Edit

Share via

ProtectKeyWithPassphrase method of the Win32_EncryptableVolume class

  • Article

The ProtectKeyWithPassphrase method of the Win32_EncryptableVolume class uses the passphrase to obtain the derived key. After the derived key is calculated, the derived key is used to secure the encrypted volume's master key.

Syntax

uint32 ProtectKeyWithPassphrase(
  [in, optional] string FriendlyName,
  [in]           string Passphrase,
  [out]          string VolumeKeyProtectorID
);

Parameters

FriendlyName [in, optional]

Type: string

A string that specifies a user-assigned string identifier for this key protector. If this parameter is not specified, a blank value is used.

Passphrase [in]

Type: string

A string that specifies the passphrase.

VolumeKeyProtectorID [out]

Type: string

A string that uniquely identifies the created key protector.

If the drive supports hardware encryption and BitLocker has not taken band ownership, the ID string is set to "BitLocker" and the key protector is written to per band metadata.

Return value

Type: uint32

This method returns one of the following codes or another error code if it fails.

Return code/value Description
S_OK
0 (0x0)
 The method was successful.
FVE_E_NOT_ALLOWED_IN_SAFE_MODE
2150694976 (0x80310040)
 BitLocker Drive Encryption can only be used for recovery purposes when used in Safe Mode.
FVE_E_POLICY_PASSPHRASE_NOT_ALLOWED
2150695018 (0x8031006A)
 Group policy does not permit the creation of a passphrase.
FVE_E_FIPS_PREVENTS_PASSPHRASE
2150695020 (0x8031006C)
 The group policy setting that requires FIPS compliance prevented the passphrase from being generated or used.
FVE_E_POLICY_INVALID_PASSPHRASE_LENGTH
2150695040 (0x80310080)
 The passphrase provided does not meet the minimum or maximum length requirements.
FVE_E_POLICY_PASSPHRASE_TOO_SIMPLE
2150695041 (0x80310081)
 The passphrase does not meet the complexity requirements set by the administrator in group policy.
FVE_E_LOCKED_VOLUME
2150694912 (0x80310000)
 The volume is already locked by BitLocker Drive Encryption. You must unlock the drive from Control Panel.
FVE_E_OVERLAPPED_UPDATE
2150694948 (0x80310024)
 The control block for the encrypted volume was updated by another thread.
FVE_E_KEY_PROTECTOR_NOT_SUPPORTED
2150695017 (0x80310069)
 The key protector is not supported by the version of BitLocker Drive Encryption currently on the volume.
FVE_E_OS_VOLUME_PASSPHRASE_NOT_ALLOWED
2150695021 (0x8031006D)
 The passphrase cannot be added to the operating system volume.
FVE_E_PROTECTOR_EXISTS
2150694960 (0x80310030)
 The provided key protector already exists on this volume.

 

Requirements

Requirement Value
Minimum supported client
 Windows 7 Enterprise, Windows 7 Ultimate [desktop apps only]
Minimum supported server
 Windows Server 2008 R2 [desktop apps only]
Namespace
 Root\CIMV2\Security\MicrosoftVolumeEncryption
MOF
Win32_encryptablevolume.mof

See also

Win32_EncryptableVolume