The protocol engine's client-side code is typically:
HCRYPTPROV hProv = <protocol engine's key container>;
HCRYPTKEY hPublicKey = <server's public key>;
HCRYPTKEY hMasterKey;
ALG_ID Algid;
DWORD dwFlags;
BYTE rgbBlob[<max blob size>];
DWORD cbBlob;
// Select the master key type.
switch(<protocol being used>)
{
case <PCT 1.0>:
Algid = CALG_PCT1_MASTER;
dwFlags = 0;
break;
case <SSL 2.0>:
Algid = CALG_SSL2_MASTER;
if(<we support SSL3>)
dwFlags = CRYPT_SSL2_FALLBACK;
else
dwFlags = 0;
break;
case <SSL 3.0>:
Algid = CALG_SSL3_MASTER;
dwFlags = 0;
break;
case <TLS 1.0>:
Algid = CALG_TLS1_MASTER;
dwFlags = 0;
break;
}
// Generate the master key.
CryptGenKey(hProv, Algid, CRYPT_EXPORTABLE, &hMasterKey);
// Encrypt the master key.
cbBlob = sizeof(rgbBlob);
CryptExportKey(hMasterKey, hPublicKey, SIMPLEBLOB,
dwFlags, rgbBlob, &cbBlob);