Export (0) Print
Expand All

BCryptImportKeyPair function

The BCryptImportKeyPair function imports a public/private key pair from a key BLOB. The BCryptImportKey function is used to import a symmetric key pair.

Syntax


NTSTATUS WINAPI BCryptImportKeyPair(
  _In_    BCRYPT_ALG_HANDLE hAlgorithm,
  _Inout_ BCRYPT_KEY_HANDLE hImportKey,
  _In_    LPCWSTR           pszBlobType,
  _Out_   BCRYPT_KEY_HANDLE *phKey,
  _In_    PUCHAR            pbInput,
  _In_    ULONG             cbInput,
  _In_    ULONG             dwFlags
);

Parameters

hAlgorithm [in]

The handle of the algorithm provider to import the key. This handle is obtained by calling the BCryptOpenAlgorithmProvider function.

hImportKey [in, out]

This parameter is not currently used and should be NULL.

pszBlobType [in]

A null-terminated Unicode string that contains an identifier that specifies the type of BLOB that is contained in the pbInput buffer. This can be one of the following values.

ValueMeaning
BCRYPT_DH_PRIVATE_BLOB

The BLOB is a Diffie-Hellman public/private key pair BLOB. The pbInput buffer must contain a BCRYPT_DH_KEY_BLOB structure immediately followed by the key data.

BCRYPT_DH_PUBLIC_BLOB

The BLOB is a Diffie-Hellman public key BLOB. The pbInput buffer must contain a BCRYPT_DH_KEY_BLOB structure immediately followed by the key data.

BCRYPT_DSA_PRIVATE_BLOB

The BLOB is a DSA public/private key pair BLOB. The pbInput buffer must contain a BCRYPT_DSA_KEY_BLOB or BCRYPT_DSA_KEY_BLOB_V2 structure immediately followed by the key data. BCRYPT_DSA_KEY_BLOB is used for key lengths from 512 to 1024 bits. BCRYPT_DSA_KEY_BLOB_V2 is used for key lengths that exceed 1024 bits but are less than or equal to 3072 bits.

Windows 8:  Support for BCRYPT_DSA_KEY_BLOB_V2 begins.

BCRYPT_DSA_PUBLIC_BLOB

The BLOB is a DSA public key BLOB. The pbInput buffer must contain a BCRYPT_DSA_KEY_BLOB or BCRYPT_DSA_KEY_BLOB_V2 structure immediately followed by the key data. BCRYPT_DSA_KEY_BLOB is used for key lengths from 512 to 1024 bits. BCRYPT_DSA_KEY_BLOB_V2 is used for key lengths that exceed 1024 bits but are less than or equal to 3072 bits.

Windows 8:  Support for BCRYPT_DSA_KEY_BLOB_V2 begins.

BCRYPT_ECCPRIVATE_BLOB

The BLOB is an elliptic curve cryptography (ECC) private key. The pbInput buffer must contain a BCRYPT_ECCKEY_BLOB structure immediately followed by the key data.

BCRYPT_ECCPUBLIC_BLOB

The BLOB is an ECC public key. The pbInput buffer must contain a BCRYPT_ECCKEY_BLOB structure immediately followed by the key data.

BCRYPT_PUBLIC_KEY_BLOB

The BLOB is a generic public key of any type. The type of key in this BLOB is determined by the Magic member of the BCRYPT_KEY_BLOB structure.

BCRYPT_PRIVATE_KEY_BLOB

The BLOB is a generic private key of any type. The private key does not necessarily contain the public key. The type of key in this BLOB is determined by the Magic member of the BCRYPT_KEY_BLOB structure.

BCRYPT_RSAPRIVATE_BLOB

The BLOB is an RSA public/private key pair BLOB. The pbInput buffer must contain a BCRYPT_RSAKEY_BLOB structure immediately followed by the key data.

BCRYPT_RSAPUBLIC_BLOB

The BLOB is an RSA public key BLOB. The pbInput buffer must contain a BCRYPT_RSAKEY_BLOB structure immediately followed by the key data.

LEGACY_DH_PUBLIC_BLOB

The BLOB is a Diffie-Hellman public key BLOB that was exported by using CryptoAPI. The Microsoft primitive provider does not support importing this BLOB type.

LEGACY_DH_PRIVATE_BLOB

The BLOB is a legacy Diffie-Hellman Version 3 Private Key BLOB that contains a Diffie-Hellman public/private key pair that was exported by using CryptoAPI.

LEGACY_DSA_PRIVATE_BLOB

The BLOB is a DSA public/private key pair BLOB that was exported by using CryptoAPI.

LEGACY_DSA_PUBLIC_BLOB

The BLOB is a DSA public key BLOB that was exported by using CryptoAPI. The Microsoft primitive provider does not support importing this BLOB type.

LEGACY_DSA_V2_PRIVATE_BLOB

The BLOB is a DSA version 2 private key in a form that can be imported by using CryptoAPI.

LEGACY_RSAPRIVATE_BLOB

The BLOB is an RSA public/private key pair BLOB that was exported by using CryptoAPI.

LEGACY_RSAPUBLIC_BLOB

The BLOB is an RSA public key BLOB that was exported by using CryptoAPI. The Microsoft primitive provider does not support importing this BLOB type.

 

phKey [out]

A pointer to a BCRYPT_KEY_HANDLE that receives the handle of the imported key. This handle is used in subsequent functions that require a key, such as BCryptSignHash. This handle must be released when it is no longer needed by passing it to the BCryptDestroyKey function.

pbInput [in]

The address of a buffer that contains the key BLOB to import. The cbInput parameter contains the size of this buffer. The pszBlobType parameter specifies the type of key BLOB this buffer contains.

cbInput [in]

The size, in bytes, of the pbInput buffer.

dwFlags [in]

A set of flags that modify the behavior of this function. This can be zero or the following value.

ValueMeaning
BCRYPT_NO_KEY_VALIDATION

Do not validate the public portion of the key pair.

 

Return value

Returns a status code that indicates the success or failure of the function.

Possible return codes include, but are not limited to, the following.

Return codeDescription
STATUS_SUCCESS

The function was successful.

STATUS_INVALID_HANDLE

The algorithm handle in the hAlgorithm parameter is not valid.

STATUS_INVALID_PARAMETER

One or more parameters are not valid.

STATUS_NOT_SUPPORTED

The algorithm provider specified by the hAlgorithm parameter does not support the BLOB type specified by the pszBlobType parameter.

 

Remarks

Depending on what processor modes a provider supports, BCryptImportKeyPair can be called either from user mode or kernel mode. Kernel mode callers can execute either at PASSIVE_LEVEL IRQL or DISPATCH_LEVEL IRQL. If the current IRQL level is DISPATCH_LEVEL, the handle provided in the hAlgorithm parameter must have been opened by using the BCRYPT_PROV_DISPATCH flag, and any pointers passed to the BCryptImportKeyPair function must refer to nonpaged (or locked) memory.

To call this function in kernel mode, use Cng.lib, which is part of the Driver Development Kit (DDK). For more information, see WDK and Developer Tools.

Windows Server 2008 and Windows Vista:  To call this function in kernel mode, use Ksecdd.lib.

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

Bcrypt.h

Library

Bcrypt.lib

DLL

Bcrypt.dll

See also

BCryptDestroyKey
BCryptExportKey
BCryptImportKey

 

 

Community Additions

ADD
Show:
© 2015 Microsoft