CryptImportPKCS8 function

[The CryptImportPKCS8 function is no longer available for use as of Windows Server 2008 and Windows Vista. Instead, use the PFXImportCertStore function.]

The CryptImportPKCS8 function imports the private key in PKCS #8 format to a cryptographic service provider (CSP).CryptImportPKCS8 will return a handle to the provider and the import KeySpec used.

Syntax

C++
Copy 

BOOL WINAPI CryptImportPKCS8(
  _In_      CRYPT_PKCS8_IMPORT_PARAMS sPrivateKeyAndParams,
  _In_      DWORD                     dwFlags,
  _Out_opt_ HCRYPTPROV                *phCryptProv,
  _In_opt_  void                      *pvAuxInfo
);

Parameters

sPrivateKeyAndParams [in]

A CRYPT_PKCS8_IMPORT_PARAMS structure that contains the private key BLOB and corresponding parameters.

dwFlags [in]

A DWORD value. This parameter can be one of the following values, a combination of them, or a null value.

ValueMeaning
CRYPT_EXPORTABLE

The key being imported is eventually to be reexported. If this flag is not used, then calls to CryptExportKey with the key handle fail.

CRYPT_USER_PROTECTED

If this flag is set, the CSP notifies the user through a dialog box or some other method when certain actions are attempted using this key. The precise behavior is specified by the CSP or the CSP type used. If the provider context was acquired with CRYPT_SILENT set, using this flag causes a failure, and the last error is set to NTE_SILENT_CONTEXT.

 

phCryptProv [out, optional]

A pointer to the HCRYPTPROV to receive the handle of the provider into which the key is imported by calling the CryptImportPKCS8 function.

When you have finished using the handle, free the handle by calling CryptReleaseContext.

This parameter can be NULL, in which case the handle of the provider is not returned.

pvAuxInfo [in, optional]

This parameter must be NULL.

Return value

If the function succeeds, the function returns nonzero (TRUE).

If the function fails, it returns zero (FALSE). For extended error information, call GetLastError.

The following error code is specific to this function.

Return codeDescription
ERROR_UNSUPPORTED_TYPE

The algorithm object identifier (OID) of the private key is not supported.

 

If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information about these errors, see ASN.1 Encoding/Decoding Return Values.

Remarks

CryptImportPKCS8 calls the PCRYPT_RESOLVE_HCRYPTPROV_FUNC function by using the CRYPT_PKCS8_IMPORT_PARAMS structure contained in the sPrivateKeyAndParams parameter to retrieve a handle of the provider to which to import the key. If PCRYPT_RESOLVE_HCRYPTPROV_FUNC is NULL, then the default provider is used.

This function is only supported for asymmetric keys.

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

End of client support

Windows XP

End of server support

Windows Server 2003

Header
Wincrypt.h

Library
Crypt32.lib

DLL
Crypt32.dll

See also

CRYPT_PKCS8_IMPORT_PARAMS
CryptExportPKCS8Ex
CryptReleaseContext
PCRYPT_DECRYPT_PRIVATE_KEY_FUNC
PCRYPT_RESOLVE_HCRYPTPROV_FUNC

 

 

Show: