The CryptImportKey function is used to transfer a cryptographic key from a key blob to the CSP.
#include <wincrypt.h>
BOOL WINAPI CryptImportKey(
HCRYPTPROV hProv, // in
BYTE *pbData, // in
DWORD dwDataLen, // in
HCRYPTKEY hPubKey, // in
DWORD dwFlags, // in
HCRYPTKEY *phKey // out
);
This key blob consists of a standard header followed by the encrypted key.
If a signed key blob is being imported, this key is used to validate the signature of the key blob. In this case, this parameter should contain a handle to the key exchange public key of the party that created the key blob.
If the key blob is encrypted with the key exchange key pair (for example, a SIMPLEBLOB), then this parameter may be the handle to the key exchange key.
If the key blob is encrypted with a session key (for example, an encrypted PRIVATEKEYBLOB), then this parameter should contain a handle to this session key.
If the key blob is not encrypted (for example, a PUBLICKEYBLOB), then this parameter is not used, and should be zero.
CRYPT_NO_SALT. Specifies that a no-salt value gets allocated for a 40-bit symmetric key. For more information, see Microsoft Cryptographic Providers—Release Notes.
If the function succeeds, the return value is TRUE. If it fails, the return value is FALSE. To retrieve extended error information, use the GetLastError function.
The following table lists the error codes most commonly returned by the GetLastError function. The error codes prefaced by "NTE" are generated by the particular CSP you are using.
| Error code | Description |
|---|---|
| ERROR_INVALID_HANDLE | One of the parameters specifies an invalid handle. |
| ERROR_INVALID_PARAMETER | One of the parameters contains an invalid value. This is most often an illegal pointer. |
| NTE_BAD_ALGID | The simple key blob you are trying to import is not encrypted with the expected key exchange algorithm. |
| NTE_BAD_DATA | Either the algorithm that works with the public key you are trying to import is not supported by this CSP, or an attempt was made to import a session key that was encrypted with something other than one of YOUR public keys. |
| NTE_BAD_FLAGS | The dwFlags parameter is nonzero. |
| NTE_BAD_TYPE | The key blob type is not supported by this CSP and is possibly invalid. |
| NTE_BAD_UID | The hProv parameter does not contain a valid context handle. |
| NTE_BAD_VER | The key blob's version number does not match the CSP version. This usually indicates that the CSP needs to be upgraded. |
#include <wincrypt.h>
FILE *hSourceFile = NULL;
HCRYPTPROV hProv = 0;
HCRYPTKEY hKey = 0;
BYTE *pbKeyBlob = NULL;
DWORD dwBlobLen;
// Open the file, getting the file handle 'hSourceFile'.
...
// Get a handle to the default provider.
if(!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0)) {
printf("Error %x during CryptAcquireContext!\n", GetLastError());
goto done;
}
// Read the key blob length from the file and allocate memory.
fread(&dwBlobLen, sizeof(DWORD), 1, hSourceFile);
pbKeyBlob = malloc(dwBlobLen);
// Read the key blob from the file.
fread(pbKeyBlob, 1, dwBlobLen, hSourceFile);
// Import the key blob into the CSP.
if(!CryptImportKey(hProv, pbKeyBlob, dwBlobLen, 0, 0, &hKey)) {
printf("Error %x during CryptImportKey!\n", GetLastError());
free(pbKeyBlob);
goto done;
}
// Free memory.
free(pbKeyBlob);
// Use 'hKey' to perform cryptographic operations.
...
done:
// Destroy the session key.
if(hKey) CryptDestroyKey(hKey);
// Release the provider handle.
if(hProv) CryptReleaseContext(hProv, 0);
Another example is located in Sender Code Example.
Windows NT: Requires version 4.0 or later.
Windows: Requires Windows 95 OSR2 or later (or Windows 95 with IE 3.02 or later).
Windows CE: Unsupported.
Header: Declared in wincrypt.h.
Import Library: Use advapi32.lib.
CryptAcquireContext, CryptDestroyKey, CryptExportKey