The CryptAcquireContext function is used to acquire a handle to a particular key container within a particular CSP. This returned handle can then be used to make calls to the selected CSP.
This function performs two operations. It first attempts to find a CSP with the characteristics described in the dwProvType and pszProvider parameters. If the CSP is found, then the function attempts to find a key container within the CSP matching the name specified by the pszContainer parameter.
This function can also be used to create and destroy key containers, depending on the value of the dwFlags parameter.
#include <wincrypt.h>
BOOL WINAPI CryptAcquireContext(
HCRYPTPROV *phProv, // out
LPCTSTR pszContainer, // in
LPCTSTR pszProvider, // in
DWORD dwProvType, // in
DWORD dwFlags // in
);
If this parameter is NULL, then a default key container name will be used. For example, if the Microsoft Base Cryptographic Provider is being used, then the current user's logon name will be used as the name of the key container. Other CSPs may also have default key containers that can be acquired in this way.
An application can obtain the name of the acquired key container at a later time by reading the PP_CONTAINER CSP parameter with the CryptGetProvParam function.
If this parameter is NULL then the user default provider is used. For more details, see Connecting to a Cryptographic Service Provider.
An application can obtain the name of the acquired CSP at a later time by reading the PP_NAME CSP parameter with the CryptGetProvParam function.
This option is intended to be used with applications that will not be using private keys.
When CryptAcquireContext is called, many CSPs will require input from the owning user before granting access to the private keys in the key container. For example, the private keys may be encrypted, requiring a password from the user before they can be used. However, if the CRYPT_VERIFYCONTEXT flag is specified, access to the private keys is not required and the user interface can be bypassed.
Note When key containers are created, most CSPs will not automatically create any public/private key pairs. These keys must be created as a separate step with the CryptGenKey function.
When the CRYPT_DELETEKEYSET flag is set, the value returned in phProv is undefined and, thus, the CryptReleaseContext function need not be called afterwards.
If the function succeeds, the return value is TRUE. If it does not succeed, the return value is FALSE. To retrieve extended error information, use the GetLastError function.
The following table lists the error codes most commonly returned by the GetLastError function.
Error code | Description |
---|---|
ERROR_INVALID_PARAMETER | One of the parameters contains an invalid value. This is most often an illegal pointer. |
ERROR_NOT_ENOUGH_MEMORY | The operating system ran out of memory during the operation. |
NTE_BAD_FLAGS | The dwFlags parameter has an illegal value. |
NTE_BAD_KEYSET | The registry entry for the key container could not be opened and may not exist. |
NTE_BAD_KEYSET_PARAM | The pszContainer or pszProvider parameter is set to an illegal value. |
NTE_BAD_PROV_TYPE | The value of the dwProvType parameter is out of range. All provider types must be from 1 to 999, inclusive. |
NTE_BAD_SIGNATURE | The provider DLL signature could not be verified. Either the DLL or the digital signature has been tampered with. |
NTE_EXISTS | The dwFlags parameter is CRYPT_NEWKEYSET, but the key container already exists. |
NTE_KEYSET_ENTRY_BAD | The registry entry for the pszContainer key container was found (in the HKEY_CURRENT_USER window), but is corrupt. See System Administration for details about the CryptoAPI registry usage. |
NTE_KEYSET_NOT_DEF | No registry entry exists in the HKEY_CURRENT_USER window for the key container specified by pszContainer. |
NTE_NO_MEMORY | The CSP ran out of memory during the operation. |
NTE_PROV_DLL_NOT_FOUND | The provider DLL file does not exist or is not on the current path. |
NTE_PROV_TYPE_ENTRY_BAD | The registry entry for the provider type specified by dwProvType is corrupt. This error may relate to either the user default CSP list or the machine default CSP list. See System Administration for details about the CryptoAPI registry usage. |
NTE_PROV_TYPE_NO_MATCH | The provider type specified by dwProvType does not match the provider type found in the registry. Note that this error can only occur when pszProvider specifies an actual CSP name. |
NTE_PROV_TYPE_NOT_DEF | No registry entry exists for the provider type specified by dwProvType. |
NTE_PROVIDER_DLL_FAIL | The provider DLL file could not be loaded, and may not exist. If it exists, then the file is not a valid DLL. |
NTE_SIGNATURE_FILE_BAD | An error occurred while loading the DLL file image, prior to verifying its signature. |
#include <wincrypt.h>
HCRYPTPROV hProv = 0;
BYTE pbData[1000];
DWORD cbData;
// Get a handle to the default PROV_RSA_FULL provider.
if(!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0)) {
printf("Error %x during CryptAcquireContext!\n", GetLastError());
return;
}
// Read the name of the default CSP.
cbData = 1000;
if(!CryptGetProvParam(hProv, PP_NAME, pbData, &cbData, 0)) {
printf("Error %x reading CSP name!\n", GetLastError());
return;
}
printf("Provider name: %s\n", pbData);
// Read the name of the default key container.
cbData = 1000;
if(!CryptGetProvParam(hProv, PP_CONTAINER, pbData, &cbData, 0)) {
printf("Error %x reading key container name!\n", GetLastError());
return;
}
printf("Key Container name: %s\n", pbData);
// Perform cryptographic operations.
...
// Release the provider handle.
if(!CryptReleaseContext(hProv, 0)) {
printf("Error %x during CryptReleaseContext!\n", GetLastError());
return;
}
// ****************************************************************
// Get a handle to the Microsoft Base Cryptographic Provider and the
// "KC1" key container.
if(!CryptAcquireContext(&hProv, TEXT("KC1"), MS_DEF_PROV,
PROV_RSA_FULL, 0)) {
printf("Error %x during CryptAcquireContext!\n", GetLastError());
return;
}
// Perform cryptographic operations.
...
// Release the provider handle.
if(!CryptReleaseContext(hProv, 0)) {
printf("Error %x during CryptReleaseContext!\n", GetLastError());
return;
}
// ****************************************************************
// Get a handle to the default provider. Create a new key container
// named "KC2". Note that this key container will be empty until keys
// are explicitly created with the CryptGenKey function.
lstrcpy(szProv, );
lstrcpy(szContainer, );
if(!CryptAcquireContext(&hProv, TEXT("KC2"), NULL, PROV_RSA_FULL,
CRYPT_NEWKEYSET)) {
printf("Error %x during CryptAcquireContext!\n", GetLastError());
return;
}
// Perform cryptographic operations.
...
// Release the provider handle.
if(!CryptReleaseContext(hProv, 0)) {
printf("Error %x during CryptReleaseContext!\n", GetLastError());
return;
}
For more examples, see Hashed Message Example Code, Enveloped Message Example 1, Enveloped Message Example 2, Sender Code Example, and Example Code Using CryptEncryptMessage.
Windows NT: Requires version 4.0 or later.
Windows: Requires Windows 95 OSR2 or later (or Windows 95 with IE 3.02 or later).
Windows CE: Unsupported.
Header: Declared in wincrypt.h.
Import Library: Use advapi32.lib.
Unicode: Defined as Unicode and ANSI prototypes.
CryptGenKey, CryptGetProvParam, CryptReleaseContext