CngKey.Open Method (SafeNCryptKeyHandle, CngKeyHandleOpenOptions)


The .NET API Reference documentation has a new home. Visit the .NET API Browser on to see the new experience.

Creates an instance of an CngKey object by using a handle to an existing key.

Namespace:   System.Security.Cryptography
Assembly:  System.Core (in System.Core.dll)

[SecurityPermissionAttribute(SecurityAction.Demand, UnmanagedCode = true)]
public static CngKey Open(
	SafeNCryptKeyHandle keyHandle,
	CngKeyHandleOpenOptions keyHandleOpenOptions


Type: Microsoft.Win32.SafeHandles.SafeNCryptKeyHandle

A handle to an existing key.

Type: System.Security.Cryptography.CngKeyHandleOpenOptions

One of the enumeration values that indicates whether keyHandle represents an ephemeral key or a named key.

Return Value

Type: System.Security.Cryptography.CngKey

An existing key.

Exception Condition

keyHandle is null.


keyHandle is invalid or malformed, or it is already closed. This exception is also thrown if the key is an ephemeral key that is created by the common language runtime (CLR), but the EphemeralKey value is not specified.


Cryptography Next Generation (CNG) is not supported on this system.


All other errors.

This overload enables advanced users to use the CNG classes even if they rely on platform invoke or the managed interop capability of C++. For example, if you have a native library that returns the key as an NCRYPT_KEY_HANDLE, this overload lets you create a managed wrapper around the key and use the CNG classes to manipulate it.

When you open a key by using its handle, you cannot determine the key's ephemeral state and must specify it yourself. Several properties of the CngKey class rely on this value to be correct. Therefore, make sure that you pass the correct flag value to the Open methods.


for permission to call unmanaged code. Demand value: Demand. Associated enumeration: SecurityPermissionFlag.UnmanagedCode

.NET Framework
Available since 3.5
Return to top