CryptDecryptMessage

The CryptDecryptMessage function decodes and decrypts a message.

#include <wincrypt.h>
BOOL WINAPI CryptDecryptMessage(
  PCRYPT_DECRYPT_MESSAGE_PARA pDecryptPara, // in
  const BYTE *pbEncryptedBlob,              // in
  DWORD cbEncryptedBlob,                    // in
  BYTE *pbDecrypted,                        // out, optional
  DWORD *pcbDecrypted,                      // in/out, optional
  PCCERT_CONTEXT *ppXchgCert                // out, optional
);

Parameters

pDecryptPara: Pointer to the decryption parameters. For details, see Simplified Message Data Structures.
pbEncryptedBlob: Pointer to the encoded and encrypted message that is to be decrypted.
cbEncryptedBlob: Size of the encoded and encrypted message, in bytes.
pbDecrypted: Optional parameter. Pointer to a buffer that receives the decrypted message.
This parameter can be NULL to set the size of this information for memory allocation purposes. For more information, see Common In/Out Parameter Conventions.
pcbDecrypted: Optional parameter. Pointer to a variable that specifies the size, in bytes, of the buffer pointed to by the pbDecrypted parameter. When the function returns, this variable contains the size, in bytes, of the decrypted message copied to *pbDecrypted. A decrypted message will not be returned if this parameter is NULL.
Note that when processing the data returned in the buffer, applications need to use the actual size of the data returned. The actual size may be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually specified large enough to insure that the largest possible output data will fit in the buffer.) On output, the variable pointed to by this parameter is updated to reflect the actual size of the data copied to the buffer.
ppXchgCert: Optional parameter. It's a pointer to the certificate context pointer corresponding to the exchange (private) key used to decrypt the message.

Return Values

TRUE if the function succeeded. FALSE if the function failed.

Call GetLastError to see the reason for any failures. Note that errors from the called functions CryptImportKey and CryptDecrypt may be propagated to this function. This function has the following error codes.

Error code	Description
ERROR_MORE_DATA	If the buffer specified by the pbDecrypted parameter is not large enough to hold the returned data, the function sets the ERROR_MORE_DATA code, and stores the required buffer size, in bytes, into the variable pointed to by pcbDecrypted.
E_INVALIDARG	Invalid message and certificate encoding types. Currently only PKCS_7_ASN_ENCODING and X509_ASN_ENCODING_TYPE are supported. Invalid cbSize in *pDecryptPara.
CRYPT_E_OSS_ERROR	Message ASN.1 decoding error. Note, to get the OSS error subtract CRYPT_E_OSS_ERROR from the returned error and see asn1code.h for details on the error.
CRYPT_E_UNEXPECTED_MSG_TYPE	Not an enveloped cryptographic message.
NTE_BAD_ALGID	The message was encrypted using an algorithm we don't know about or support.
CRYPT_E_NO_DECRYPT_CERT	No certificate was found having a private key property to use for decrypting.

Remarks

Notice that when NULL is passed for pbDecrypted, and pcbDecrypted isn't NULL, then NULL is returned for the address passed in ppXchgCert. Otherwise, a pointer to the certificate context pointer is returned. For a successfully decrypted message, the information contained at *ppXchgCert is updated with the pointer to the certificate context used to decrypt. It must be freed by calling CertFreeCertificateContext. If the function fails, the value at ppXchgCert is set to NULL. Also, NULL can be initially passed for ppXchgCert, indicating the caller isn't interested in getting the certificate context used to decrypt.

Example

See Example Code Using CryptDecryptMessage.

QuickInfo