SslCreateEphemeralKey function

The SslCreateEphemeralKey function creates an ephemeral key for use during the authentication that occurs during the Secure Sockets Layer protocol (SSL) handshake.

Syntax


SECURITY_STATUS WINAPI SslCreateEphemeralKey(
  _In_   NCRYPT_PROV_HANDLE hSslProvider,
  _Out_  NCRYPT_KEY_HANDLE *phEphemeralKey,
  _In_   DWORD dwProtocol,
  _In_   DWORD dwCipherSuite,
  _In_   DWORD dwKeyType,
  _In_   DWORD dwKeyBitLen,
  _In_   PBYTE pbParams,
  _In_   DWORD cbParams,
  _In_   DWORD dwFlags
);

Parameters

hSslProvider [in]

The handle of the SSL protocol provider instance.

phEphemeralKey [out]

The handle of the ephemeral key.

dwProtocol [in]

One of the CNG SSL Provider Protocol Identifier values.

dwCipherSuite [in]

One of the CNG SSL Provider Cipher Suite Identifier values.

dwKeyType [in]

One of the CNG SSL Provider Key Type Identifier values. Set this parameter to zero for key types that are not elliptic curve cryptography (ECC).

dwKeyBitLen [in]

The length, in bits, of the key.

pbParams [in]

A pointer to a buffer to contain parameters for the key that is to be created. If a Diffie-Hellman (ephemeral) key-exchange algorithm (DHE) cipher suite is not used, set the pbParams parameter to NULL and the cbParams parameter to zero.

cbParams [in]

The length, in bytes, of the data in the pbParams buffer.

dwFlags [in]

This parameter is reserved for future use.

Return value

If the function succeeds, it returns zero.

If the function fails, it returns a nonzero error value.

Return code/valueDescription
NTE_NO_MEMORY
0x8009000EL

There is insufficient memory to allocate the buffer.

NTE_INVALID_HANDLE
0x80090026L

The hSslProvider handle is not valid.

NTE_INVALID_PARAMETER
0x80090027L

One of the supplied parameters is not valid.

 

Remarks

When using a DHE cipher suite, the internal SSL implementation passes server p and g parameters to the SslCreateEphemeralKey function in the pbParams and cbParams parameters.

The format of the data in the pbParams buffer is the same as that used when setting the BCRYPT_DH_PARAMETERS property, and it starts with a BCRYPT_DH_PARAMETER_HEADER structure.

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

Sslprovider.h

DLL

Ncrypt.dll

 

 

Community Additions

ADD
Show:
© 2015 Microsoft