This topic has not yet been rated - Rate this topic

Cryptography Primitive Property Identifiers

Applies to: desktop apps only

The following values are used with the BCryptGetProperty and BCryptSetProperty functions to identify a property.

BCRYPT_ALGORITHM_NAME

L"AlgorithmName"
A null-terminated Unicode string that contains the name of the algorithm.

BCRYPT_AUTH_TAG_LENGTH

L"AuthTagLength"
The authentication tag lengths that are supported by the algorithm. This property is a BCRYPT_AUTH_TAG_LENGTHS_STRUCT structure. This property only applies to algorithms.

BCRYPT_BLOCK_LENGTH

L"BlockLength"
The size, in bytes, of a cipher block for the algorithm. This property only applies to block cipher algorithms. This data type is a DWORD.

BCRYPT_BLOCK_SIZE_LIST

L"BlockSizeList"
A list of the block lengths supported by an encryption algorithm. This data type is an array of DWORDs. The number of elements in the array can be determined by dividing the number of bytes retrieved by the size of a single DWORD.

BCRYPT_CHAINING_MODE

L"ChainingMode"
A pointer to a null-terminated Unicode string that represents the chaining mode of the algorithm provider. This can be one of the following values.

Identifier Value Description

BCRYPT_CHAIN_MODE_CBC L"ChainingModeCBC" Sets the provider's chaining mode to cipher block chaining.

BCRYPT_CHAIN_MODE_CCM L"ChainingModeCCM" Sets the provider's chaining mode to counter with CBC-MAC mode (CCM).
Windows Vista: This value is supported beginning with Windows Vista with SP1.

BCRYPT_CHAIN_MODE_CFB L"ChainingModeCFB" Sets the provider's chaining mode to cipher feedback.

BCRYPT_CHAIN_MODE_ECB L"ChainingModeECB" Sets the provider's chaining mode to electronic codebook.

BCRYPT_CHAIN_MODE_GCM L"ChainingModeGCM" Sets the provider's chaining mode to Galois/counter mode (GCM).
Windows Vista: This value is supported beginning with Windows Vista with SP1.

BCRYPT_CHAIN_MODE_NA L"ChainingModeN/A" The provider does not support chaining.

BCRYPT_DH_PARAMETERS

Identifier	Value	Description
BCRYPT_CHAIN_MODE_CBC	L"ChainingModeCBC"	Sets the provider's chaining mode to cipher block chaining.
BCRYPT_CHAIN_MODE_CCM	L"ChainingModeCCM"	Sets the provider's chaining mode to counter with CBC-MAC mode (CCM). Windows Vista: This value is supported beginning with Windows Vista with SP1.
BCRYPT_CHAIN_MODE_CFB	L"ChainingModeCFB"	Sets the provider's chaining mode to cipher feedback.
BCRYPT_CHAIN_MODE_ECB	L"ChainingModeECB"	Sets the provider's chaining mode to electronic codebook.
BCRYPT_CHAIN_MODE_GCM	L"ChainingModeGCM"	Sets the provider's chaining mode to Galois/counter mode (GCM). Windows Vista: This value is supported beginning with Windows Vista with SP1.
BCRYPT_CHAIN_MODE_NA	L"ChainingModeN/A"	The provider does not support chaining.

L"DHParameters"
Specifies parameters to use with a Diffie-Hellman key. This data type is a pointer to a BCRYPT_DH_PARAMETER_HEADER structure. This property can only be set and must be set for the key before the key is completed.

BCRYPT_DSA_PARAMETERS

L"DSAParameters"
Specifies parameters to use with a Diffie-Hellman key. This property is a BCRYPT_DSA_PARAMETER_HEADER structure. This property can only be set and must be set for the key before the key is completed.

BCRYPT_EFFECTIVE_KEY_LENGTH

L"EffectiveKeyLength"
The size, in bytes, of the effective length of an RC2 key. This data type is a DWORD.

BCRYPT_HASH_BLOCK_LENGTH

L"HashBlockLength"
The size, in bytes, of the block for a hash. This property only applies to hash algorithms. This data type is a DWORD.

BCRYPT_HASH_LENGTH

L"HashDigestLength"
The size, in bytes, of the hash value of a hash provider. This data type is a DWORD.

BCRYPT_HASH_OID_LIST

L"HashOIDList"
The list of DER-encoded hashing object identifiers (OIDs). This property is a BCRYPT_OID_LIST structure. This property can only be read.

BCRYPT_INITIALIZATION_VECTOR

L"IV"
Contains the initialization vector (IV) for a key. This property only applies to keys.

BCRYPT_KEY_LENGTH

L"KeyLength"
The size, in bits, of the key value of a symmetric key provider. This data type is a DWORD.

