Exporting Cryptographic Keys

  • Article

A version of this page is also available for

Windows Embedded CE 6.0 R3

4/8/2010

There are two occasions when it is necessary to export keys from the more secure Cryptographic Service Provider (CSP) environment—into a key BLOB:

  • To save a session key for use by an application.
    For example, if your application encodes a database file, and you want your application to decode it later, then your application must store the session key. This is necessary because CSPs do not preserve symmetric keys between sessions.
  • To send a key to someone.
    It would be much easier for your application if the respective CSPs could communicate directly, but they cannot. This means that the key must be exported from your CSP, transmitted by your application to the destination application, and then imported to the destination CSP.

The following table lists the functions you can use to create, configure, and destroy cryptographic keys, and to exchange them with other users.

Function Description

CryptDestroyKey

Destroys a key.

CryptExportKey

Exports a key from a CSP into a key BLOB in the application memory space.

CryptGenRandom

Generates random data, usually for salt values.

CryptGetKeyParam

Retrieves key parameters.

CryptGetUserKey

Gets a handle to the key exchange or signature key.

CryptImportKey

Imports a key from a key BLOB into a CSP.

CryptSetKeyParam

Specifies key parameters.

See Also

Concepts

Microsoft Cryptographic System
Importing Raw Cryptographic Keys

Other Resources

Cryptography
Certificates