Export (0) Print
Expand All
0 out of 1 rated this helpful - Rate this topic

BCryptGenerateKeyPair function

The BCryptGenerateKeyPair function creates an empty public/private key pair. After you create a key by using this function, you can use the BCryptSetProperty function to set its properties; however, the key cannot be used until the BCryptFinalizeKeyPair function is called.

Syntax


NTSTATUS WINAPI BCryptGenerateKeyPair(
  _Inout_  BCRYPT_ALG_HANDLE hAlgorithm,
  _Out_    BCRYPT_KEY_HANDLE *phKey,
  _In_     ULONG dwLength,
  _In_     ULONG dwFlags
);

Parameters

hAlgorithm [in, out]

Handle of an algorithm provider that supports signing, asymmetric encryption, or key agreement. This handle must have been created by using the BCryptOpenAlgorithmProvider function.

phKey [out]

A pointer to a BCRYPT_KEY_HANDLE that receives the handle of the key. This handle is used in subsequent functions that require a key, such as BCryptEncrypt. This handle must be released when it is no longer needed by passing it to the BCryptDestroyKey function.

dwLength [in]

The length, in bits, of the key. Algorithm providers have different key size restrictions for each standard asymmetric algorithm.

Algorithm identifierMeaning
BCRYPT_DH_ALGORITHM

The key size must be greater than or equal to 512 bits, less than or equal to 4096 bits, and must be a multiple of 64.

BCRYPT_DSA_ALGORITHM

Prior to Windows 8, the key size must be greater than or equal to 512 bits, less than or equal to 1024 bits, and must be a multiple of 64.

Beginning with Windows 8, the key size must be greater than or equal to 512 bits, less than or equal to 3072 bits, and must be a multiple of 64. Processing for key sizes less than or equal to 1024 bits adheres to FIPS-186-2. Processing for key sizes greater than 1024 and less than or equal to 3072 adheres to FIPS 186-3.

BCRYPT_ECDH_P256_ALGORITHM

The key size must be 256 bits.

BCRYPT_ECDH_P384_ALGORITHM

The key size must be 384 bits.

BCRYPT_ECDH_P521_ALGORITHM

The key size must be 521 bits.

BCRYPT_ECDSA_P256_ALGORITHM

The key size must be 256 bits.

BCRYPT_ECDSA_P384_ALGORITHM

The key size must be 384 bits.

BCRYPT_ECDSA_P521_ALGORITHM

The key size must be 521 bits.

BCRYPT_RSA_ALGORITHM

The key size must be greater than or equal to 512 bits, less than or equal to 16384 bits, and must be a multiple of 64.

 

dwFlags [in]

A set of flags that modify the behavior of this function. No flags are currently defined, so this parameter should be zero.

Return value

Returns a status code that indicates the success or failure of the function.

Possible return codes include, but are not limited to, the following.

Return codeDescription
STATUS_SUCCESS

The function was successful.

STATUS_INVALID_HANDLE

The algorithm handle in the hAlgorithm parameter is not valid.

STATUS_INVALID_PARAMETER

One or more parameters are not valid.

STATUS_NOT_SUPPORTED

The specified provider does not support asymmetric key encryption.

 

Remarks

Depending on what processor modes a provider supports, BCryptGenerateKeyPair can be called either from user mode or kernel mode. Kernel mode callers can execute either at PASSIVE_LEVEL IRQL or DISPATCH_LEVEL IRQL. If the current IRQL level is DISPATCH_LEVEL, the handle provided in the hAlgorithm parameter must have been opened by using the BCRYPT_PROV_DISPATCH flag, and any pointers passed to the BCryptGenerateKeyPair function must refer to nonpaged (or locked) memory.

To call this function in kernel mode, use Cng.lib, which is part of the Driver Development Kit (DDK). For more information, see WDK and Developer Tools.

Windows Server 2008 and Windows Vista:  To call this function in kernel mode, use Ksecdd.lib.

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

Bcrypt.h

Library

Bcrypt.lib

DLL

Bcrypt.dll

See also

BCryptDestroyKey

 

 

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.