CryptCreateKeyIdentifierFromCSP function

The CryptCreateKeyIdentifierFromCSP function creates a key identifier from a cryptographic service provider (CSP) public key CRYPT_INTEGER_BLOB.

This function converts a PUBLICKEYSTRUC of a CSP into an X.509 CERT_PUBLIC_KEY_INFO structure and encodes it. The encoded structure is then hashed with the SHA1 algorithm to obtain the key identifier.


BOOL WINAPI CryptCreateKeyIdentifierFromCSP(
  _In_          DWORD          dwCertEncodingType,
  _In_          LPCSTR         pszPubKeyOID,
  _In_    const PUBLICKEYSTRUC *pPubKeyStruc,
  _In_          DWORD          cbPubKeyStruc,
  _In_          DWORD          dwFlags,
  _In_          void           *pvReserved,
  _Out_         BYTE           *pbHash,
  _Inout_       DWORD          *pcbHash


dwCertEncodingType [in]

Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by combining them with a bitwise-OR operation as shown in the following example:


Currently defined encoding types are:

pszPubKeyOID [in]

A pointer to the public key object identifier (OID). A value that is not NULL overrides the default OID obtained from the aiKeyAlg member of the structure pointed to by pPubKeyStruc. To use the default OID, set pszPubKeyOID to NULL.

pPubKeyStruc [in]

A pointer to a PUBLICKEYSTRUC structure. In the default case, the aiKeyAlg member of the structure pointed to by pPubKeyStruc is used to find the public key OID. When the value of pszPubKeyOID is not NULL, it overrides the default.

cbPubKeyStruc [in]

The size, in bytes, of the PUBLICKEYSTRUC.

dwFlags [in]

Reserved for future use and must be zero.

pvReserved [in]

Reserved for future use and must be NULL.

pbHash [out]

A pointer to a buffer to receive the hash of the public key and the key identifier.

To get the size of this information for memory allocation purposes, set this parameter to NULL. For more information, see Retrieving Data of Unknown Length.

pcbHash [in, out]

A pointer to a DWORD that specifies the size, in bytes, of the buffer pointed to by the pbHash parameter. When the function returns, the DWORD contains the number of bytes stored in the buffer. Using SHA1 hashing, the length of the required buffer is twenty.

Return value

If the function succeeds, the function returns nonzero (TRUE).

If the function fails, it returns zero (FALSE). For extended error information, call GetLastError.


For an example that uses this function, see Example C Program: Working with Key Identifiers.


Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]







See also

Key Identifier Functions