please dont rip this site Prev Next

CryptExportKey info  Overview  Group

The CryptExportKey function is used to export cryptographic keys out of a cryptographic service provider in a secure manner.

A handle to the key to be exported is passed into the function and the function returns a key blob to the caller. This key blob can be sent over a nonsecure transport or stored in a nonsecure storage location. The key blob is useless until the intended recipient uses the CryptImportKey function on it, which will then import the key into the recipient’s CSP.



    HCRYPTKEY hExpKey,

    DWORD dwBlobType,

    DWORD dwFlags,

    BYTE *pbData,

    DWORD *pdwDataLen



[in] A handle to the key to be exported.
[in] A handle to a cryptographic key belonging to the destination user. The key data within the key blob created is encrypted using this key. This ensures that only the destination user will be able to make use of the key blob.

Most often, this will be the key exchange public key of the destination user. However, certain protocols require that a session key belonging to the destination user be used for this purpose.

If the key blob type specified by dwBlobType is PUBLICKEYBLOB, then this parameter is unused and should be set to zero.

If the key blob specified by dwBlobType is PRIVATEKEYBLOB, then this is typically a handle to a session key that is to be used to encrypt the key blob. Some CSPs allow this parameter to be zero, in which case the application should encrypt the private key blob manually so as to protect it.

[in] The type of key blob to be exported. This must currently be one of the following constants. These constants are discussed in the section Exchanging Cryptographic Keys.
[in] The flag values. This parameter is reserved for future use and should always be zero.
[out] The buffer that the function places the key blob in. The required size for this buffer can be determined by calling CryptExportKey with NULL for this parameter.

As a rule, SIMPLEBLOBs will be 256 bytes or less, PUBLICKEYBLOBs will be 1000 bytes or less, and PRIVATEKEYBLOBS will be 5000 bytes or less.

[in/out] The address of the key blob data length. Before calling this function, the caller should set this parameter to the length, in bytes, of the pbData buffer. Upon return, this address will contain the number of bytes taken up by the key blob.

If the buffer specified by pbData is not large enough to hold the data, the function returns the ERROR_MORE_DATA error code (through GetLastError) and stores the required buffer size, in bytes, into the variable pointed to by pdwDataLen.

If pbData is NULL, then no error is returned and the function stores the size of the data, in bytes, in the variable pointed to by pdwDataLen.

Return Values

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To retrieve extended error information, use the GetLastError function.

The following table lists the error codes most commonly returned by the GetLastError function. The error codes prefaced by “NTE” are generated by the particular CSP you are using.




One of the parameters specifies an invalid handle.


One of the parameters contains an invalid value. This is most often an illegal pointer.


The dwFlags parameter is nonzero.


One or both of the keys specified by hKey and hExpKey are invalid.


You do not have permission to export the key. That is, when the hKey key was created, the CRYPT_EXPORTABLE flag was not specified.


The key blob type specified by dwBlobType is PUBLICKEYBLOB, but hExpKey does not contain a public key handle.


The dwBlobType parameter specifies an unknown blob type.


The CSP context that was specified when the hKey key was created cannot be found.


A session key is being exported and the hExpKey parameter does not specify a public key.


#include <wincrypt.h>

HCRYPTPROV hProv;      // Handle to CSP

HCRYPTKEY hKey;        // Handle to session key

HCRYPTKEY hXchgKey;    // Handle to receiver’s exchange public key

BYTE *pbKeyBlob = NULL;

DWORD dwBlobLen;


// Determine size of key blob and allocate memory.

if(!CryptExportKey(hKey, hXchgKey, SIMPLEBLOB, 0, NULL, &dwBlobLen)) {

    printf("Error %x computing blob length!\n", GetLastError());



if((pbKeyBlob = malloc(dwBlobLen)) == NULL) {

    printf("Out of memory!\n");



// Export key into a simple key blob.

if(!CryptExportKey(hKey, hXchgKey, SIMPLEBLOB, 0, pbKeyBlob, &dwBlobLen)) {

    printf("Error %x during CryptExportKey!\n", GetLastError());




See Also


file: /Techref/os/win/api/win32/func/src/f12_4.htm, 8KB, , updated: 2000/4/7 12:19, local time: 2023/6/1 21:44,

 ©2023 These pages are served without commercial sponsorship. (No popup ads, etc...).Bandwidth abuse increases hosting cost forcing sponsorship or shutdown. This server aggressively defends against automated copying for any reason including offline viewing, duplication, etc... Please respect this requirement and DO NOT RIP THIS SITE. Questions?
Please DO link to this page! Digg it! / MAKE!

<A HREF=""> CryptExportKey Release 2]</A>

After you find an appropriate page, you are invited to your to this massmind site! (posts will be visible only to you before review) Just type a nice message (short messages are blocked as spam) in the box and press the Post button. (HTML welcomed, but not the <A tag: Instead, use the link box to link to another page. A tutorial is available Members can login to post directly, become page editors, and be credited for their posts.

Link? Put it here: 
if you want a response, please enter your email address: 
Attn spammers: All posts are reviewed before being made visible to anyone other than the poster.
Did you find what you needed?

  PICList 2023 contributors:
o List host: MIT, Site host, Top posters @none found
- Page Editors: James Newton, David Cary, and YOU!
* Roman Black of Black Robotics donates from sales of Linistep stepper controller kits.
* Ashley Roll of Digital Nemesis donates from sales of RCL-1 RS232 to TTL converters.
* Monthly Subscribers: Gregg Rew. on-going support is MOST appreciated!
* Contributors: Richard Seriani, Sr.

Welcome to!