If a certification authority is not available, or if one or more of the users have not registered their public keys with it, then the users need to exchange their public keys in some other manner. This can also be done if the certification authority is not considered trustworthy by one or more of the users.
When transferring keys or messages from one user to another, one of the users is designated the sending user (or sender, who uses the sending application) and the other the destination user (or receiver, who uses the receiving application).
The first step is for the sender to export his public key from the CSP into a public key blob by using the CryptExportKey function. Next, the key blob must be sent to the receiver in some secure manner (for example, the sender might hand carry it on a floppy disk to the receiver). Although secrecy is not necessary, both users must be confident that the integrity of the key blob remains untarnished during the transfer. The mechanics of how this is done are completely independent of the CryptoAPI.
Public key blobs are not encrypted. Thus, it would not be difficult for the sending application to convert the key blob to a readable format, so that the sender could read the public key to the receiver over the telephone. Furthermore, it would not be difficult for the receiving application to reconstruct the public key blob.
After the receiving application has received the key blob data from the sending application, it imports the key blob into its own CSP. This is done by using the CryptImportKey function.