CryptImportPKCS8 function (wincrypt.h)

[The CryptImportPKCS8 function is no longer available for use as of Windows Server 2008 and Windows Vista. Instead, use the PFXImportCertStore function.]

Important  This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
The CryptImportPKCS8 function imports the private key in PKCS #8 format to a cryptographic service provider (CSP).CryptImportPKCS8 will return a handle to the provider and the import KeySpec used.


BOOL CryptImportPKCS8(
  [in]            CRYPT_PKCS8_IMPORT_PARAMS sPrivateKeyAndParams,
  [in]            DWORD                     dwFlags,
  [out, optional] HCRYPTPROV                *phCryptProv,
  [in, optional]  void                      *pvAuxInfo


[in] sPrivateKeyAndParams

A CRYPT_PKCS8_IMPORT_PARAMS structure that contains the private key BLOB and corresponding parameters.

[in] dwFlags

A DWORD value. This parameter can be one of the following values, a combination of them, or a null value.

Value Meaning
The key being imported is eventually to be reexported. If this flag is not used, then calls to CryptExportKey with the key handle fail.
If this flag is set, the CSP notifies the user through a dialog box or some other method when certain actions are attempted using this key. The precise behavior is specified by the CSP or the CSP type used. If the provider context was acquired with CRYPT_SILENT set, using this flag causes a failure, and the last error is set to NTE_SILENT_CONTEXT.

[out, optional] phCryptProv

A pointer to the HCRYPTPROV to receive the handle of the provider into which the key is imported by calling the CryptImportPKCS8 function.

When you have finished using the handle, free the handle by calling CryptReleaseContext.

This parameter can be NULL, in which case the handle of the provider is not returned.

[in, optional] pvAuxInfo

This parameter must be NULL.

Return value

If the function succeeds, the function returns nonzero (TRUE).

If the function fails, it returns zero (FALSE). For extended error information, call GetLastError.

The following error code is specific to this function.

Return code Description
The algorithm object identifier (OID) of the private key is not supported.

If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information about these errors, see ASN.1 Encoding/Decoding Return Values.


CryptImportPKCS8 calls the PCRYPT_RESOLVE_HCRYPTPROV_FUNC function by using the CRYPT_PKCS8_IMPORT_PARAMS structure contained in the sPrivateKeyAndParams parameter to retrieve a handle of the provider to which to import the key. If PCRYPT_RESOLVE_HCRYPTPROV_FUNC is NULL, then the default provider is used.

This function is only supported for asymmetric keys.


Requirement Value
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header wincrypt.h
Library Crypt32.lib
DLL Crypt32.dll

See also