SupplyDecryptionInfo function

This function is obsolete in Windows 8, Windows Server 2012, and later. Provides the full path for a file that contains a decryption key and provides a BitLocker information block that is stored in Active Directory. The data provided with this function is required when using the ScanRestorableFiles function and the RestoreFile function to access data that is encrypted on a disk.


FMAPI can only be used in the Windows Preinstallation Environment (WinPE) for Windows Vista, Windows Server 2008, and later. Applications that use FMAPI must license WinPE.


BOOL WINAPI SupplyDecryptionInfo(
  _In_opt_ PCWSTR                RecoveryKeyFilePath,
  _In_opt_ PVOID                 RecoveryPassword,
  _In_opt_ PVOID                 KeyPackage,
  _In_opt_ ULONG                 KeyPackageSize


Context [in]

A pointer to the file restore context that was created by calling the CreateFileRestoreContext function.

RecoveryKeyFilePath [in, optional]

The full path to the .bek file that contains the recovery key. Only one of RecoveryKeyFilePath or RecoveryPassword is required.

RecoveryPassword [in, optional]

The recovery password string.

KeyPackage [in, optional]

The Binary Large Object (BLOB) that contains the BitLocker key package (metadata). The key package is usually backed up to the Active Directory during the BitLocker setup. If the metadata is not readable on the disk, this parameter is required.

KeyPackageSize [in, optional]

The size of the BitLocker key package, in bytes.

Return value

If the function succeeds, the return value is TRUE.

If the function fails, the return value is FALSE. To get extended error information, call GetLastError.

In Windows 8, Windows Server 2012, and later, this function always returns FALSE, and GetLastError returns ERROR_NOT_SUPPORTED.


This function is obsolete in Windows 8, Windows Server 2012, and later.

This function has no associated header file or import library. You must use the LoadLibrary and GetProcAddress functions to dynamically link to fmapi.dll.

You must use the SupplyDecryptionInfo function for the following scenarios:

  • The volume was encrypted with the BitLocker technology.
  • BitLocker indicates that the metadata on the disk is corrupted. The metadata must be retrieved from Active Directory and provided using the KeyPackage parameter.

If required, the SupplyDecryptionInfo function must be called before any call to the ScanRestorableFiles function or the RestoreFile function.


Minimum supported client
Windows Vista [desktop apps only]
Minimum supported server
Windows Server 2008 [desktop apps only]

See also