BCryptSecretAgreement function (bcrypt.h)
The BCryptSecretAgreement function creates a secret agreement value from a private and a public key.
Syntax
NTSTATUS BCryptSecretAgreement(
[in] BCRYPT_KEY_HANDLE hPrivKey,
[in] BCRYPT_KEY_HANDLE hPubKey,
[out] BCRYPT_SECRET_HANDLE *phAgreedSecret,
[in] ULONG dwFlags
);
Parameters
[in] hPrivKey
The handle of the private key to use to create the secret agreement value. This key and the hPubKey key must come from the same CNG cryptographic algorithm provider.
[in] hPubKey
The handle of the public key to use to create the secret agreement value. This key and the hPrivKey key must come from the same CNG cryptographic algorithm provider.
[out] phAgreedSecret
A pointer to a BCRYPT_SECRET_HANDLE that receives a handle that represents the secret agreement value. This handle must be released by passing it to the BCryptDestroySecret function when it is no longer needed.
[in] dwFlags
A set of flags that modify the behavior of this function. No flags are defined for this function.
Return value
Returns a status code that indicates the success or failure of the function.
Possible return codes include, but are not limited to, the following.
| Return code | Description |
|---|---|
|
The function was successful. |
|
The key handle in the hPrivKey or hPubKey parameter is not valid. |
|
One or more parameters are not valid. |
|
The key handle in the hPrivKey parameter is not a Diffie-Hellman key. |
Remarks
Depending on what processor modes a provider supports, BCryptSecretAgreement can be called either from user mode or kernel mode. Kernel mode callers can execute either at PASSIVE_LEVEL IRQL or DISPATCH_LEVEL IRQL. If the current IRQL level is DISPATCH_LEVEL, the handles provided in the hPrivKey and hPubKey parameters must be derived from an algorithm handle returned by a provider that was opened by using the BCRYPT_PROV_DISPATCH flag, and any pointers passed to the BCryptSecretAgreement function must refer to nonpaged (or locked) memory.
To call this function in kernel mode, use Cng.lib, which is part of the Driver Development Kit (DDK). Windows Server 2008 and Windows Vista: To call this function in kernel mode, use Ksecdd.lib.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps | UWP apps] |
| Minimum supported server | Windows Server 2008 [desktop apps | UWP apps] |
| Target Platform | Windows |
| Header | bcrypt.h |
| Library | Bcrypt.lib |
| DLL | Bcrypt.dll |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for