Platform SDK: Cryptography

CPDeriveKey Schannel Extensions

For Schannel protocols, CPDeriveKey must implement all of its normal functionality but must also derive bulk encryption and MAC keys from the master hash object created by CPCreateHash. This is done using CPDeriveKey with one of the following algorithm identifiers (ALG_IDs):

If the CRYPT_SERVER flag is set in the dwFlags parameter, the key to be generated is a server write key; otherwise, it is a client write key.

See also Deriving Bulk Encryption and MAC Keys.

CALG_SCHANNEL_ENC_KEY

Generate a bulk encryption key. The algorithm and key size have previously been specified using CPSetKeyParam including some extensions discussed in CPSetKeyParam Schannel Extensions.

The CSP must create the initialization vector (IV) automatically.

CALG_SCHANNEL_MAC_KEY

Generate a MAC key. The algorithm has been previously been specified using CPSetKeyParam. Details may also be found in CPSetKeyParam Schannel Extensions.