MDEncryptData function

The MDEncryptData function uses a key handle to encrypt data with a symmetric key. The data is encrypted in a format that the smart card supports.


  _In_   PCARD_DATA pCardData,
  _In_   CARD_KEY_HANDLE hKey,
  _In_   LPCWSTR pwszSecureFunction,
  _In_   PBYTE pbInput,
  _In_   DWORD cbInput,
  _In_   DWORD dwFlags,
  _Out_  PCARD_ENCRYPTED_DATA *ppEncryptedData,
  _Out_  PDWORD pcEncryptedData


pCardData [in]

Context information for the call. For more information, see CardAcquireContext.

hKey [in]

The handle of the cryptographic key that is used to encrypt the data.

pwszSecureFunction [in]

A pointer to a null-terminated Unicode string that contains the name of the data structure to be encrypted.

pbInput [in]

A byte pointer to the buffer that contains the data.

cbInput [in]

The length, in bytes, of the data buffer.

dwFlags [in]

A set of flags that specify options for the encryption operation. Currently, only one flag is supported.

ppEncryptedData [out]

A pointer to an array of CARD_ENCRYPTED_DATA structures. The buffer that contains the array is allocated by the minidriver and returned to the calling application

pcEncryptedData [out]

A pointer to a value that contains the number of returned encrypted data BLOBs.

Return value

Zero on success; otherwise, nonzero.


If the card minidriver does not support encrypting data for secure transmission, the function should return SCARD_E_UNSUPPORTED_FEATURE.

The dwFlags parameter is used to specify flag settings for optional parameters for the encryption operation. Currently, the only allowed flag is CARD_BLOCK_PADDING, which specifies that the encrypted data should be padded by using PKCS #5. For more information, see the description of CP_PADDING_SCHEMES in CardGetProperty.

If dwFlags contains an invalid or undefined value, the function should return SCARD_E_INVALID_PARAMETER.

If an unsupported pwszSecureFunction value is passed to MDEncryptData, the function should return SCARD_E_INVALID_PARAMETER.

Note  The minidriver may choose to define and support optional custom secure functions that are not defined in the specification.

The format of pbInput depends on the value of the pwszSecureFunction parameter. The following table describes the different supported values for pwszSecureFunction along with the corresponding format for pbInput:

pwszSecureFunction valuepbInput value
CSF_IMPORT_KEYPAIRThe data contains a structure of type CARD_IMPORT_KEYPAIR.
CSF_AUTHENTICATE The data contains a structure of type CARD_AUTHENTICATE.


The function should allocate an array of CARD_ENCRYPTED_DATA structures and return them in the ppEncryptedData pointer.

This function can be called only when CARD_SECURE_KEY_INJECTION_NO_CARD_MODE is passed to CardAcquireContext.

If the appropriate properties are not set on the hKey key handle before the call to MDEncryptData, the function should return SCARD_E_INVALID_PARAMETER.



Cardmod.h (include Cardmod.h)



Send comments about this topic to Microsoft

© 2014 Microsoft