CryptDecrypt
[New
- Windows NT]
[New
- Windows 95, OEM Service Release 2]
The CryptDecrypt
function is used to decrypt data that was previously encrypted via the CryptEncrypt function.
BOOL CRYPTFUNC CryptDecrypt(
|
HCRYPTKEY hKey, |
|
|
HCRYPTHASH hHash, |
|
|
BOOL Final, |
|
|
DWORD dwFlags, |
|
|
BYTE *pbData, |
|
|
DWORD *pdwDataLen |
|
|
); |
|
Parameters
hKey
[in] A handle
to the key to use for the decryption. An application obtains this handle by
using either the CryptGenKey
or CryptImportKey
function.
This key
specifies the decryption algorithm that is used.
hHash
[in] A handle
to a hash object. This parameter is only used if a hash of the data is to be
computed. See the Remarks section for more information.
If no hash is
to be done, this parameter must be zero.
Final
[in] The
Boolean value that specifies whether this is the last section in a series being
decrypted. This will be TRUE if this is the last or only block. If it is not,
then it will be FALSE. See the Remarks section for more information.
dwFlags
[in] The flag
values. This parameter is reserved for future use and should always be zero.
pbData
[in/out] The
buffer holding the data to be decrypted. Once that decryption has been
performed, the plaintext is placed back in this same buffer.
The number of
encrypted bytes in this buffer is specified by pdwDataLen.
pdwDataLen
[in/out] The
address of the data length. Before calling this function, the caller should set
this parameter to the number of bytes to be decrypted. Upon return, this
address will contain the number of bytes of plaintext generated.
When a block
cipher is used, this data length must be a multiple of the block size, unless
this is the final section of data to be decrypted and the Final flag is
TRUE.
Remarks
If data is to
be decrypted and hashed simultaneously, a handle to a hash object can be passed
in the hHash parameter. The hash value will be updated with the
decrypted plaintext. This option is useful when simultaneously decrypting and
verifying a signature.
Prior to
calling CryptDecrypt, the application should obtain a handle to the hash
object by calling the CryptCreateHash function. Once the decryption is complete, the
hash value can be obtained (through CryptGetHashParam) or it can be signed
(through CryptSignHash),
or it can be used to verify a digital signature (through CryptVerifySignature).
When a large
amount of data needs to be decrypted, it can be done in sections. This is done
by calling CryptDecrypt repeatedly. The Final parameter should be
set to TRUE only on the last invocation of CryptDecrypt, so the
decryption engine can properly finish the decryption process. The following
extra actions are performed when Final is TRUE:
If the key is a block cipher
key, the data will be padded to a multiple of the block size of the cipher. To
find the block size of a cipher, use CryptGetKeyParam to get the KP_BLOCKLEN
parameter of the key.
If the cipher is operating in a
chaining mode, the next CryptDecrypt operation will reset the cipher s
feedback register to the KP_IV value of the key.
If the cipher is a stream
cipher, the next CryptDecrypt call will reset the cipher to its initial
state.
Return Values
If the
function succeeds, the return value is nonzero.
If the
function fails, the return value is zero. To retrieve extended error
information, use the GetLastError function.
The following
table lists the error codes most commonly returned by the GetLastError
function. The error codes prefaced by NTE are generated by the particular CSP
you are using.
|
Error |
Description |
|
ERROR_INVALID_HANDLE |
One of the
parameters specifies an invalid handle. |
|
ERROR_INVALID_PARAMETER |
One of the
parameters contains an invalid value. This is most often an illegal pointer. |
|
NTE_BAD_ALGID |
The hKey
session key specifies an algorithm that this CSP does not support. |
|
NTE_BAD_DATA |
The data to
be decrypted is invalid. For example, when a block cipher is used and the Final
flag FALSE, the value specified by pdwDataLen must be a multiple of
the block size. This error can also be returned when the padding is found to
be invalid. |
|
NTE_BAD_FLAGS |
The dwFlags
parameter is nonzero. |
|
NTE_BAD_HASH |
The hHash
parameter contains an invalid handle. |
|
NTE_BAD_KEY |
The hKey
parameter does not contain a valid handle to a key. |
|
NTE_BAD_LEN |
The size of
the output buffer is too small to hold the generated plaintext. |
|
NTE_BAD_UID |
The CSP
context that was specified when the key was created cannot be found. |
|
NTE_DOUBLE_ENCRYPT |
The
application attempted to decrypt the same data twice. |
|
NTE_FAIL |
The
function failed in some unexpected way. |
Example
See
Decryption Example in the section Encrypting and Decrypting Data.
See Also