BCRYPT_KEY_LENGTHS

L"KeyLengths"
The key lengths that are supported by the algorithm. This property is a BCRYPT_KEY_LENGTHS_STRUCT structure. This property only applies to algorithms.

BCRYPT_KEY_OBJECT_LENGTH

L"KeyObjectLength"
This property is not used. The BCRYPT_OBJECT_LENGTH property is used to obtain this information.

BCRYPT_KEY_STRENGTH

L"KeyStrength"
The number of bits in the key. This data type is a DWORD. This property only applies to keys.

BCRYPT_OBJECT_LENGTH

L"ObjectLength"
The size, in bytes, of the subobject of a provider. This data type is a DWORD. Currently, the hash and symmetric cipher algorithm providers use caller-allocated buffers to store their subobjects. For example, the hash provider requires you to allocate memory for the hash object obtained with the BCryptCreateHash function. This property provides the buffer size for a provider's object so you can allocate memory for the object created by the provider.

BCRYPT_PADDING_SCHEMES

L"PaddingSchemes"
Represents the padding scheme of the RSA algorithm provider. This data type is a DWORD. This can be one of the following values.

Identifier Value Description

BCRYPT_SUPPORTED_PAD_ROUTER 0x00000001 The provider supports padding added by the router.

BCRYPT_SUPPORTED_PAD_PKCS1_ENC 0x00000002 The provider supports the PKCS1 encryption padding scheme.

BCRYPT_SUPPORTED_PAD_PKCS1_SIG 0x00000004 The provider supports the PKCS1 signature padding scheme.

BCRYPT_SUPPORTED_PAD_OAEP 0x00000008 The provider supports the OAEP padding scheme.

BCRYPT_SUPPORTED_PAD_PSS 0x00000010 The provider supports the PSS padding scheme.

BCRYPT_PROVIDER_HANDLE

Identifier	Value	Description
BCRYPT_SUPPORTED_PAD_ROUTER	0x00000001	The provider supports padding added by the router.
BCRYPT_SUPPORTED_PAD_PKCS1_ENC	0x00000002	The provider supports the PKCS1 encryption padding scheme.
BCRYPT_SUPPORTED_PAD_PKCS1_SIG	0x00000004	The provider supports the PKCS1 signature padding scheme.
BCRYPT_SUPPORTED_PAD_OAEP	0x00000008	The provider supports the OAEP padding scheme.
BCRYPT_SUPPORTED_PAD_PSS	0x00000010	The provider supports the PSS padding scheme.

L"ProviderHandle"
The handle of the CNG provider that created the object passed in the hObject parameter. This data type is a BCRYPT_ALG_HANDLE. This property can only be retrieved; it cannot be set.

BCRYPT_SIGNATURE_LENGTH

L"SignatureLength"
The size, in bytes, of the length of a signature for a key. This data type is a DWORD. This property only applies to keys. This property can only be retrieved; it cannot be set.

Requirements

Minimum supported client	Windows Vista
Minimum supported server	Windows Server 2008
Header	Bcrypt.h

Send comments about this topic to Microsoft

Build date: 3/7/2012

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)

Community Content Add

FAQ

Documentation Misleading?

I've spent quite a bit of time attempting to figure out why I am able to query some properties successfully, but not others where I am getting "Not Supported" error status code. From what I can tell, it seems that some properties simply do not apply to all crypto providers. For example, I am able to query BCRYPT_ALGORITHM_NAME and BCRYPT_BLOCK_LENGTH for the AES provider, but I am unable to successfully query BCRYPT_KEY_LENGTH or BCRYPT_KEY_STRENGTH (definitions for these 2 properties seem to be the same, so the cause for the error is likely the same source). From my understanding of how the BcryptGenerateSymmetricKey function works, it seems that the key length property would not apply because the key length used for the provider is dynamically dependent on the key length supplied to the BcryptGenerateSymmetricKey function, where the accepted key lengths are either 16, 24, or 32 bytes.

Also, I was even more confused when I came across the forum posts here: http://social.msdn.microsoft.com/Forums/en-US/windowssecurity/thread/41835413-8100-4aab-a30c-70413a2b9edc

The answer posts from the same person seem to have conflicting information and even after trying the different suggestions mentioned, the end result was the same, "Not Supported" error status code if I ever try to query key length on the AES provider.

It seems to me that perhaps the documentation ought to at least mention something along the lines of "this property does not apply to all providers" if my above understanding is correct. If not, could some clarification be added to the documentation that may help me (and others) understand what we are doing wrong and how could I use the BCRYPT_KEY_LENGTH property to query the key length for the AES provider?

Thanks,
Walt

History

6/15/2010
waltjrUM