Platform SDK: Cryptography |
For Schannel protocols, CPDeriveKey must implement all of its normal functionality but must also derive bulk encryption and MAC keys from the master hash object created by CPCreateHash. This is done using CPDeriveKey with one of the following algorithm identifiers (ALG_IDs):
If the CRYPT_SERVER flag is set in the dwFlags parameter, the key to be generated is a server write key; otherwise, it is a client write key.
See also Deriving Bulk Encryption and MAC Keys.
Generate a bulk encryption key. The algorithm and key size have previously been specified using CPSetKeyParam including some extensions discussed in CPSetKeyParam Schannel Extensions.
The CSP must create the initialization vector (IV) automatically.
Generate a MAC key. The algorithm has been previously been specified using CPSetKeyParam. Details may also be found in CPSetKeyParam Schannel Extensions.