CryptImportKey

[New - Windows NT]

[New - Windows 95, OEM Service Release 2]

The CryptImportKey function is used to transfer a cryptographic key from a key blob to the CSP.

BOOL CRYPTFUNC CryptImportKey(

HCRYPTPROV hProv,  
BYTE *pbData,  
DWORD dwDataLen,  
HCRYPTKEY hImpKey,  
DWORD dwFlags,  
HCRYPTKEY *phKey  
);  

Parameters

hProv

[in] A handle to the application's CSP. An application obtains this handle using the CryptAcquireContext function.

pbData

[in] The buffer containing the key blob. This key blob was generated by the CryptExportKey function, either by this same application or by another application running on a distant computer.

This key blob consists of a standard header followed by the encrypted key.

dwDataLen

[in] The length, in bytes, of the key blob.

hImpKey

[in] The meaning of this parameter differs, depending on the CSP type and the type of key blob being imported.

If the key blob is not encrypted (for example, a PUBLICKEYBLOB) or if the key blob is encrypted with the key exchange key pair (for example, a SIMPLEBLOB), then this parameter is not used, and should be zero.

If a signed key blob is being imported, this key is used to validate the signature of the key blob. In this case, this parameter should contain a handle to the key exchange public key of the party that created the key blob.

If the key blob is encrypted with a session key (for example, an encrypted PRIVATEKEYBLOB), then this parameter should contain a handle to this session key.

dwFlags

[in] The flag values. This parameter is currently only used when a public/private key pair is being imported into the CSP (in the form of a PRIVATEKEYBLOB). In this case, if the CRYPT_EXPORTABLE flag is set then subsequent applications will be permitted to export the private key back out of the CSP.

phKey

[out] The address to which the function copies a handle to the key that was imported.

Return Values

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To retrieve extended error information, use the GetLastError function.

The following table lists the error codes most commonly returned by the GetLastError function. The error codes prefaced by "NTE" are generated by the particular CSP you are using.

Error Description
ERROR_INVALID_HANDLE One of the parameters specifies an invalid handle.
ERROR_INVALID_PARAMETER One of the parameters contains an invalid value. This is most often an illegal pointer.
NTE_BAD_ALGID The simple key blob you are trying to import is not encrypted with the expected key exchange algorithm.
NTE_BAD_DATA The algorithm that works with the public key you are trying to import is not supported by this CSP.
NTE_BAD_FLAGS The dwFlags parameter is nonzero.
NTE_BAD_TYPE The key blob type is not supported by this CSP and is possibly invalid.
NTE_BAD_UID The hProv parameter does not contain a valid context handle.
NTE_BAD_VER The key blob's version number does not match the CSP version. This usually indicates that the CSP needs to be upgraded.

Example

#include <wincrypt.h>

FILE *hSourceFile = NULL;

HCRYPTPROV hProv = 0;

HCRYPTKEY hKey = 0;

BYTE *pbKeyBlob = NULL;

DWORD dwBlobLen;

// Open file, getting file handle 'hSourceFile'.

...

// Get handle to the default provider.

if(!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0)) {

printf("Error %x during CryptAcquireContext!\n", GetLastError());

goto done;

}

// Read key blob length from file and allocate memory.

fread(&dwBlobLen, sizeof(DWORD), 1, hSourceFile);

pbKeyBlob = malloc(dwBlobLen);

// Read key blob from file.

fread(pbKeyBlob, 1, dwBlobLen, hSourceFile);

// Import key blob into CSP.

if(!CryptImportKey(hProv, pbKeyBlob, dwBlobLen, 0, 0, &hKey)) {

printf("Error %x during CryptImportKey!\n", GetLastError());

free(pbKeyBlob);

goto done;

}

// Free memory.

free(pbKeyBlob);

// Use 'hKey' to perform cryptographic operations.

...

done:

// Destroy session key.

if(hKey) CryptDestroyKey(hKey);

// Release provider handle.

if(hProv) CryptReleaseContext(hProv, 0);

See Also

CryptAcquireContext, CryptDestroyKey, CryptExportKey