The CPImportKey function is used to transfer a cryptographic key from a key blob to the CSP.
BOOL CPImportKey(
HCRYPTPROV hProv, // in
CONST BYTE *pbData, // in
DWORD dwDataLen, // in
HCRYPTKEY hImpKey, // in
DWORD dwFlags, // in
HCRYPTKEY *phKey // out
);
This key blob consists of a standard header followed by the (often encrypted) key material.
If a signed key blob is being imported, the key is used to validate the signature of the key blob. In this case, this parameter should contain a handle to the key exchange public key of the party that created the key blob.
If the key blob is encrypted with the key exchange key pair (for example, a SIMPLEBLOB), then this parameter may be the handle to the key exchange key.
If the key blob is encrypted with a session key (as is often done by Fortezza CSPs, for example), then this parameter should contain a handle to this session key.
If the key blob is not encrypted (for example, a PUBLICKEYBLOB) , then this parameter is not used, and should be set to zero.
CRYPT_NO_SALT. Specifies that a no-salt value gets allocated for a 40-bit symmetric key. For more information, see Microsoft Cryptographic Providers—Release Notes.
If the function succeeds TRUE should be returned; otherwise, return FALSE. When FALSE is returned, the appropriate error code (see the following table) must be set via SetLastError.
| Error | Description |
|---|---|
| NTE_BAD_ALGID | The simple key blob being imported is not encrypted with the expected key exchange algorithm. The most likely cause of this error is incompatible CSPs. |
| NTE_BAD_DATA | The algorithm of the public key being imported is not supported by this CSP. |
| NTE_BAD_FLAGS | The dwFlags parameter is non-zero. |
| NTE_BAD_TYPE | The key blob type is not supported by this CSP and is possibly invalid. |
| NTE_BAD_UID | The hProv parameter does not contain a valid context handle. |
| NTE_BAD_VER | The key blob's version number indicates a key blob version that the CSP does not support. |
CPExportKey, CPGenKey, CryptImportKey