SslExportKey function
The SslExportKey function returns an Secure Sockets Layer protocol (SSL) session key or public ephemeral key into a serialized BLOB.
Syntax
SECURITY_STATUS WINAPI SslExportKey(
_In_ NCRYPT_PROV_HANDLE hSslProvider,
_In_ NCRYPT_KEY_HANDLE hKey,
_In_ LPCWSTR pszBlobType,
_Out_opt_ PBYTE pbOutput,
_In_ DWORD cbOutput,
_Out_ DWORD *pcbResult,
_In_ DWORD dwFlags
);
Parameters
-
hSslProvider [in]
-
The handle of the SSL protocol provider instance.
-
hKey [in]
-
The handle of the key to export.
When you are not specifying a key, set this parameter to NULL.
Note
A hKey handle is obtained by calling the SslOpenPrivateKey function. Handles obtained from the NCryptOpenKey function are not supported.
-
pszBlobType [in]
-
A null-terminated Unicode string that contains an identifier that specifies the type of BLOB to export. This can be one of the following values.
Value Meaning - BCRYPT_DH_PUBLIC_BLOB
Export a Diffie-Hellman public key. The pbOutput buffer receives a BCRYPT_DH_KEY_BLOB structure immediately followed by the key data. - BCRYPT_ECCPUBLIC_BLOB
Export an elliptic curve cryptography (ECC) public key. The pbOutput buffer receives a BCRYPT_ECCKEY_BLOB structure immediately followed by the key data. - BCRYPT_OPAQUE_KEY_BLOB
Export a symmetric key in a format that is specific to a single cryptographic service provider (CSP). Opaque BLOBs are not transferable and must be imported by using the same cryptographic service provider (CSP) that generated the BLOB. - BCRYPT_RSAPUBLIC_BLOB
Export an RSA public key. The pbOutput buffer receives a BCRYPT_RSAKEY_BLOB structure immediately followed by the key data. -
pbOutput [out, optional]
-
The address of a buffer that receives the key BLOB. The cbOutput parameter contains the size of this buffer. If this parameter is NULL, this function will place the required size, in bytes, in the DWORD pointed to by the pcbResult parameter.
-
cbOutput [in]
-
The size, in bytes, of the pbOutput buffer.
-
pcbResult [out]
-
The address of a DWORD variable that receives the number of bytes copied to the pbOutput buffer. If the pbOutput parameter is set to NULL when the function is called, the required size for the pbOutput buffer, in bytes, is returned in the DWORD pointed to by this parameter.
-
dwFlags [in]
-
Reserved for future use.
Return value
If the function succeeds, it returns zero.
If the function fails, it returns a nonzero error value.
Possible return codes include, but are not limited to, the following.
| Return code/value | Description |
|---|---|
|
One of the provided handles is not valid. |
Remarks
The SslExportKey function facilitates transporting session keys from one process to another as well as exporting the public portion an ephemeral key.
When exporting session keys, the BLOB type is opaque, meaning that the format of the BLOB is irrelevant as long as both the SslExportKey and SslImportKey functions can interpret it.
When exporting the public portion of an ephemeral key the BLOB type must be the appropriate type, such as NCRYPT_DH_PUBLIC_BLOB or NCRYPT_ECCPUBLIC_BLOB.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client |
Windows Vista [desktop apps only] |
| Minimum supported server |
Windows Server 2008 [desktop apps only] |
| Header |
|
| DLL |
|
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for