CardProcessEncryptedData function

CardProcessEncryptedData processes a set of encrypted data BLOBs by sending them to the card where the data BLOBs are decrypted.


DWORD WINAPI CardProcessEncryptedData(
  _In_      PCARD_DATA           pCardData,
  _In_      CARD_KEY_HANDLE      hKey,
  _In_      LPCWSTR              pwszSecureFunction,
  _In_      PCARD_ENCRYPTED_DATA pEncryptedData,
  _In_      DWORD                cEncryptedData,
  _Out_opt_ PBYTE                pbOutput,
  _In_      DWORD                cbOutput,
  _Out_opt_ PDWORD               pdwOutputLen,
  _In_      DWORD                dwFlags


pCardData [in]

Context information for the call. For more information, see CardAcquireContext.

hKey [in]

The handle of the cryptographic key to be used to decrypt the data.

pwszSecureFunction [in]

A pointer to a null-terminated Unicode string that contains the name of the function to be executed.

pEncryptedData [in]

Pointer to an array of CARD_ENCRYPTED_DATA structures that contain encrypted data BLOBs.

cEncryptedData [in]

The number of CARD_ENCRYPTED_DATA structures in the array pointed to by pEncryptedData.

pbOutput [out, optional]

A byte pointer to the data buffer that receives the decrypted data that is returned from the card minidriver.

cbOutput [in]

The maximum length, in bytes, of the buffer to which pbOutput points.

pdwOutputLen [out, optional]

A pointer to a variable that receives the returned length, in bytes, of the data in the buffer to which pbOutput points.

dwFlags [in]

A set of flags that specify options for the operation.

Return value

Zero on success; nonzero on failure.


If the card minidriver does not support processing secure data BLOBs, the function should return SCARD_E_UNSUPPORTED_FEATURE.

The dwFlags parameter is used to specify flag settings for optional parameters for the decryption operation. Currently, the only valid flag is CARD_BLOCK_PADDING, which specifies that the encrypted data was padded by using PKCS #5. For more information, see the description of CP_PADDING_SCHEMES in CardGetProperty.

If dwFlags contains an invalid or undefined value, the function should return SCARD_E_INVALID_PARAMETER.

If an unsupported pwszSecureFunction value is passed to CardProcessEncryptedData, the function should return SCARD_E_INVALID_PARAMETER.

Note  The minidriver may choose to define and support optional custom secure functions that are not defined in the specification.

The format of the data to which pEncryptedData points is card-dependent. The value of the pwszSecureFunction parameter specifies the context to which the decryption operation is performed.

This function can be called when CardAcquireContext is called in No_Card mode. This mode allows the application that receives data that the card encrypts to decrypt the data. In this situation, the hKey parameter is set to the value of a handle for a key that the minidriver manages.

The format of pbOutput depends on the value of the pwszSecureFunction parameter. The following table describes the different supported values for pwszSecureFunction along with the corresponding format for pbOutput.

pwszSecureFunction valuepbOutput typepbOutput value

The data contains a structure of type CARD_CHANGE_AUTHENTICATOR_RESPONSE.


The data contains a structure of type CARD_AUTHENTICATE_RESPONSE.



To determine the length of the buffer to allocate for pbOutput, a caller can first call CardProcessEncryptedData with pbOutput set to NULL. The required buffer length is returned in pdwOutputLen.


Target platform



Cardmod.h (include Cardmod.h)



Send comments about this topic to Microsoft