Important:
This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
A version of this page is also available for
4/8/2010

This function imports a Personal Information Exchange (PFX) BLOB and returns the handle of a store containing certificates and any associated private keys.

PFX format is also known as Public-Key Cryptography Standards #12 (PKCS #12) format.

Syntax 

HCERTSTORE WINAPI PFXImportCertStore(
  CRYPT_DATA_BLOB* 
pPFX,
  LPCWSTR 
szPassword,
  DWORD 
dwFlags
);

Parameters

pPFX

[in] Pointer to a CRYPT_DATA_BLOBstructure containing a PFX packet with the exported and encrypted certificates and keys.

szPassword

[in] String password used to decrypt and verify the PFX packet. This password must be exactly the same as the password that was used to encrypt the packet.

dwFlags

[in] Flag values can be set to the following.

Flag value Description

CRYPT_EXPORTABLE

Imported keys are marked as exportable If this flag is not used, calls to CryptExportKeywith the key handle fail.

CRYPT_USER_PROTECTED

The user is to be notified through a dialog box or another method when certain actions are attempting to use this key. The precise behavior is specified by the Cryptographic Service Provider (CSP) that is being used. If the provider context was opened with the CRYPT_SILENT flag set, using this flag causes a failure and the last error is set to NTE_SILENT_CONTEXT.

CRYPT_MACHINE_KEYSET

The private keys are stored under local machine and not the current user.

CRYPT_USER_KEYSET

The private keys are stored under the current user and not the local machine even if the PFX BLOB specifies that they should go into local machine.

Return Value

If successful, this function returns the handle to a certificate store that contains the imported certificates, including available private keys. If the password parameter does not contain an exact match with the password used to encrypt the exported packet, or if there were any other problems decoding the PFX BLOB, the function returns NULL and an error code can be found by calling the GetLastErrorfunction.

The returned value HCERTSTOREis a temporary memory store that should be freed using CertCloseStore.

Remarks

When you have finished using szPassword, clear the password from memory by calling the SecureZeroMemoryfunction.

Requirements

Header wincrypt.h
Library crypt32.lib
Windows Embedded CE Windows CE 5.0 and later
Windows Mobile Windows Mobile Version 5.0 and later

See Also