This topic has not yet been rated - Rate this topic

Specifying a Salt Value

Both the Base Provider and the Extended Provider can specify the value and length of the salt value to be used. The Base Provider sets a salt value using the KP_SALT parameter value. The Base Provider always sets eleven bytes of salt value.

The Enhanced Provider sets the salt value by calling CryptSetKeyParam with the KP_SALT_EX parameter value specified and with the pbData parameter pointing to a CRYPT_INTEGER_BLOB structure that contains the salt.

Note The total length of an Enhanced Provider symmetric key and its salt value cannot be greater than 128 bits.

KP_SALT continues to be provided for backward compatibility with the Base Provider. Newer applications should use the KP_SALT_EX parameter value.

The following example sets a salt value.

C++

Copy


// Specify 4 bytes of salt.
BYTE rgbSalt[] = {0x01, 0x02, 0x03, 0x04};
CRYPT_DATA_BLOB sSaltData;
sSaltData.pbData = rgbSalt;
sSaltData.cbData = sizeof(rgbSalt);

// Set the 4 bytes of salt required.
// hKey is an HCRYPTPROV handle previously
// assigned, such as by CryptImportKey.
if (CryptSetKeyParam(
        hKey,    
        KP_SALT_EX,    
        (BYTE*)&sSaltData,    
        0))
{
     printf("The salt value is set.\n");
}
else
{
     printf("Setting the salt value failed.\n");
}

Send comments about this topic to Microsoft

Build date: 3/6/2012

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)

Community Content Add

FAQ