Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Specifying a Salt Value
Collapse the table of content
Expand the table of content

Specifying a Salt Value

Both the Base Provider and the Extended Provider can specify the value and length of the salt value to be used. The Base Provider sets a salt value using the KP_SALT parameter value. The Base Provider always sets eleven bytes of salt value.

The Enhanced Provider sets the salt value by calling CryptSetKeyParam with the KP_SALT_EX parameter value specified and with the pbData parameter pointing to a CRYPT_INTEGER_BLOB structure that contains the salt.

Note  The total length of an Enhanced Provider symmetric key and its salt value cannot be greater than 128 bits.

KP_SALT continues to be provided for backward compatibility with the Base Provider. Newer applications should use the KP_SALT_EX parameter value.

The following example sets a salt value.

// Specify 4 bytes of salt.
BYTE rgbSalt[] = {0x01, 0x02, 0x03, 0x04};
sSaltData.pbData = rgbSalt;
sSaltData.cbData = sizeof(rgbSalt);

// Set the 4 bytes of salt required.
// hKey is an HCRYPTPROV handle previously
// assigned, such as by CryptImportKey.
if (CryptSetKeyParam(
     printf("The salt value is set.\n");
     printf("Setting the salt value failed.\n");



Community Additions

© 2015 Microsoft