CPExportKey

The CPExportKey function is used to export cryptographic keys out of the CSP in a secure manner.

BOOL CPExportKey(
  HCRYPTPROV hProv,  // in
  HCRYPTKEY hKey,    // in
  HCRYPTKEY hExpKey, // in
  DWORD dwBlobType,  // in
  DWORD dwFlags,     // in
  BYTE *pbData,      // out
  DWORD *pdwDataLen  // in, out
);

Parameters

hProv

Handle to a particular key container (or "context") within the CSP. This handle is obtained via a call to CPAcquireContext.

hKey

Handle to the key to be exported.

hExpKey

Handle to a cryptographic key belonging to the destination user. The key data within the key blob created is encrypted using this key. This ensures that only the destination user will be able to make use of the key blob.

Most often, this will be the key exchange public key of the destination user. Certain protocols, however, require that a session key belonging to the destination user be used for this purpose.

If the key blob is not to be encrypted (for example, the key blob type is PUBLICKEYBLOB), then this parameter is unused, and should be zero.

dwBlobType

Type of key blob to be exported. The following three key blob types are currently defined:

SIMPLEBLOB—used to transport session keys
PUBLICKEYBLOB—used to transport public keys
PRIVATEKEYBLOB—used to transport public/private key pairs

Additional key blob types will be defined as needed.

dwFlags

Flag values. No flags are currently defined.

pbData

Buffer into which the function places the key blob.

If this parameter is NULL, then no data should be copied. Instead, the required buffer size (in bytes) should be returned in pdwDataLen. This is not an error.

pdwDataLen

Address of the key blob length. Upon function entry, this contains the number of bytes in the pbData buffer. Upon exit, this must be set to the number of bytes of data copied to the pbData buffer.

If the buffer specified by pbData is not large enough to hold the key blob data, the ERROR_MORE_DATA error code should be returned via the SetLastError function. In this case, the required buffer size must be returned in pdwDataLen.

If this function fails with any error code other than ERROR_MORE_DATA, zero should be returned in this parameter.

Return Values

If the function succeeds, TRUE should be returned; otherwise, return FALSE. When FALSE is returned, the appropriate error code (see the following table) must be set via SetLastError.

Error	Description
ERROR_MORE_DATA	The pbData buffer is not large enough to hold the requested data.
NTE_BAD_FLAGS	The dwFlags parameter contains an invalid value.
NTE_BAD_KEY	One or both of the keys specified by hKey and hExpKey are invalid.
NTE_BAD_KEY_STATE	You do not have permission to export the key. That is, when the hKey key was created, the CRYPT_EXPORTABLE flag was not specified.
NTE_BAD_PUBLIC_KEY	The key blob type specified by dwBlobType is PUBLICKEYBLOB but hExpKey does not contain a public key handle.
NTE_BAD_TYPE	The dwBlobType parameter specifies an unknown blob type.
NTE_BAD_UID	The CSP context that was specified when the hKey key was created cannot now be found.
NTE_NO_KEY	A session key is being exported and the hExpKey parameter does not specify a public key.

CPExportKey

Parameters

Return Values

See Also