Il contenuto non è disponibile nella lingua di destinazione, ma solo in inglese.

CryptExportPKCS8 function

[The CryptExportPKCS8 function is no longer available for use as of Windows Server 2008 and Windows Vista. Instead, use the PFXExportCertStoreEx function.]

The CryptExportPKCS8 function exports the private key in PKCS #8 format. The function is superseded by CryptExportPKCS8Ex, which also may be altered or unavailable in subsequent versions.


  _In_      HCRYPTPROV hCryptProv,
  _In_      DWORD      dwKeySpec,
  _In_      LPSTR      pszPrivateKeyObjId,
  _In_      DWORD      dwFlags,
  _In_opt_  void       *pvAuxInfo,
  _Out_opt_ BYTE       *pbPrivateKeyBlob,
  _Inout_   DWORD      *pcbPrivateKeyBlob


hCryptProv [in]

An HCRYPTPROV variable that contains the cryptographic service provider (CSP). This is a handle to the CSP obtained by calling CryptAcquireContext.

dwKeySpec [in]

A DWORD variable that contains the key specification. The following dwKeySpec values are defined for the default provider.


Keys used to encrypt/decrypt session keys.


Keys used to create and verify digital signatures.


pszPrivateKeyObjId [in]

An LPSTR variable that contains the private key object identifier (OID).

dwFlags [in]

This parameter should be zero if pbPrivateKeyBlob is NULL and 0x8000 otherwise.

pvAuxInfo [in, optional]

This parameter must be set to NULL.

pbPrivateKeyBlob [out, optional]

A pointer to an array of BYTE structures to receive the private key to be exported. The private key will contain the information in a PKCS #8 PrivateKeyInfo Abstract Syntax Notation One (ASN.1) type found in the PKCS #8 standard.

For memory allocation purposes, you can get the size of the private key to be exported by setting this parameter to NULL. For more information, see Retrieving Data of Unknown Length.

pcbPrivateKeyBlob [in, out]

A pointer to a DWORD that may contain, on input, the size, in bytes, of the memory allocation needed to contain the pbPrivateKeyBlob. If pbPrivateKeyBlob is NULL, this parameter will return the size of the memory allocation needed for a second call to the function. For more information, see Retrieving Data of Unknown Length.

Return value

If the function succeeds, the function returns nonzero.

If the function fails, it returns zero. For extended error information, call GetLastError.

The following error codes are specific to this function.

Return codeDescription

An export function that can be installed or registered could not be found.


If the buffer specified by the pbPrivateKeyBlob parameter is not large enough to hold the returned data, the function sets the ERROR_MORE_DATA code and stores the required buffer size, in bytes, in the variable pointed to by the pcbPrivateKeyBlob parameter.


If the function fails, GetLastError may return an ASN.1 encoding/decoding error. For information about these errors, see ASN.1 Encoding/Decoding Return Values.


This function is only supported for asymmetric keys.


Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

End of client support

Windows XP

End of server support

Windows Server 2003







See also

Retrieving Data of Unknown Length