please dont rip this site Prev Next

CryptSetKeyParam info  Overview  Group

The CryptSetKeyParam function lets applications customize various aspects of a key’s operations.

Generally, this function is used to set session-specific parameters on symmetric keys. Note that the base keying material is not accessible by this function.

The Microsoft RSA Base Provider has no settable parameters on key exchange or signature keys. However, custom providers may define parameters that can be set on these keys.



    DWORD dwParam,

    BYTE *pbData,

    DWORD dwFlags



[in] A handle to the key on which to set parameters.
[in] The parameter number. See the “Remarks” section for a list of valid parameters.
[in] The parameter data buffer. Place the parameter data in this buffer before calling CryptSetKeyParam. The form of this data will vary, depending on the parameter number.
[in] The flag values. This parameter is reserved for future use and should always be zero.


For all session key types, the dwParam value can be set to one of the following key parameter types;




The salt value. The pbData buffer should contain a BYTE array specifying a new salt value. This value is made part of the session key. The size of the salt value will vary depending on the CSP being used so, before setting this parameter, it should be read using CryptGetKeyParam in order to determine its size.

When it is suspected that the base data used for derived keys is less than ideal, salt values are often used to make the session keys more unique. This makes dictionary attacks more difficult.

When using the Microsoft RSA Base Provider, this parameter defaults to zero.


The key permissions flags. The pbData buffer should contain a DWORD value specifying zero or more permission flags. Refer to the CryptGetKeyParam function for a description of these flags.

When using the Microsoft RSA Base Provider, this parameter defaults to 0xFFFFFFFF.

If a block cipher session key is specified by hKey, the dwParam value can also be set to one of the following parameter types.




The initialization vector. The pbData buffer should contain a BYTE array specifying the initialization vector. This array should contain <block length>/8 elements. For example, if the block length is 64 bits, the initialization vector will consist of 8 bytes.

When using the Microsoft RSA Base Provider, this parameter defaults to zero.


The padding mode. The pbData buffer should contain a DWORD value specifying the padding method to be used by the cipher. Following are the padding modes currently defined:

PKCS5_PADDING ¾ PKCS 5 (sec 6.2) padding method.

When using the Microsoft RSA Base Provider, this parameter defaults to PKCS5_PADDING.


The cipher mode. The pbData buffer should contain a DWORD value specifying the cipher mode to be used. Refer to the CryptGetKeyParam function for a list

 of the defined cipher modes.

When using the Microsoft RSA Base Provider, this parameter defaults to CRYPT_MODE_CBC.


The number of bits to feed back. The pbData buffer contains a DWORD value indicating the number of bits that are processed per cycle when the OFB or CFB cipher modes are used.

When using the Microsoft RSA Base Provider, this parameter defaults to 8.

Return Values

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To retrieve extended error information, use the GetLastError function.

The following table lists the error codes most commonly returned by the GetLastError function. The error codes prefaced by “NTE” are generated by the particular CSP you are using.




One of the parameters specifies an invalid handle.


The CSP context is currently being used by another process.


One of the parameters contains an invalid value. This is most often an illegal pointer.


The dwFlags parameter is nonzero or the pbData buffer contains an invalid value.


The dwParam parameter specifies an unknown parameter.


The CSP context that was specified when the hKey key was created cannot be found.


The function failed in some unexpected way.


#include <wincrypt.h>



DWORD dwMode;

BYTE pbData[16];

DWORD dwCount;


// Get handle to user default provider.

if(!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0)) {

    printf("Error %x during CryptAcquireContext!\n", GetLastError());

    goto done;


// Create random block cipher session key.

if(!CryptGenKey(hProv, CALG_RC2, CRYPT_EXPORTABLE, &hKey)) {

    printf("Error %x during CryptGenKey!\n", GetLastError());

    goto done;


// Set the cipher mode.


if(!CryptSetKeyParam(hKey, KP_MODE, &dwMode, 0)) {

    printf("Error %x during CryptSetKeyParam!\n", GetLastError());

    goto done;


// Generate random initialization vector.

if(!CryptGenRandom(hProv, 8, pbData)) {

    printf("Error %x during CryptGenRandom!\n", GetLastError());

    goto done;


// Set initialization vector.

if(!CryptSetKeyParam(hKey, KP_IV, pbData, 0)) {

    printf("Error %x during CryptGetKeyParam!\n", GetLastError());

    goto done;


// Do something with 'hKey'.



// Destroy session key.

if(hKey != 0) CryptDestroyKey(hKey);

// Release provider handle.

if(hProv != 0) CryptReleaseContext(hProv, 0);


See Also

CryptGenKey, CryptGetKeyParam

file: /Techref/os/win/api/win32/func/src/f12_16.htm, 10KB, , updated: 2000/4/7 12:19, local time: 2022/5/27 11:04,

 ©2022 These pages are served without commercial sponsorship. (No popup ads, etc...).Bandwidth abuse increases hosting cost forcing sponsorship or shutdown. This server aggressively defends against automated copying for any reason including offline viewing, duplication, etc... Please respect this requirement and DO NOT RIP THIS SITE. Questions?
Please DO link to this page! Digg it! / MAKE!

<A HREF=""> CryptSetKeyParam Release 2]</A>

After you find an appropriate page, you are invited to your to this massmind site! (posts will be visible only to you before review) Just type a nice message (short messages are blocked as spam) in the box and press the Post button. (HTML welcomed, but not the <A tag: Instead, use the link box to link to another page. A tutorial is available Members can login to post directly, become page editors, and be credited for their posts.

Link? Put it here: 
if you want a response, please enter your email address: 
Attn spammers: All posts are reviewed before being made visible to anyone other than the poster.
Did you find what you needed?

  PICList 2022 contributors:
o List host: MIT, Site host, Top posters @20220527
* Page Editors: James Newton, David Cary, and YOU!
* Roman Black of Black Robotics donates from sales of Linistep stepper controller kits.
* Ashley Roll of Digital Nemesis donates from sales of RCL-1 RS232 to TTL converters.
* Monthly Subscribers: Gregg Rew. on-going support is MOST appreciated!
* Contributors: Richard Seriani, Sr.

Welcome to!