CryptDecryptMessage function (wincrypt.h)

The CryptDecryptMessage function decodes and decrypts a message.


BOOL CryptDecryptMessage(
  [in]                PCRYPT_DECRYPT_MESSAGE_PARA pDecryptPara,
  [in]                const BYTE                  *pbEncryptedBlob,
  [in]                DWORD                       cbEncryptedBlob,
  [out, optional]     BYTE                        *pbDecrypted,
  [in, out, optional] DWORD                       *pcbDecrypted,
  [out, optional]     PCCERT_CONTEXT              *ppXchgCert


[in] pDecryptPara

A pointer to a CRYPT_DECRYPT_MESSAGE_PARA structure that contains decryption parameters.

[in] pbEncryptedBlob

A pointer to a buffer that contains the encoded and encrypted message to be decrypted.

[in] cbEncryptedBlob

The size, in bytes, of the encoded and encrypted message.

[out, optional] pbDecrypted

A pointer to a buffer that receives the decrypted message.

To set the size of this information for memory allocation purposes, this parameter can be NULL. A decrypted message will not be returned if this parameter is NULL. For more information, see Retrieving Data of Unknown Length.

[in, out, optional] pcbDecrypted

A pointer to a DWORD that specifies the size, in bytes, of the buffer pointed to by the pbDecrypted parameter. When the function returns, this variable contains the size, in bytes, of the decrypted message copied to pbDecrypted.

Note  When processing the data returned in the pbDecrypted buffer, applications must use the actual size of the data returned. The actual size can be slightly smaller than the size of the buffer specified in pcbDecrypted on input. On input, buffer sizes are usually specified large enough to ensure that the largest possible output data will fit in the buffer. On output, the DWORD is updated to the actual size of the data copied to the buffer.

[out, optional] ppXchgCert

A pointer to a CERT_CONTEXT structure of a certificate that corresponds to the private exchange key needed to decrypt the message. To indicate that the function should not return the certificate context used to decrypt, set this parameter to NULL.

Return value

If the function succeeds, the function returns nonzero (TRUE).

If the function fails, it returns zero (FALSE). For extended error information, call GetLastError.

Note  Errors from calls to CryptImportKey and CryptDecrypt might be propagated to this function.
The GetLastError function returns the following error codes most often.
Return code Description
If the buffer specified by the pbDecrypted parameter is not large enough to hold the returned data, the function sets the ERROR_MORE_DATA code, and stores the required buffer size, in bytes, in the variable pointed to by pcbDecrypted.
Invalid message and certificate encoding types. Currently only PKCS_7_ASN_ENCODING and X509_ASN_ENCODING_TYPE are supported. Invalid cbSize in *pDecryptPara.
Not an enveloped cryptographic message.
The message was encrypted by using an unknown or unsupported algorithm.
No certificate was found having a private key property to use for decrypting.

If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information about these errors, see ASN.1 Encoding/Decoding Return Values.


When NULL is passed for pbDecrypted, and pcbDecrypted is not NULL, NULL is returned for the address passed in ppXchgCert; otherwise, a pointer to a CERT_CONTEXT is returned. For a successfully decrypted message, this pointer to a CERT_CONTEXT points to the certificate context used to decrypt the message. It must be freed by calling CertFreeCertificateContext. If the function fails, the value at ppXchgCert is set to NULL.


For an example that uses this function, see Example C Program: Using CryptEncryptMessage and CryptDecryptMessage.


Requirement Value
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header wincrypt.h
Library Crypt32.lib
DLL Crypt32.dll

See also


Simplified Message Functions