Platform SDK: Cryptography

CPImportKey

The CPImportKey function transfers a cryptographic key from a key BLOB to a CSP key container.

BOOL CPImportKey(
  HCRYPTPROV hProv,       // in
  CONST BYTE *pbData,     // in
  DWORD  dwDataLen,       // in
  HCRYPTKEY hPubKey,      // in
  DWORD dwFlags,          // in
  HCRYPTKEY *phKey        // out
);

Parameters

hProv
Handle to a particular key container within the CSP. This handle is obtained with a call to CPAcquireContext.
pbData
Buffer containing the key BLOB. This key BLOB was generated by the CPExportKey function, either by this CSP or by a CSP running on a remote computer.

This key BLOB consists of a standard header followed by the key material. The key material is often encrypted.

dwDataLen
Length, in bytes, of the key BLOB.
hPubKey
The meaning of this parameter differs, depending on the CSP type and the type of key BLOB being imported.

If a signed key BLOB is being imported, the key is used to validate the signature of the key BLOB. In this case, this parameter must contain a handle to the key exchange public key of the party that created the key BLOB.

If the key BLOB is a SIMPLEBLOB encrypted with the key exchange key pair, this parameter can be the handle to the key exchange key.

If the key BLOB is encrypted with a session key, as is often done by Fortezza CSPs, for example, this parameter contains a handle to that session key.

If the key BLOB is a PUBLICKEYBLOB and is not encrypted, this parameter is not used and is set to zero.

dwFlags
This parameter is currently used only when a public/private key pair is being imported into the CSP in the form of a PRIVATEKEYBLOB. The following flags are defined:
Flag value Description
CRYPT_EXPORTABLE If the key being imported is eventually to be re-exported, the CRYPT_EXPORTABLE flag must be placed in this parameter. If the CRYPT_EXPORTABLE flag is not used, future calls to CryptExportKey with the key handle will fail.
CRYPT_NO_SALT A no-salt value is specified for a 40-bit symmetric key. For more information, see New Salt Value Functionality.

phKey
Address to which the function copies a handle to the key that was imported.

Return Values

If the function succeeds, the return value is TRUE.

If the function fails, the return value is FALSE, and the appropriate error code from the following table must be set using SetLastError.

Error Description
NTE_BAD_ALGID The simple key BLOB being imported is not encrypted with the expected key exchange algorithm. The most likely cause of this error is incompatible CSPs.
NTE_BAD_DATA The algorithm of the public key being imported is not supported by this CSP.
NTE_BAD_FLAGS The dwFlags parameter is non-zero.
NTE_BAD_TYPE The key BLOB type is not supported by this CSP and is possibly invalid.
NTE_BAD_UID The hProv parameter does not contain a valid context handle.
NTE_BAD_VER The key BLOB's version number indicates a key BLOB version that the CSP does not support.

Requirements

  Windows NT/2000: Requires Windows NT 4.0 or later.
  Windows 95/98: Requires Windows 95 OSR2 or later (or Windows 95 with Internet Explorer 3.02 or later).
  Header: Declared in Wincrypt.h.

See Also

CPExportKey, CPGenKey, CryptImportKey

Built on Thursday, February 17, 2000