SpSealMessage function

Encrypts a message exchanged between a client and server.

The SpSealMessage function is the dispatch function for the EncryptMessage (General) function of the Security Support Provider Interface.


NTSTATUS SpSealMessage(
  _In_    LSA_SEC_HANDLE ContextHandle,
  _In_    ULONG          QualityOfProtection,
  _Inout_ PSecBufferDesc MessageBuffers,
  _In_    ULONG          MessageSequenceNumber


ContextHandle [in]

Handle of the security context used to sign the message.

QualityOfProtection [in]

Specifies package-specific flags that indicate the quality of protection. An SSP/AP can use this parameter to enable the selection of cryptographic algorithms.

MessageBuffers [in, out]

Pointer to a SecBufferDesc structure that contains message buffers. Only one of these message buffers can be of type SECBUFFER_DATA, and it contains the message to be encrypted. The buffer cannot have the SECBUFFER_READONLY attribute because the encryption is done in-place.

MessageSequenceNumber [in]

Sequence number to assign to the message. Sequence numbers are optional and are used as protection against loss and insertion of messages. A value of zero indicates that sequence numbers are not in use.

Return value

If the function succeeds, return STATUS_SUCCESS.

If the function fails, return an NTSTATUS code that indicates the reason it failed. The following table lists common reasons for failure and the error codes that the function should return.

Return codeDescription

The context could not be found or was not configured for message integrity.


The signature buffer could not be found or was too small.



Messages encrypted by the sender using the SpSealMessage function are decrypted using the SpUnsealMessage function.

SSP/APs must implement the SpSealMessage function; however, the actual name given to the implementation is up to the developer.

A pointer to the SpSealMessage function is available in the SECPKG_USER_FUNCTION_TABLE structure received from the SpUserModeInitialize function.


Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]



See also