenableexcept()
        Unmask the specified floating-point exceptions
      - fegetenv()
        Get the current floating-point environment
      - fegetexceptflag()
        Get the states of the specified floating-point status flags
      - fegetprec()
        Get the floating-point precision
      - fegetround()
        Get the current floating-point rounding direction
      - feholdexcept()
        Save the floating-point environment, clear all flags, and ignore future errors
      - feof()
        Test a stream's end-of-file flag
      - feraiseexcept()
        Raise the specified floating-point exceptions
      - ferror()
        Test a stream's error flag
      - fesetenv()
        Set the current floating-point environment
      - fesetexceptflag()
        Set the states of the specified floating-point status flags
      - fesetprec()
        Set the floating-point precision
      - fesetround()
        Set the floating-point rounding direction
      - fetestexcept()
        Determine which of the specified floating-point status flags are set
      - feupdateenv()
        Restore the floating-point environment and raise any previously raised exceptions
      - fflush()
        Flush the buffers for a stream
      - ffs(), ffsl(), ffsll()
        Find the first bit that's set in a bit string
      - fgetc()
        Read a character from a stream
      - fgetpos()
        Get the current position of a stream
      - fgets()
        Read a string from a stream
      - fgetspent()
        Get an entry from the shadow password database
      - fgetwc()
        Read a wide character from a stream
      - fgetws()
        Read a string of wide characters from a stream
      - fileno()
        Return the file descriptor for a stream
      - flock()
        Apply or remove an advisory lock on an open file
      - flockfile()
        Acquire ownership of a file
      - floor(), floorf(), floorl()
        Round down a value to the next integer
      - fls(), flsl(), flsll()
        Find the last bit that's set in a bit string
      - fma(), fmaf(), fmal()
        Multiply two floating-point numbers and then add a third number
      - fmax(), fmaxf(), fmaxl()
        Determine the maximum of two floating-point numbers
      - fmin(), fminf(), fminl()
        Determine the minimum of two floating-point numbers
      - fmod(), fmodf(), fmodl()
        Compute a residue, using floating-point modular arithmetic
      - fnmatch(), _fnmatchv()
        Check to see if a file or path name matches a pattern
      - fopen(), fopen64()
        Open a file stream
      - fork()
        Create a new process
      - forkpty()
        Create a new process operating in a pseudo-tty
      - forksafe_mutex_destroy()
        Destroy a forksafe mutex
      - forksafe_mutex_init()
        Initialize a forksafe mutex
      - forksafe_mutex_lock()
        Lock a forksafe mutex
      - forksafe_mutex_trylock()
        Attempt to lock a forksafe mutex
      - forksafe_mutex_unlock()
        Unlock a forksafe mutex
      - fpathconf()
        Return the value of a configurable limit associated with a file
      - fpclassify()
        Categorize a floating-point number
      - fprintf()
        Write output to a stream
      - fputc()
        Write a character to a stream
      - fputs()
        Write a string to an output stream
      - fputwc()
        Write a wide character to a stream
      - fputws()
        Write a wide-character string to an output stream
      - fread()
        Read elements of a given size from a stream
      - free()
        Deallocate a block of memory
      - freopen(), freopen64()
        Reopen a stream
      - frexp(), frexpf(), frexpl()
        Break a floating-point number into a normalized fraction and an integral power of 2
      - fs_crypto_check()
        Determine if the underlying filesystem supports encryption
      - fs_crypto_domain_add()
        Create a domain
      - fs_crypto_domain_add_flags()
        Create an encryption domain and unlock it if requested
      - fs_crypto_domain_hard_lock()
        Lock a domain
      - fs_crypto_domain_key_change()
        Change the key needed to unlock the specified domain
      - fs_crypto_domain_key_check()
        Determine if a given domain key is valid
      - fs_crypto_domain_key_size()
        Return the size of keys needed by the filesystem encryption
      - fs_crypto_domain_lock()
        Lock a domain
      - fs_crypto_domain_query()
        Get status information for a domain
      - fs_crypto_domain_remove()
        Destroy a domain
      - fs_crypto_domain_unlock()
        Unlock a domain
      - fs_crypto_domain_whitelist_configure()
        Perform whitelist configuration for a domain whitelist
      - fs_crypto_domain_whitelist_ctrl()
        Perform a control action for a domain whitelist
      - fs_crypto_domain_whitelist_ctrl_access_grant()
        Grant a client access to a domain
      - fs_crypto_domain_whitelist_ctrl_access_revoke()
        Revoke a client's access to a domain
      - fs_crypto_domain_whitelist_get_flags()
        Get the flags for a domain whitelist
      - fs_crypto_domain_whitelist_set_flags()
        Perform whitelist configuration for a domain whitelist
      - fs_crypto_enable()
        Enable encryption support on a filesystem
      - fs_crypto_enable_option()
        Enable encryption support on a filesystem
      - fs_crypto_file_get_domain()
        Get the domain of a file or directory
      - fs_crypto_file_set_domain()
        Set the domain of a file or directory
      - fs_crypto_key_gen()
        Generate an encryption key from a password
      - fs_crypto_migrate_control()
        Control encryption migration within the filesystem
      - fs_crypto_migrate_path()
        Mark an entire directory for migration into an encryption domain
      - fs_crypto_migrate_status()
        Get the status of migration in the filesystem
      - fs_crypto_migrate_tag()
        Mark a file for migration into an encryption domain
      - fs_crypto_set_logging()
        Set the logging destination and verbosity
      - fscanf()
        Scan input from a stream
      - fseek(), fseeko(), fseeko64()
        Change the current position of a stream
      - fsetpos()
        Set the current position of a file
      - fstat(), fstat64()
        Get file information, given a file description
      - fstatat(), fstatat64()
        Get information about a file or directory
      - fstatvfs(), fstatvfs64()
        Get filesystem information, given a file descriptor
      - fsync()
        Synchronize the file state
      - ftell(), ftello(), ftello64()
        Return the current position of a stream
      - ftime()
        Get the current time
      - ftruncate(), ftruncate64()
        Truncate a file
      - ftrylockfile()
        Acquire ownership of a file, without blocking
      - ftw(), ftw64()
        Walk a file tree
      - funlockfile()
        Release ownership of a file
      - futime()
        Record the modification time for a file
      - futimens()
        Set the access and modification times for a file
      - fwide()
        Set and get the stream orientation
      - fwprintf()
        Write wide-character output to a stream
      - fwrite()
        Write elements to a file
      - fwscanf()
        Scan wide-character input from a stream
    - G
    - H
    - I
    - J
    - K
    - L
    - M
    - N
    - O
    - P
    - Q
    - R
    - S
    - T
    - U
    - V
    - W
    - X
    - Y
    - Z
    - Full Safety Information
    - Glossary
  - Devctl and Ioctl Commands
  - JSON Library Reference
  - PAM Reference
  - QNX Helpers Developer's Guide
    These libraries provide QNX helpers, including helpers that assist with logging, string conversion, and number and type sizes.
  - SPI Framework Technote
  - QNX Cryptography Library
    The QNX Cryptography Library (qcrypto) is a flexible cryptography framework that allows you to choose which cryptography provider responds to requests on a per-process basis.
  - QNX devcrypto Service
  - Utilities Reference
  - WPA Control Interface Reference
    This document provides a reference for the Wi-Fi Protected Access (WPA) control interface, which provides a C API for the WPA/IEEE 802.11i protocols in Wi-Fi client stations. Application developers who want to control WPA operations and get associated status and event data should read this reference.
- Migrating to QNX OS 8.0
QNX Software in the Cloud
QNX Software in the Cloud enables developers to use the QNX OS in the Amazon cloud environment.
QNX Toolkit for Visual Studio Code
This User's Guide describes the QNX^® Toolkit for Visual Studio Code. The guide introduces you to the QNX Toolkit by explaining the QNX development environment and how to build, run, and debug your QNX^® Operating System (OS) applications and systems.
QNX Hypervisor User's Guide
This User's Guide explains the QNX hypervisor architecture and provides instructions for installing and running a QNX Hypervisor system, changing system components and configuration, and using hypervisor features such as virtual devices (vdevs).
Typographical Conventions, Support, and Licensing
This section describes the typographical conventions used throughout the documentation, explains how to obtain technical support, and provides some information about licensing.

