Windows Dev Center

SslExportKey function

The SslExportKey function returns an Secure Sockets Layer protocol (SSL) session key or public ephemeral key into a serialized BLOB.

Syntax


SECURITY_STATUS WINAPI SslExportKey(
  _In_      NCRYPT_PROV_HANDLE hSslProvider,
  _In_      NCRYPT_KEY_HANDLE  hKey,
  _In_      LPCWSTR            pszBlobType,
  _Out_opt_ PBYTE              pbOutput,
  _In_      DWORD              cbOutput,
  _Out_     DWORD              *pcbResult,
  _In_      DWORD              dwFlags
);

Parameters

hSslProvider [in]

The handle of the SSL protocol provider instance.

hKey [in]

The handle of the key to export.

When you are not specifying a key, set this parameter to NULL.

Note  A hKey handle is obtained by calling the SslOpenPrivateKey function. Handles obtained from the NCryptOpenKey function are not supported.
 
pszBlobType [in]

A null-terminated Unicode string that contains an identifier that specifies the type of BLOB to export. This can be one of the following values.

ValueMeaning
BCRYPT_DH_PUBLIC_BLOB

Export a Diffie-Hellman public key. The pbOutput buffer receives a BCRYPT_DH_KEY_BLOB structure immediately followed by the key data.

BCRYPT_ECCPUBLIC_BLOB

Export an elliptic curve cryptography (ECC) public key. The pbOutput buffer receives a BCRYPT_ECCKEY_BLOB structure immediately followed by the key data.

BCRYPT_OPAQUE_KEY_BLOB

Export a symmetric key in a format that is specific to a single cryptographic service provider (CSP). Opaque BLOBs are not transferable and must be imported by using the same cryptographic service provider (CSP) that generated the BLOB.

BCRYPT_RSAPUBLIC_BLOB

Export an RSA public key. The pbOutput buffer receives a BCRYPT_RSAKEY_BLOB structure immediately followed by the key data.

 

pbOutput [out, optional]

The address of a buffer that receives the key BLOB. The cbOutput parameter contains the size of this buffer. If this parameter is NULL, this function will place the required size, in bytes, in the DWORD pointed to by the pcbResult parameter.

cbOutput [in]

The size, in bytes, of the pbOutput buffer.

pcbResult [out]

The address of a DWORD variable that receives the number of bytes copied to the pbOutput buffer. If the pbOutput parameter is set to NULL when the function is called, the required size for the pbOutput buffer, in bytes, is returned in the DWORD pointed to by this parameter.

dwFlags [in]

Reserved for future use.

Return value

If the function succeeds, it returns zero.

If the function fails, it returns a nonzero error value.

Possible return codes include, but are not limited to, the following.

Return code/valueDescription
NTE_INVALID_HANDLE
0x80090026L

One of the provided handles is not valid.

 

Remarks

The SslExportKey function facilitates transporting session keys from one process to another as well as exporting the public portion an ephemeral key.

When exporting session keys, the BLOB type is opaque, meaning that the format of the BLOB is irrelevant as long as both the SslExportKey and SslImportKey functions can interpret it.

When exporting the public portion of an ephemeral key the BLOB type must be the appropriate type, such as NCRYPT_DH_PUBLIC_BLOB or NCRYPT_ECCPUBLIC_BLOB.

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

Sslprovider.h

DLL

Ncrypt.dll

 

 

Community Additions

ADD
Show:
© 2015 Microsoft