Deze inhoud is niet beschikbaar in uw taal, maar wel in het Engels.

CryptDecryptMessage function

The CryptDecryptMessage function decodes and decrypts a message.


BOOL WINAPI CryptDecryptMessage(
  _In_              PCRYPT_DECRYPT_MESSAGE_PARA pDecryptPara,
  _In_        const BYTE                        *pbEncryptedBlob,
  _In_              DWORD                       cbEncryptedBlob,
  _Out_opt_         BYTE                        *pbDecrypted,
  _Inout_opt_       DWORD                       *pcbDecrypted,
  _Out_opt_         PCCERT_CONTEXT              *ppXchgCert


pDecryptPara [in]

A pointer to a CRYPT_DECRYPT_MESSAGE_PARA structure that contains decryption parameters.

pbEncryptedBlob [in]

A pointer to a buffer that contains the encoded and encrypted message to be decrypted.

cbEncryptedBlob [in]

The size, in bytes, of the encoded and encrypted message.

pbDecrypted [out, optional]

A pointer to a buffer that receives the decrypted message.

To set the size of this information for memory allocation purposes, this parameter can be NULL. A decrypted message will not be returned if this parameter is NULL. For more information, see Retrieving Data of Unknown Length.

pcbDecrypted [in, out, optional]

A pointer to a DWORD that specifies the size, in bytes, of the buffer pointed to by the pbDecrypted parameter. When the function returns, this variable contains the size, in bytes, of the decrypted message copied to pbDecrypted.

Note  When processing the data returned in the pbDecrypted buffer, applications must use the actual size of the data returned. The actual size can be slightly smaller than the size of the buffer specified in pcbDecrypted on input. On input, buffer sizes are usually specified large enough to ensure that the largest possible output data will fit in the buffer. On output, the DWORD is updated to the actual size of the data copied to the buffer.
ppXchgCert [out, optional]

A pointer to a CERT_CONTEXT structure of a certificate that corresponds to the private exchange key needed to decrypt the message. To indicate that the function should not return the certificate context used to decrypt, set this parameter to NULL.

Return value

If the function succeeds, the function returns nonzero (TRUE).

If the function fails, it returns zero (FALSE). For extended error information, call GetLastError.

Note  Errors from calls to CryptImportKey and CryptDecrypt might be propagated to this function.

The GetLastError function returns the following error codes most often.

Return codeDescription

If the buffer specified by the pbDecrypted parameter is not large enough to hold the returned data, the function sets the ERROR_MORE_DATA code, and stores the required buffer size, in bytes, in the variable pointed to by pcbDecrypted.


Invalid message and certificate encoding types. Currently only PKCS_7_ASN_ENCODING and X509_ASN_ENCODING_TYPE are supported. Invalid cbSize in *pDecryptPara.


Not an enveloped cryptographic message.


The message was encrypted by using an unknown or unsupported algorithm.


No certificate was found having a private key property to use for decrypting.


If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information about these errors, see ASN.1 Encoding/Decoding Return Values.


When NULL is passed for pbDecrypted, and pcbDecrypted is not NULL, NULL is returned for the address passed in ppXchgCert; otherwise, a pointer to a CERT_CONTEXT is returned. For a successfully decrypted message, this pointer to a CERT_CONTEXT points to the certificate context used to decrypt the message. It must be freed by calling CertFreeCertificateContext. If the function fails, the value at ppXchgCert is set to NULL.


For an example that uses this function, see Example C Program: Using CryptEncryptMessage and CryptDecryptMessage.


Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]







See also

Simplified Message Functions