To do anything with the file system, you must have a key. Keys are used to read and write files, open files, get information about files, scan directories, rename files, identify current directories, etc. Getting the first key can take some time because the user must be authenticated, but all subsequent keys are then ready to obtain and use.
A key is a non-persistent capability returned when opening a file object. However, some keys do not refer to file system objects, such as a Root key obtained from calling zRootKey. These types of keys cannot be identified by the value. The type of object a key refers to affects what operations can be performed on it.
Keys replace the traditional handles like file handles, context handles, and search maps. Keys also combine these roles with the role of the connection ID. Keys are not restricted to point to any particular NSS object but can point to any resource NSS chooses. The user must know what type of operations are allowed for the key requested. For example, if you have opened a file in Read-Only mode, write operations are denied. If you open a directory (or a file with extended attributes or multiple data streams), the directory can be scanned using the key with zWildRead. The underlying data structures keep track of the current location in the directory. If an illegal operation for a particular key is attempted, the functions return an error. When the key is destroyed by calling zClose or some system operation, the resources associated with that key are released. A key can be destroyed by the owner (the client) of the key or the creator of the key (the file system—to force freeing resources).
A key is a 64-bit random number that hashes to a door, which points to a file handle structure that can represent an open file or a directory with a search map for enumerating the directory, a context for beginning a pathname lookup, or all of the above. When a file is forcibly closed by the system, the door can still exist but is now broken and cannot be used for further operations, which makes local and remote operations look the same.