| Platform SDK: Cryptography |
The Schannel protocol engine in Windows 2000 performs the handshaking and authentication in a secure process and the bulk encryption/message passing in the application process. This means that the bulk encryption keys and MAC keys must be copied from one process to another. To do this, use the CryptExportKey and CryptImportKey functions as follows:
The secure process exports each key into an OPAQUEKEYBLOB using CryptExportKey, then destroys the key using CryptDestroyKey. Note that if the key is stored in hardware, the CSP must recognize this and must not attempt to destroy the key.
The secure process passes the OPAQUEKEYBLOBs to the application process in a manner beyond the scope of this document.
The application process imports each OPAQUEKEYBLOB back into the CSP using CryptImportKey. At this point, the key must be in exactly the same state as when it was exported.