Important:
This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
A version of this page is also available for
4/8/2010

This function transfers a cryptographic key from a key binary large object (BLOB) to the cryptographic service provider (CSP). This function can be used to import an Schannel session key, regular session key, public key, or public/private key pair. For all but the public key, the key or key pair is encrypted.

Syntax

BOOL WINAPI CryptImportKey( 
  HCRYPTPROV 
hProv, 
  BYTE* 
pbData, 
  DWORD 
dwDataLen, 
  HCRYPTKEY 
hPubKey, 
  DWORD 
dwFlags, 
  HCRYPTKEY* 
phKey
);

Parameters

hProv

[in] HCRYPTPROVhandle to a CSP created by a call to the CryptAcquireContextfunction.

pbData

[in] Pointer to the buffer containing the key BLOB. This key BLOB was generated by the CryptExportKeyfunction, either by this application or by another application running on a different computer.

This key BLOB consists of a standard header followed by the encrypted key.

dwDataLen

[in] Specifies the length, in bytes, of the key BLOB.

hPubKey

[in] The meaning of this parameter differs, depending on the CSP type and the type of key BLOB being imported.

If a signed key BLOB is being imported, this key is used to validate the signature of the key BLOB. In this case, this parameter contains a handle to the key exchange public key of the party that created the key BLOB.

If the key BLOB is encrypted with the key exchange key pair, for example, a SIMPLEBLOB, this parameter contains the handle to the key exchange key.

If the key BLOB is encrypted with a session key, for example, an encrypted PRIVATEKEYBLOB, this parameter contains a handle to this session key.

If the key BLOB is not encrypted, for example, a PUBLICKEYBLOB, this parameter is not used and must be set zero.

If the key BLOB is encrypted with a session key in an Schannel CSP, for example, an encrypted OPAQUEKEYBLOB, this parameter is not used and must be set to zero.

dwFlags

[in] Currently used only when a public/private key pair in the form of a PRIVATEKEYBLOB is imported into the CSP.

The following table shows defined flag values.

Value Description

CRYPT_EXPORTABLE

The key being imported is eventually to be re-exported. If this flag is not used, then calls to CryptExportKeywith the key handle fail.

CRYPT_NO_SALT

Specifies that a no-salt value gets allocated for a 40-bit symmetric key.

phKey

[out] Pointer to the HCRYPTKEYhandle to the key that was imported.

Return Value

TRUE indicates success. FALSE indicates failure. To get extended error information, call the GetLastErrorfunction. The following table shows common values for the GetLastErrorfunction. The error values prefaced by NTE are generated by the particular CSP you are using.

Value Description

ERROR_INVALID_HANDLE

One of the parameters specifies an invalid handle.

ERROR_INVALID_PARAMETER

One of the parameters contains an invalid value. This is most often an illegal pointer.

NTE_BAD_ALGID

The simple key BLOB you are trying to import is not encrypted with the expected key exchange algorithm.

NTE_BAD_DATA

Either the algorithm that works with the public key you are trying to import is not supported by this CSP, or an attempt was made to import a session key that was encrypted with something other than one of YOUR public keys.

NTE_BAD_FLAGS

The dwFlagsparameter specified is invalid.

NTE_BAD_TYPE

The key BLOB type is not supported by this CSP and is possibly invalid.

NTE_BAD_UID

The hProvparameter does not contain a valid context handle.

NTE_BAD_VER

The key BLOB's version number does not match the CSP version. This usually indicates that the CSP needs to be upgraded.

Example Code

Copy Code
#include <wincrypt.h>
FILE *hSourceFile = NULL;
HCRYPTPROV hProv = 0;
HCRYPTKEY hKey = 0;
BYTE *pbKeyBlob = NULL;
DWORD dwBlobLen;
// Open the file, getting the file handle 'hSourceFile'.
...
// Get a handle to the default provider using CryptAcquireContext.
// For sample code, see <A
HREF="wce50lrfcryptacquirecontext.htm">CryptAcquireContext</A>.
...
// Read the key BLOB length from the file and allocate memory.
fread(&dwBlobLen, sizeof(DWORD), 1, hSourceFile);
pbKeyBlob = malloc(dwBlobLen);
// Read the key BLOB from the file.
fread(pbKeyBlob, 1, dwBlobLen, hSourceFile);
// Import the key BLOB into the CSP.
if(!CryptImportKey(hProv, pbKeyBlob, dwBlobLen, 0, 0, &hKey)) {
 printf("Error %x during CryptImportKey!\n", GetLastError());
 free(pbKeyBlob);
 goto done;
}
// Free memory.
free(pbKeyBlob);
// Use 'hKey' to perform cryptographic operations.
...
done:
// Destroy the session key.
if(hKey) CryptDestroyKey(hKey);
// Free the provider handle.
if(hProv) CryptReleaseContext(hProv, 0);
 

Requirements

Header wincrypt.h
Library coredll.lib
Windows Embedded CE Windows CE 2.10 and later
Windows Mobile Windows Mobile Version 5.0 and later

See Also