NCryptUnprotectSecret function

The NCryptUnprotectSecret function decrypts data to a specified protection descriptor. Call NCryptProtectSecret to encrypt the data.

Syntax


NTSTATUS WINAPI NCryptUnprotectSecret(
  _Out_opt_  NCRYPT_DESCRIPTOR_HANDLE *phDescriptor,
  _In_       DWORD dwFlags,
  _In_       const BYTE *pbProtectedBlob,
  ULONG cbProtectedBlob,
  _In_opt_   const NCRYPT_ALLOC_PARA *pMemPara,
  _In_opt_   HWND hWnd,
  _Out_      BYTE **ppbData,
  _Out_      ULONG *pcbData
);

Parameters

phDescriptor [out, optional]

Pointer to the protection descriptor handle.

dwFlags [in]

The flag can be zero or a bitwise OR of the following values.

ValueMeaning
NCRYPT_SILENT_FLAG

Requests that the key service provider not display a user interface.

NCRYPT_UNPROTECT_NO_DECRYPT

Decodes only the header of the protected data blob. No actual decryption takes place.

 

pbProtectedBlob [in]

Pointer to an array of bytes that contains the data to decrypt.

cbProtectedBlob

The number of bytes in the array pointed to by the pbProtectedBlob parameter.

pMemPara [in, optional]

Pointer to an NCRYPT_ALLOC_PARA structure that you can use to specify custom memory management functions. If you set this argument to NULL, the LocalAlloc function is used internally to allocate memory and your application must call LocalFree to release memory pointed to by the ppbData parameter.

hWnd [in, optional]

Handle to the parent window of the user interface, if any, to be displayed.

ppbData [out]

Address of a variable that receives a pointer to the decrypted data.

pcbData [out]

Pointer to a ULONG variable that contains the size, in bytes, of the decrypted data pointed to by the ppbData variable.

Return value

Returns a status code that indicates the success or failure of the function. Possible return codes include, but are not limited to, the following.

Return codeDescription
ERROR_SUCCESS

The function was successful.

NTE_BAD_FLAGS

The dwFlags parameter can only contain NCRYPT_SILENT_FLAG or NCRYPT_UNPROTECT_NO_DECRYPT.

NTE_INVALID_PARAMETER

The pbProtectedBlob, ppbData, and pcbData parameters cannot be NULL.

The cbData parameter cannot be less than one.

 

Remarks

Use the NCryptUnprotectSecret function to decrypt keys, key material, and passwords. Use the NCryptStreamOpenToUnprotect and the NCryptStreamUpdate functions to decrypt larger messages.

Requirements

Minimum supported client

Windows 8 [desktop apps only]

Minimum supported server

Windows Server 2012 [desktop apps only]

Header

NCryptprotect.h

Library

NCrypt.lib

DLL

NCrypt.dll

See also

CNG DPAPI Functions
NCryptProtectSecret

 

 

Community Additions

ADD
Show:
© 2014 Microsoft