CryptImportKey
[New
- Windows NT]
[New
- Windows 95, OEM Service Release 2]
The CryptImportKey
function is used to transfer a cryptographic key from a key blob to the CSP.
BOOL
CRYPTFUNC CryptImportKey(
|
HCRYPTPROV
hProv, |
|
|
BYTE *pbData, |
|
|
DWORD dwDataLen, |
|
|
HCRYPTKEY hImpKey, |
|
|
DWORD dwFlags, |
|
|
HCRYPTKEY
*phKey |
|
|
); |
|
Parameters
hProv
[in] A handle
to the application s CSP. An application obtains this handle using the CryptAcquireContext function.
pbData
[in] The
buffer containing the key blob. This key blob was generated by the CryptExportKey function, either by this
same application or by another application running on a distant computer.
This key blob
consists of a standard header followed by the encrypted key.
dwDataLen
[in] The
length, in bytes, of the key blob.
hImpKey
[in] The
meaning of this parameter differs, depending on the CSP type and the type of
key blob being imported.
If the key
blob is not encrypted (for example, a PUBLICKEYBLOB) or if the key blob is
encrypted with the key exchange key pair (for example, a SIMPLEBLOB), then this
parameter is not used, and should be zero.
If a signed
key blob is being imported, this key is used to validate the signature of the
key blob. In this case, this parameter should contain a handle to the key
exchange public key of the party that created the key blob.
If the key
blob is encrypted with a session key (for example, an encrypted PRIVATEKEYBLOB),
then this parameter should contain a handle to this session key.
dwFlags
[in] The flag
values. This parameter is currently only used when a public/private key pair is
being imported into the CSP (in the form of a PRIVATEKEYBLOB). In this case, if
the CRYPT_EXPORTABLE flag is set then subsequent applications will be permitted
to export the private key back out of the CSP.
phKey
[out] The
address to which the function copies a handle to the key that was imported.
Return Values
If the
function succeeds, the return value is nonzero.
If the
function fails, the return value is zero. To retrieve extended error
information, use the GetLastError function.
The following
table lists the error codes most commonly returned by the GetLastError
function. The error codes prefaced by NTE are generated by the particular CSP
you are using.
|
Error |
Description |
|
ERROR_INVALID_HANDLE |
One of the
parameters specifies an invalid handle. |
|
ERROR_INVALID_PARAMETER |
One of the
parameters contains an invalid value. This is most often an illegal pointer. |
|
NTE_BAD_ALGID |
The simple
key blob you are trying to import is not encrypted with the expected key
exchange algorithm. |
|
NTE_BAD_DATA |
The
algorithm that works with the public key you are trying to import is not
supported by this CSP. |
|
NTE_BAD_FLAGS |
The dwFlags
parameter is nonzero. |
|
NTE_BAD_TYPE |
The key
blob type is not supported by this CSP and is possibly invalid. |
|
NTE_BAD_UID |
The hProv
parameter does not contain a valid context handle. |
|
NTE_BAD_VER |
The key
blob s version number does not match the CSP version. This usually indicates
that the CSP needs to be upgraded. |
Example
#include <wincrypt.h>
FILE *hSourceFile = NULL;
HCRYPTPROV hProv = 0;
HCRYPTKEY hKey = 0;
BYTE *pbKeyBlob = NULL;
DWORD dwBlobLen;
// Open file, getting file handle
hSourceFile .
...
// Get handle to the default provider.
if(!CryptAcquireContext(&hProv,
NULL, NULL, PROV_RSA_FULL, 0)) {
printf("Error %x during CryptAcquireContext!\n",
GetLastError());
goto done;
}
// Read key blob length from file and
allocate memory.
fread(&dwBlobLen, sizeof(DWORD), 1,
hSourceFile);
pbKeyBlob = malloc(dwBlobLen);
// Read key blob from file.
fread(pbKeyBlob, 1, dwBlobLen,
hSourceFile);
// Import key blob into CSP.
if(!CryptImportKey(hProv, pbKeyBlob,
dwBlobLen, 0, 0, &hKey)) {
printf("Error %x during CryptImportKey!\n", GetLastError());
free(pbKeyBlob);
goto done;
}
// Free memory.
free(pbKeyBlob);
// Use hKey to perform cryptographic
operations.
...
done:
// Destroy session key.
if(hKey) CryptDestroyKey(hKey);
// Release provider handle.
if(hProv) CryptReleaseContext(hProv, 0);
See Also