fs_crypto_domain_add_flags()

QNX SDP8.0C Library ReferenceAPIDeveloper

Create an encryption domain and unlock it if requested

Synopsis:

#include <fs_crypto_api.h>
#include <sys/fs_crypto.h>

int fs_crypto_domain_add_flags(
    const char *path,
    int domain,
    int type,
    int flags,
    int state,
    int length,
    const uint8_t bytes[],
    int *preply);

Arguments:

path

The path to the filesystem's mountpoint.

domain

The domain number to add (the domain must be unused).

type

The type of encryption to employ; one of the following (defined in <sys/fs_crypto.h>):

FS_CRYPTO_TYPE_NONE
FS_CRYPTO_TYPE_XTS — AES-256, in XTS mode
FS_CRYPTO_TYPE_CBC — AES-256, in CBC mode

flags

Flags for the new file and domain keys (defined in <sys/fs_crypto.h>). The only flag currently defined is:

FS_CRYPTO_ENABLE_SHA256_HMAC

state

The lock state for the new domain (1 is locked, 0 is unlocked).

length

The number of bytes available in the key array, bytes.

bytes

The binary representation of the key.

preply

A pointer to a location where the function can store additional success or error information.

Library:

libfscrypto

Use the -l fscrypto option to qcc to link against this library.

Description:

The fs_crypto_domain_add_flags() function creates the given domain/type if it doesn't already exist. The domain is created in either the unlocked or locked state, as desired.

Note:

In order to use filesystem encryption, download the Encrypted Filesystem package from the QNX Software Center.
You must be in the group that owns the filesystem's mountpoint in order to create a domain.

This function sets the variable pointed to by preply to one of the following values:

FS_CRYPTO_REPLY_COMPLETE: The domain was successfully created.
FS_CRYPTO_REPLY_ERRNO: See the error code.
FS_CRYPTO_REPLY_DOMAIN_EXISTS: The domain already exists.
FS_CRYPTO_REPLY_INVALID: The command wasn't completed successfully.
FS_CRYPTO_REPLY_READONLY: The filesystem is mounted read-only.
FS_CRYPTO_REPLY_UNKNOWN_TYPE: The type argument isn't a valid type of encryption.

Returns:

EOK: Success.
EINVAL: Invalid arguments.

This function can also return any of the errors indicated by devctl(), fs_crypto_domain_unlock(), malloc(), or open().

Classification:


Safety:
Cancellation point	Yes
Signal handler	No
Thread	Yes

Page updated: August 11, 2025