CryptEncrypt
[New
- Windows NT]
[New
- Windows 95, OEM Service Release 2]
The CryptEncrypt
function is used to encrypt data. The algorithm used to encrypt the data is
designated by the key held by the CSP module, which is referenced by the hKey
parameter.
BOOL
CRYPTFUNC CryptEncrypt(
|
HCRYPTKEY hKey, |
|
|
HCRYPTHASH
hHash, |
|
|
BOOL Final, |
|
|
DWORD dwFlags, |
|
|
BYTE *pbData, |
|
|
DWORD *pdwDataLen, |
|
|
DWORD dwBufLen |
|
|
); |
|
Parameters
hKey
[in] A handle
to the key to use for the encryption. An application obtains this handle by
using either the CryptGenKey
or the CryptImportKey
function.
This key
specifies the encryption algorithm that is used.
hHash
[in] A handle
to a hash object. This parameter is used only if a hash of the data is to be
computed at the same time the encryption is being performed. See the Remarks
section for more information.
If no hash is
to be done, this parameter must be zero.
Final
[in] The
Boolean value that specifies whether this is the last section in a series being
encrypted. This should be TRUE if this is the last or only block, and FALSE if
it is not. See the Remarks section for more information.
dwFlags
[in] The flag
values. This parameter is reserved for future use and should always be zero.
pbData
[in/out] The
buffer holding the data to be encrypted. Once the encryption has been
performed, the encrypted data is placed back in this same buffer.
The size of
this buffer is specified by dwBufLen. The number of bytes of data to be
encrypted is specified by pdwDataLen.
This
parameter can be NULL if all you are doing is determining the number of bytes
required for the returned data.
pdwDataLen
[in/out] The
address of the data length. Before calling this function, the caller should set
this parameter to the number of bytes to be encrypted. Upon return, this
address will contain the number of bytes of encrypted data.
If the buffer
specified by pbData is not large enough to hold the data, the function
returns the ERROR_MORE_DATA error code (through GetLastError) and stores the required
buffer size, in bytes, into the variable pointed to by pdwDataLen.
If pbData
is NULL, then no error is returned, and the function stores the size of the
data, in bytes, in the variable pointed to be pdwDataLen. This lets an
application determine the correct buffer size unambiguously.
When a block
cipher is used, this data length must be a multiple of the block size, unless
this is the final section of data to be encrypted and the Final flag is
TRUE.
dwBufLen
[in] The
number of bytes in the pbData buffer.
Note that,
depending on the algorithm used, the encrypted text can be slightly larger than
the original plaintext. In this case, the pbData buffer needs to be
sized accordingly.
As a rule, if
a stream cipher is used the ciphertext will be the same size as the plaintext.
If a block cipher is used, the ciphertext will be up to a block length larger
than the plaintext.
Remarks
If data is to
be hashed and encrypted simultaneously, a handle to a hash object can be passed
in the hHash parameter. The hash value will be updated with the
plaintext passed in. This option is useful when generating signed and encrypted
text.
Prior to
calling CryptEncrypt, the application should obtain a handle to the hash
object by calling the CryptCreateHash function. Once the encryption is complete, the
hash value can be obtained through the CryptGetHashParam function or the hash can
be signed using the CryptSignHash function.
When a large
amount of data needs to be encrypted, it can be done in sections. This is done
by calling CryptEncrypt repeatedly. The Final parameter should be
set to TRUE only on the last invocation of CryptEncrypt, so the
encryption engine can properly finish the encryption process. The following
extra actions are performed when Final is TRUE:
If the key is a block cipher
key, the data will be padded to a multiple of the block size of the cipher. To
find the block size of a cipher, use CryptGetKeyParam to get the
KP_BLOCKLEN parameter of the key.
If the cipher is operating in a
chaining mode, the next CryptEncrypt operation will reset the cipher s
feedback register to the KP_IV value of the key.
If the cipher is a stream
cipher, the next CryptEncrypt will reset the cipher to its initial
state.
Return Values
If the
function succeeds, the return value is nonzero.
If the
function fails, the return value is zero. To retrieve extended error
information, use the GetLastError function.
The following
table lists the error codes most commonly returned by the GetLastError
function. The error codes prefaced by NTE are generated by the particular CSP
you are using.
|
Error |
Description |
|
ERROR_INVALID_HANDLE |
One of the
parameters specifies an invalid handle. |
|
ERROR_INVALID_PARAMETER |
One of the
parameters contains an invalid value. This is most often an illegal pointer. |
|
NTE_BAD_ALGID |
The hKey
session key specifies an algorithm that this CSP does not support. |
|
NTE_BAD_DATA |
The data to
be encrypted is invalid. For example, when a block cipher is used and the Final
flag is FALSE, the value specified by pdwDataLen must be a multiple of
the block size. |
|
NTE_BAD_FLAGS |
The dwFlags
parameter is nonzero. |
|
NTE_BAD_HASH |
The hHash
parameter contains an invalid handle. |
|
NTE_BAD_KEY |
The hKey
parameter does not contain a valid handle to a key. |
|
NTE_BAD_LEN |
The size of
the output buffer is too small to hold the generated ciphertext. |
|
NTE_BAD_UID |
The CSP
context that was specified when the key was created cannot be found. |
|
NTE_DOUBLE_ENCRYPT |
The
application attempted to encrypt the same data twice. |
|
NTE_FAIL |
The
function failed in some unexpected way. |
|
NTE_NO_MEMORY |
The CSP ran
out of memory during the operation. |
Example
See
Encryption Example in the section Encrypting and Decrypting Data.
See Also