PFXImportCertStore (Compact 2013)

3/28/2014

This function imports a Personal Information Exchange (PFX) BLOB and returns the handle of a store containing certificates and any associated private keys.

PFX format is also known as Public-Key Cryptography Standards #12 (PKCS #12) format.

Syntax

HCERTSTORE WINAPI PFXImportCertStore(
  CRYPT_DATA_BLOB* pPFX,
  LPCWSTR szPassword,
  DWORD dwFlags
);

Parameters

  • pPFX
    [in] Pointer to a CRYPT_DATA_BLOB structure containing a PFX packet with the exported and encrypted certificates and keys.
  • szPassword
    [in] String password used to decrypt and verify the PFX packet. This password must be exactly the same as the password that was used to encrypt the packet.
  • dwFlags
    [in] Flag values can be set to the following.

    Flag value

    Description

    CRYPT_EXPORTABLE

    Imported keys are marked as exportable. If this flag is not used, calls to CryptExportKey with the key handle will fail.

    CRYPT_USER_PROTECTED

    The user is to be notified through a dialog box or another method when certain actions are attempting to use this key. The precise behavior is specified by the Cryptographic Service Provider (CSP) that is being used. If the provider context was opened with the CRYPT_SILENT flag set, using this flag causes a failure and the last error is set to NTE_SILENT_CONTEXT.

    CRYPT_MACHINE_KEYSET

    The private keys are stored under local machine and not the current user.

    CRYPT_USER_KEYSET

    The private keys are stored under the current user and not the local machine even if the PFX BLOB specifies that they should go into local machine.

Return Value

If successful, this function returns the handle to a certificate store that contains the imported certificates, including available private keys. If the password parameter does not contain an exact match with the password used to encrypt the exported packet, or if there were any other problems decoding the PFX BLOB, the function returns NULL and an error code can be found by calling the GetLastError function.

The returned value HCERTSTORE is a temporary memory store that should be freed using CertCloseStore.

Remarks

When you have finished using szPassword, clear the password from memory by calling the SecureZeroMemory function.

Requirements

Header

wincrypt.h

Library

crypt32.lib

See Also

Reference

Certificates Functions
PFXExportCertStoreEx