A bulk encryption key is generated by hashing one of the MAC keys using
CryptHashSessionKey together with the message contents and other data. The message is encrypted/decrypted with one of the bulk encryption keys in the usual manner.
When using a block cipher, the Schannel protocol engine does all necessary block cipher padding. When
CryptEncrypt and
CryptDecrypt are called, the Final flag is always FALSE and the data length is a multiple of whole block lengths.
Note The CSP must never buffer data internally. After the data has been encrypted (or decrypted), the size of the plaintext must always exactly match the size of the ciphertext.
Send comments about this topic to Microsoft
Build date: 11/16/2009