Master keys can be imported into the CSP within SIMPLEBLOBs using CPImportKey. The handle returned by this function should be equivalent to the handle returned by CPGenKey when a master key is created.
See the CPGenKey and CPExportKey sections.
If CPImportKey is used to import an SSL2 master key and the CRYPT_SSL2_FALLBACK flag is set, the encryption block padding should be examined after the RSA decryption. If the first 8 bytes are all equal to 0x03 then an error such as NTE_BAD_VER should be returned. This helps prevent version rollback attacks and is discussed in the SSL3 specification.
See CPImportKey.