Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Both the Base Provider and the Extended Provider can specify the value and length of the salt value to be used. The Base Provider sets a salt value using the KP_SALT parameter value. The Base Provider always sets eleven bytes of salt value.
The Enhanced Provider sets the salt value by calling CryptSetKeyParam with the KP_SALT_EX parameter value specified and with the pbData parameter pointing to a CRYPT_INTEGER_BLOB structure that contains the salt.
Note
The total length of an Enhanced Provider symmetric key and its salt value cannot be greater than 128 bits.
KP_SALT continues to be provided for backward compatibility with the Base Provider. Newer applications should use the KP_SALT_EX parameter value.
The following example sets a salt value.
// Specify 4 bytes of salt.
BYTE rgbSalt[] = {0x01, 0x02, 0x03, 0x04};
CRYPT_DATA_BLOB sSaltData;
sSaltData.pbData = rgbSalt;
sSaltData.cbData = sizeof(rgbSalt);
// Set the 4 bytes of salt required.
// hKey is an HCRYPTPROV handle previously
// assigned, such as by CryptImportKey.
if (CryptSetKeyParam(
hKey,
KP_SALT_EX,
(BYTE*)&sSaltData,
0))
{
printf("The salt value is set.\n");
}
else
{
printf("Setting the salt value failed.\n");
}