CryptExportKey
[New
- Windows NT]
[New
- Windows 95, OEM Service Release 2]
The CryptExportKey
function is used to export cryptographic keys out of a cryptographic service
provider in a secure manner.
A handle to
the key to be exported is passed into the function and the function returns a
key blob to the caller. This key blob can be sent over a nonsecure transport or
stored in a nonsecure storage location. The key blob is useless until the intended
recipient uses the CryptImportKey function on it, which will then import the key
into the recipient s CSP.
BOOL
CRYPTFUNC CryptExportKey(
|
HCRYPTKEY hKey, |
|
|
HCRYPTKEY hExpKey, |
|
|
DWORD dwBlobType, |
|
|
DWORD dwFlags, |
|
|
BYTE *pbData, |
|
|
DWORD *pdwDataLen |
|
|
); |
|
Parameters
hKey
[in] A handle
to the key to be exported.
hExpKey
[in] A handle
to a cryptographic key belonging to the destination user. The key data within
the key blob created is encrypted using this key. This ensures that only the
destination user will be able to make use of the key blob.
Most often,
this will be the key exchange public key of the destination user. However,
certain protocols require that a session key belonging to the destination user
be used for this purpose.
If the key
blob type specified by dwBlobType is PUBLICKEYBLOB, then this parameter
is unused and should be set to zero.
If the key
blob specified by dwBlobType is PRIVATEKEYBLOB, then this is typically a handle
to a session key that is to be used to encrypt the key blob. Some CSPs allow
this parameter to be zero, in which case the application should encrypt the
private key blob manually so as to protect it.
dwBlobType
[in] The type
of key blob to be exported. This must currently be one of the following
constants. These constants are discussed in the section Exchanging
Cryptographic Keys.
SIMPLEBLOB
PUBLICKEYBLOB
PRIVATEKEYBLOB
dwFlags
[in] The flag
values. This parameter is reserved for future use and should always be zero.
pbData
[out] The
buffer that the function places the key blob in. The required size for this
buffer can be determined by calling CryptExportKey with NULL for this
parameter.
As a rule,
SIMPLEBLOBs will be 256 bytes or less, PUBLICKEYBLOBs will be 1000 bytes or
less, and PRIVATEKEYBLOBS will be 5000 bytes or less.
pdwDataLen
[in/out] The
address of the key blob data length. Before calling this function, the caller
should set this parameter to the length, in bytes, of the pbData buffer.
Upon return, this address will contain the number of bytes taken up by the key
blob.
If the buffer
specified by pbData is not large enough to hold the data, the function
returns the ERROR_MORE_DATA error code (through GetLastError) and stores
the required buffer size, in bytes, into the variable pointed to by pdwDataLen.
If pbData
is NULL, then no error is returned and the function stores the size of the
data, in bytes, in the variable pointed to by pdwDataLen.
Return Values
If the
function succeeds, the return value is nonzero.
If the function
fails, the return value is zero. To retrieve extended error information, use
the GetLastError
function.
The following
table lists the error codes most commonly returned by the GetLastError
function. The error codes prefaced by NTE are generated by the particular CSP
you are using.
|
Error |
Description |
|
ERROR_INVALID_HANDLE |
One of the
parameters specifies an invalid handle. |
|
ERROR_INVALID_PARAMETER |
One of the
parameters contains an invalid value. This is most often an illegal pointer. |
|
NTE_BAD_FLAGS |
The dwFlags
parameter is nonzero. |
|
NTE_BAD_KEY |
One or both
of the keys specified by hKey and hExpKey are invalid. |
|
NTE_BAD_KEY_STATE |
You do not
have permission to export the key. That is, when the hKey key was
created, the CRYPT_EXPORTABLE flag was not specified. |
|
NTE_BAD_PUBLIC_KEY |
The key
blob type specified by dwBlobType is PUBLICKEYBLOB, but hExpKey
does not contain a public key handle. |
|
NTE_BAD_TYPE |
The dwBlobType
parameter specifies an unknown blob type. |
|
NTE_BAD_UID |
The CSP
context that was specified when the hKey key was created cannot be
found. |
|
NTE_NO_KEY |
A session
key is being exported and the hExpKey parameter does not specify a
public key. |
Example
#include <wincrypt.h>
HCRYPTPROV hProv; // Handle to CSP
HCRYPTKEY hKey; // Handle to session key
HCRYPTKEY hXchgKey; // Handle to receiver s exchange public key
BYTE *pbKeyBlob = NULL;
DWORD dwBlobLen;
...
// Determine size of key blob and allocate memory.
if(!CryptExportKey(hKey, hXchgKey, SIMPLEBLOB, 0,
NULL, &dwBlobLen)) {
printf("Error %x computing blob
length!\n", GetLastError());
...
}
if((pbKeyBlob = malloc(dwBlobLen)) == NULL) {
printf("Out of memory!\n");
...
}
// Export key into a simple key blob.
if(!CryptExportKey(hKey, hXchgKey, SIMPLEBLOB, 0,
pbKeyBlob, &dwBlobLen)) {
printf("Error %x during CryptExportKey!\n", GetLastError());
...
}
See Also