public static extern unsafe SECURITY_STATUS NCryptKeyDerivation(
SafeKeyHandle hKey,
NCryptBufferDesc *pParameterList,
byte *pbDerivedKey,
int cbDerivedKey,
out int pcbResult,
NCryptKeyDerivationFlags dwFlags = NCryptKeyDerivationFlags.None);
public static extern unsafe SECURITY_STATUS NCryptKeyDerivation(
SafeKeyHandle hKey,
NCryptBufferDesc *pParameterList,
[Friendly(FriendlyFlags.Array | FriendlyFlags.Out, ArrayLengthParameter = 3)] byte *pbDerivedKey,
int cbDerivedKey,
out int pcbResult,
NCryptKeyDerivationFlags dwFlags = NCryptKeyDerivationFlags.None);
public static extern unsafe SECURITY_STATUS NCryptDeriveKey(
SafeSecretHandle hSharedSecret,
string pwszKDF,
NCryptBufferDesc *pParameterList,
byte *pbDerivedKey,
int cbDerivedKey,
out int pcbResult,
NCryptDeriveKeyFlags dwFlags = NCryptDeriveKeyFlags.None);
public static extern unsafe SECURITY_STATUS NCryptDeriveKey(
SafeSecretHandle hSharedSecret,
string pwszKDF,
NCryptBufferDesc *pParameterList,
[Friendly(FriendlyFlags.Array | FriendlyFlags.Out | FriendlyFlags.Optional, ArrayLengthParameter = 4)] byte *pbDerivedKey,
int cbDerivedKey,
out int pcbResult,
NCryptDeriveKeyFlags dwFlags = NCryptDeriveKeyFlags.None);
public static extern unsafe SECURITY_STATUS NCryptImportKey(
SafeProviderHandle hProvider,
SafeKeyHandle hImportKey,
string pszBlobType,
NCryptBufferDesc *pParameterList,
out SafeKeyHandle phKey,
byte *pbData,
int cbData,
NCryptExportKeyFlags dwFlags = NCryptExportKeyFlags.None);
public static extern unsafe SECURITY_STATUS NCryptExportKey(
SafeKeyHandle hKey,
SafeKeyHandle hExportKey,
string pszBlobType,
NCryptBufferDesc *pParameterList,
byte[] pbOutput,
int cbOutput,
out int pcbResult,
NCryptExportKeyFlags dwFlags = NCryptExportKeyFlags.None);
/// <summary>
/// The NCryptExportKey function exports a CNG key to a memory BLOB.
/// </summary>
/// <param name="key">A handle of the key to export.</param>
/// <param name="exportKey">A handle to a cryptographic key of the destination user. The key data within the exported key BLOB is encrypted by using this key. This ensures that only the destination user is able to make use of the key BLOB.</param>
/// <param name="blobType">A null-terminated Unicode string that contains an identifier that specifies the type of BLOB to export. This can be one of the values defined by the <see cref="BCrypt.AsymmetricKeyBlobTypes"/> or <see cref="BCrypt.SymmetricKeyBlobTypes"/> classes.</param>
/// <param name="parameterList">The address of an NCryptBufferDesc structure that receives parameter information for the key. This parameter can be NULL if this information is not needed.</param>
/// <param name="flags">Flags that modify function behavior. This can be zero or a combination of one or more of the following values. The set of valid flags is specific to each key storage provider.</param>
/// <returns>Returns the exported key.</returns>
/// <exception cref="SecurityStatusException">Thrown if an error code is returned from the native function.</exception>
/// <remarks>
/// A service must not call this function from its StartService Function. If a service calls this function from its StartService function, a deadlock can occur, and the service may stop responding.
/// </remarks>
public static unsafe ArraySegment <byte> NCryptExportKey(
SafeKeyHandle key,
SafeKeyHandle exportKey,
string blobType,
NCryptBufferDesc *parameterList = null,
NCryptExportKeyFlags flags = NCryptExportKeyFlags.None)
{
exportKey = exportKey ?? SafeKeyHandle.Null;
int pcbResult;
NCryptExportKey(key, exportKey, blobType, parameterList, null, 0, out pcbResult, flags).ThrowOnError();
byte[] result = new byte[pcbResult];
NCryptExportKey(key, exportKey, blobType, parameterList, result, result.Length, out pcbResult, flags).ThrowOnError();
return(new ArraySegment <byte>(result, 0, pcbResult));
}
/// <summary>
/// Imports a Cryptography API: Next Generation (CNG) key from a memory BLOB.
/// </summary>
/// <param name="provider">The handle of the key storage provider.</param>
/// <param name="importKey">
/// The handle of the cryptographic key with which the key data within the imported key BLOB was encrypted. This must be a handle to the same key that was passed in the hExportKey parameter of the NCryptExportKey function. If this parameter is NULL, the key BLOB is assumed to not be encrypted.
/// </param>
/// <param name="blobType">
/// A null-terminated Unicode string that contains an identifier that specifies the format of the key BLOB. These formats are specific to a particular key storage provider. Commonly a value from <see cref="AsymmetricKeyBlobTypes"/> or <see cref="SymmetricKeyBlobTypes"/>.
/// </param>
/// <param name="parameterList">
/// The address of an <see cref="NCryptBufferDesc"/> structure that points to an array of buffers that contain parameter information for the key.
/// </param>
/// <param name="keyData">The address of a buffer that contains the key BLOB to be imported.</param>
/// <param name="flags">Flags that modify function behavior.</param>
/// <returns>Returns a status code that indicates the success or failure of the function.</returns>
/// <remarks>
/// If a key name is not supplied, the Microsoft Software KSP treats the key as ephemeral and does not store it persistently. For the NCRYPT_OPAQUETRANSPORT_BLOB type, the key name is stored within the BLOB when it is exported. For other BLOB formats, the name can be supplied in an NCRYPTBUFFER_PKCS_KEY_NAME buffer parameter within the pParameterList parameter.
/// On Windows Server 2008 and Windows Vista, only keys imported as PKCS #7 envelope BLOBs (NCRYPT_PKCS7_ENVELOPE_BLOB) or PKCS #8 private key BLOBs (NCRYPT_PKCS8_PRIVATE_KEY_BLOB) can be persisted by using the above method. To persist keys imported through other BLOB types on these platforms, use the method documented in Key Import and Export.
/// </remarks>
public static unsafe SafeKeyHandle NCryptImportKey(
SafeProviderHandle provider,
SafeKeyHandle importKey,
string blobType,
NCryptBufferDesc *parameterList,
byte[] keyData,
NCryptExportKeyFlags flags = NCryptExportKeyFlags.None)
{
fixed(byte *pKeyData = keyData)
{
SafeKeyHandle importedKey;
NCryptImportKey(
provider,
importKey ?? SafeKeyHandle.Null,
blobType,
parameterList,
out importedKey,
pKeyData,
keyData.Length,
flags).ThrowOnError();
return(importedKey);
}
}
