CPDecrypt

The CPDecrypt function is used to decrypt data that was previously encrypted with the CPEncrypt function. Optionally, the application can specify that a hash of the data is to be generated at the same time.

BOOL CPDecrypt(
  HCRYPTPROV hProv,  // in
  HCRYPTKEY hKey,    // in
  HCRYPTHASH hHash,  // in
  BOOL Final,        // in
  DWORD dwFlags,     // in
  BYTE *pbData,      // in, out
  DWORD *pdwDataLen  // in, out
);

Parameters

hProv
Handle to a particular key container (or "context") within the CSP. This handle is obtained via a call to CPAcquireContext.
hKey
Handle to the session key to be used for the decryption. This key specifies the decryption algorithm that is to be used.
hHash
Handle to a hash object. This parameter is used only if a hash of the data is to be computed at the same time the data is being decrypted.

If no hash is to be done, this parameter should be zero.

Final
Boolean value that specifies whether this is the last section in a series being decrypted. This will be TRUE if this is the last (or only) block, and FALSE otherwise.
dwFlags
Flag values. No flags are currently defined.
pbData
Buffer holding the data to be decrypted. Once the decryption has been performed, the plaintext is to be placed back in this same buffer. If a block cipher is used and dwFlags is TRUE, any padding data should be removed before returning the plaintext to the application.

This is somewhat simpler than the encryption case, since the plaintext generated is never larger than the ciphertext.

pdwDataLen
Address of the data length. Upon function entry, this specifies the number of bytes of ciphertext in the pbData buffer. If a block cipher is used and Final is FALSE, this value must be a multiple of the cipher block length. In other words, the CPDecrypt function is not required to buffer any data internally.

Upon exit, this parameter should indicate the number of bytes of plaintext placed in the pbData buffer.

Return Values

If the function succeeds, TRUE should be returned; otherwise, return FALSE. When FALSE is returned, the appropriate error code (see the following table) must be set via SetLastError.

Error Description
NTE_BAD_ALGID The hKey session key specifies an algorithm that this CSP does not support.
NTE_BAD_DATA The data to be decrypted is invalid. For example, when a block cipher is used and the Final flag is FALSE, the value specified by pdwDataLen must be a multiple of the block size. This error may also be returned when the padding is found to be invalid.
NTE_BAD_FLAGS The dwFlags parameter is non-zero.
NTE_BAD_HASH The hHash parameter contains an invalid handle.
NTE_BAD_KEY The hKey parameter does not contain a valid handle to a session key.
NTE_BAD_LEN The size of the output buffer is too small to hold the generated plaintext.
NTE_BAD_UID The CSP context that was specified when the key was created cannot now be found.
NTE_DOUBLE_ENCRYPT The application attempted to decrypt the same data twice.
NTE_FAIL The function failed in some unexpected way.

See Also

CPEncrypt, CPGenKey, CryptDecrypt