Skip to main content
CryptographicEngine.Decrypt | decrypt method

Decrypts content that was previously encrypted by using a symmetric or asymmetric algorithm.


var iBuffer = Windows.Security.Cryptography.Core.CryptographicEngine.decrypt(key, data, iv);

public static IBuffer Decrypt(
  CryptographicKey key, 
  IBuffer data, 
  IBuffer iv

Public Shared Function Decrypt(
  key As CryptographicKey,  
  data As IBuffer,  
  iv As IBuffer 
) As IBuffer

static IBuffer^ Decrypt(
  CryptographicKey^ key, 
  IBuffer^ data, 
  IBuffer^ iv



Type: CryptographicKey

Cryptographic key to use for decryption. This can be an asymmetric or a symmetric key. For more information, see AsymmetricKeyAlgorithmProvider and SymmetricKeyAlgorithmProvider.


Type: IBuffer

Buffer that contains the encrypted data.


Type: IBuffer

Buffer that contains the initialization vector. If an initialization vector (IV) was used to encrypt the data, you must use the same IV to decrypt the data. For more information, see Encrypt.

Return value

Type: IBuffer

Decrypted data.


The key parameter can be a persisted key obtained from a certificate using the PersistedKeyProvider class.

If the key is a persisted key and the decrypt operation requires UI or takes a long time, use the DecryptAsync method instead. For example, UI is required when decrypting using a key that is strongly protected. In the case where a persisted key is used and UI is expected, use the DecryptAsync method as the Decrypt method will fail.


public void SampleCipherDecryption(
    String strAlgName,
    IBuffer buffEncrypt,
    IBuffer iv,
    BinaryStringEncoding encoding,
    CryptographicKey key)
    // Declare a buffer to contain the decrypted data.
    IBuffer buffDecrypted;

    // Open an symmetric algorithm provider for the specified algorithm. 
    SymmetricKeyAlgorithmProvider objAlg = SymmetricKeyAlgorithmProvider.OpenAlgorithm(strAlgName);

    // The input key must be securely shared between the sender of the encrypted message
    // and the recipient. The initialization vector must also be shared but does not
    // need to be shared in a secure manner. If the sender encodes a message string 
    // to a buffer, the binary encoding method must also be shared with the recipient.
    buffDecrypted = CryptographicEngine.Decrypt(key, buffEncrypt, iv);

    // Convert the decrypted buffer to a string (for display). If the sender created the
    // original message buffer from a string, the sender must tell the recipient what 
    // BinaryStringEncoding value was used. Here, BinaryStringEncoding.Utf8 is used to
    // convert the message to a buffer before encryption and to convert the decrypted
    // buffer back to the original plaintext.
    String strDecrypted = CryptographicBuffer.ConvertBinaryToString(encoding, buffDecrypted);

Requirements (Windows 10 device family)

Device family

Universal, introduced version 10.0.10240.0

API contract

Windows.Foundation.UniversalApiContract, introduced version 1.0


Windows::Security::Cryptography::Core [C++]



Requirements (Windows 8.x and Windows Phone 8.x)

Minimum supported client

Windows 8

Minimum supported server

Windows Server 2012

Minimum supported phone

Windows Phone 8.1 [Windows Runtime apps only]


Windows::Security::Cryptography::Core [C++]



See also

Cryptographic keys