BCryptGenerateSymmetricKey function (bcrypt.h)
The BCryptGenerateSymmetricKey function creates a key object for use with a symmetrical key encryption algorithm from a supplied key.
Syntax
NTSTATUS BCryptGenerateSymmetricKey(
[in, out] BCRYPT_ALG_HANDLE hAlgorithm,
[out] BCRYPT_KEY_HANDLE *phKey,
[out, optional] PUCHAR pbKeyObject,
[in] ULONG cbKeyObject,
[in] PUCHAR pbSecret,
[in] ULONG cbSecret,
[in] ULONG dwFlags
);
Parameters
[in, out] hAlgorithm
The handle of an algorithm provider created with the BCryptOpenAlgorithmProvider function. The algorithm specified when the provider was created must support symmetric key encryption.
[out] phKey
A pointer to a BCRYPT_KEY_HANDLE that receives the handle of the key. This handle is used in subsequent functions that require a key, such as BCryptEncrypt. This handle must be released when it is no longer needed by passing it to the BCryptDestroyKey function.
[out, optional] pbKeyObject
A pointer to a buffer that receives the key object. The cbKeyObject parameter contains the size of this buffer. The required size of this buffer can be obtained by calling the BCryptGetProperty function to get the BCRYPT_OBJECT_LENGTH property. This will provide the size of the key object for the specified algorithm.
This memory can only be freed after the phKey key handle is destroyed.
If the value of this parameter is NULL and the value of the cbKeyObject parameter is zero, the memory for the key object is allocated and freed by this function.Windows 7: This memory management functionality is available beginning with Windows 7.
[in] cbKeyObject
The size, in bytes, of the pbKeyObject buffer.
If the value of this parameter is zero and the value of the pbKeyObject parameter is NULL, the memory for the key object is allocated and freed by this function.Windows 7: This memory management functionality is available beginning with Windows 7.
[in] pbSecret
Pointer to a buffer that contains the key from which to create the key object. The cbSecret parameter contains the size of this buffer. This is normally a hash of a password or some other reproducible data. If the data passed in exceeds the target key size, the data will be truncated and the excess will be ignored.
[in] cbSecret
The size, in bytes, of the pbSecret buffer.
[in] dwFlags
A set of flags that modify the behavior of this function. No flags are currently defined, so this parameter should be zero.
Return value
Returns a status code that indicates the success or failure of the function.
Possible return codes include, but are not limited to, the following.
Return code | Description |
---|---|
|
The function was successful. |
|
The size of the key object specified by the cbKeyObject parameter is not large enough to hold the key object. |
|
The algorithm handle in the hAlgorithm parameter is not valid. |
|
One or more parameters are not valid. |
Remarks
Depending on what processor modes a provider supports, BCryptGenerateSymmetricKey can be called either from user mode or kernel mode. Kernel mode callers can execute either at PASSIVE_LEVEL IRQL or DISPATCH_LEVEL IRQL. If the current IRQL level is DISPATCH_LEVEL, the handle provided in the hAlgorithm parameter must have been opened by using the BCRYPT_PROV_DISPATCH flag, and any pointers passed to the BCryptGenerateSymmetricKey function must refer to nonpaged (or locked) memory.
To call this function in kernel mode, use Cng.lib, which is part of the Driver Development Kit (DDK). Windows Server 2008 and Windows Vista: To call this function in kernel mode, use Ksecdd.lib.
Requirements
Requirement | Value |
---|---|
Minimum supported client | Windows Vista [desktop apps | UWP apps] |
Minimum supported server | Windows Server 2008 [desktop apps | UWP apps] |
Target Platform | Windows |
Header | bcrypt.h |
Library | Bcrypt.lib |
DLL | Bcrypt.dll |