CardImportSessionKey function

The CardImportSessionKey function imports a temporary session key to the card. The session key is encrypted with a key exchange key, and the function returns a handle of the imported session key to the caller.

Syntax


DWORD WINAPI CardImportSessionKey(
  _In_  PCARD_DATA pCardData,
  _In_  BYTE       bContainerIndex,
  _In_  VOID       *pPaddingInfo,
  _In_  LPCWSTR    pwszBlobType,
  _In_  LPCWSTR    pwszAlgId,
  _Out_ LPCWSTR    phKey,
  _In_  PBYTE      pbInput,
  _In_  DWORD      cbInput,
  _In_  DWORD      dwFlags
);

Parameters

pCardData [in]

Context information for the call. For more information, see CardAcquireContext.

bContainerIndex [in]

Index number for the container that is used to decrypt the key material in pbInput. This index value must identify an RSA key container. ECC keys cannot be used for this decryption operation.

pPaddingInfo [in]

A pointer to a structure that contains padding information. The type of structure to which this parameter points depends on the value of the dwFlags parameter.

pwszBlobType [in]

A pointer to a null-terminated Unicode string. This string identifies the type of BLOB in the pbInput buffer.

pwszAlgId [in]

A pointer to a null-terminated Unicode string. This string identifies algorithm of the key inside encrypted data. For more information, see the description of CP_ENUM_ALGORITHMS in CardGetProperty.

phKey [out]

A pointer to a CARD_KEY_HANDLE that receives the handle of the imported key. This handle is used in subsequent functions that require the key, such as CardProcessEncryptedData. The handle must be released when it is no longer needed by calling CardDestroyKey.

pbInput [in]

A byte pointer to the buffer that contains the key BLOB to be imported. The cbInput contains the size of this buffer. The pwszBlobType parameter specifies the type of key BLOB that this buffer contains. Everything should be encrypted with the exception of the BLOB header, if it is present.

cbInput [in]

IThe size, in bytes, of the key BLOB in the pbInput buffer.

dwFlags [in]

Index number for the container that is used to decrypt the key material in pbInput. This index value must identify an RSA key container. ECC keys cannot be used for this decryption operation.

Return value

Zero on success; otherwise, nonzero.

Remarks

If the card minidriver does not support the import of temporary symmetric keys, the function should return SCARD_E_UNSUPPORTED_FEATURE.

The following table describes the string values that are valid for the pwszBlobType parameter.

String valueDescription
"KeyDataBlob"

The pbInput parameter is a pointer to a buffer that contains a BCRYPT_KEY_DATA_BLOB_HEADER structure. The key BLOB data immediately follows the BCRYPT_KEY_DATA_BLOB_HEADER structure in the buffer.

 

If pwszBlobType contains an invalid or undefined value, the function should return SCARD_E_INVALID_PARAMETER. For legacy applications and cards that use the minidriver interface for secure key injection, the minidriver can accept proprietary BLOB types.

If pwszAlgId contains an invalid or undefined value, the function should return SCARD_E_INVALID_PARAMETER. If the pwszAlgId value is defined but not supported, the function should return SCARD_E_UNSUPPORTED_FEATURE. For legacy cards, the minidriver can support other algorithms.

When the function returns, the phKey parameter should contain a handle to the imported key. If the parameter does not contain a valid pointer, the function should return SCARD_E_INVALID_PARAMETER. The key is expected to be valid until either CardDestroyKey is called or the card is removed from the reader.

The flags in the following table can be set in the dwFlags parameter.

Flag valueDescription
CARD_PADDING_NONE

No padding was used. The pPaddingInfo parameter is not used.

CARD_PADDING_PKCS1

The data was padded with a random number when the data was encrypted. The pPaddingInfo parameter is not used.

CARD_PADDING_OAEP

The OAEP scheme was used when the data was encrypted. The pPaddingInfo parameter is a pointer to a BCRYPT_OAEP_PADDING_INFO structure.

 

Note  Only one flag can be set in the dwFlags parameter.
 

If dwFlags contains an invalid or undefined value, the function should return SCARD_E_INVALID_PARAMETER. If dwFlags contains a value that is defined but not supported, the function should return SCARD_E_UNSUPPORTED_FEATURE.

Only users can create symmetric keys. If an administrator attempts to import a symmetric key, the function should return SCARD_W_SECURITY_VIOLATION.

Error checking is performed based on the order of cost. The minidriver should perform all parameter verification first without communicating to the card. Error conditions that would result in a return of SCARD_E_UNSUPPORTED_FEATURE must be checked first.

Requirements

Target platform

Header

Cardmod.h (include Cardmod.h)

See also

BCRYPT_KEY_DATA_BLOB_HEADER

 

 

Send comments about this topic to Microsoft

Show: