Page 14

Microsoft Windows 7 Kernel Mode Cryptographic Primitives Library (cng.sys) Security Policy Document

This Security Policy is non-proprietary and may be reproduced only in its original entirety (without revision)

NTSTATUS WINAPI BCryptDuplicateKey(

BCRYPT_KEY_HANDLE hKey,

BCRYPT_KEY_HANDLE *phNewKey,

PUCHAR pbKeyObject,

ULONG cbKeyObject,

ULONG dwFlags);

The BCryptDuplicateKey() function creates a duplicate of a symmetric key.

5.4.5 BCryptDestroyKey

NTSTATUS WINAPI BCryptDestroyKey(

BCRYPT_KEY_HANDLE hKey);

The BCryptDestroyKey() function destroys a key.

5.5 Key Entry and Output

5.5.1 BCryptImportKey

NTSTATUS WINAPI BCryptImportKey(

BCRYPT_ALG_HANDLE hAlgorithm,

BCRYPT_KEY_HANDLE hImportKey,

LPCWSTR pszBlobType,

BCRYPT_KEY_HANDLE *phKey,

PUCHAR pbKeyObject,

ULONG cbKeyObject,

PUCHAR pbInput,

ULONG cbInput,

ULONG dwFlags);

The BCryptImportKey() function imports a symmetric key from a key blob.

hAlgorithm [in] is the handle of the algorithm provider to import the key. This handle is obtained by

calling the BCryptOpenAlgorithmProvider function.

hImportKey [in, out] is not currently used and should be NULL.

pszBlobType [in] is a null-terminated Unicode string that contains an identifier that specifies the type of

BLOB that is contained in the

pbInput buffer. pszBlobType can be one of

BCRYPT_AES_WRAP_KEY_BLOB, BCRYPT_KEY_DATA_BLOB and BCRYPT_OPAQUE_KEY_BLOB.

phKey [out] is a pointer to a BCRYPT_KEY_HANDLE that receives the handle of the imported key that is

used in subsequent functions that require a key, such as BCryptEncrypt. This handle must be released

when it is no longer needed by passing it to the BCryptDestroyKey function.

pbKeyObject [out] is a pointer to a buffer that receives the imported key object. The cbKeyObject

parameter contains the size of this buffer. The required size of this buffer can be obtained by calling the

BCryptGetProperty function to get the BCRYPT_OBJECT_LENGTH property. This will provide the size of

the key object for the specified algorithm. This memory can only be freed after the

phKey key handle is

destroyed.

cbKeyObject [in] is the size, in bytes, of the pbKeyObject buffer.

pbInput [in] is the address of a buffer that contains the key BLOB to import.

The

cbInput parameter contains the size of this buffer.

The

pszBlobType parameter specifies the type of key BLOB this buffer contains.

cbInput [in] is the size, in bytes, of the pbInput buffer.

dwFlags [in] is a set of flags that modify the behavior of this function. No flags are currently defined, so

this parameter should be zero.

DES keys can also be imported into KSECDD.SYS via FipsDesKey(). DESTable struct can be exported out

of KSECDD.SYS via FipsDesKey(). DESTable struct can be imported into KSECDD.SYS via FipsDes() or

FipsCBC().