Establishes a session key for a cryptographic session object.


PFND3D11_1DDI_NEGOTIATECRYPTOSESSIONKEYESCHANGE Pfnd3d111DdiNegotiatecryptosessionkeyeschange;

HRESULT Pfnd3d111DdiNegotiatecryptosessionkeyeschange(
  D3D10DDI_HDEVICE hDevice,
  D3D11_1DDI_HCRYPTOSESSION hCryptoSession,
  UINT DataSize,
  BYTE *pData



A handle to the display device (graphics context).


A handle to the cryptographic session object that was created through a call to the CreateCryptoSession function.


The size, in bytes, of the data in the pData array.


A pointer to a byte array that contains the encrypted session key.

Return Value

NegotiateCryptoSessionKeyExchange returns one of the following values:

Return code Description
S_OK The session key for the cryptographic session was negotiated successfully.
E_INVALIDARG Parameters were validated and determined to be incorrect.
E_OUTOFMEMORY Memory was not available to complete the operation.


The pData parameter references a buffer that contains a session key for the cryptographic session. The key exchange mechanism depends on the type of the encryption algorithm that is used by the cryptographic session.

For sessions that use the RSA Encryption Scheme - Optimal Asymmetric Encryption Padding (RSAES-OAEP) algorithm, the key buffer must contain 256 bytes of data and must be encrypted by using the RSA Encryption Scheme - Optimal Asymmetric Encryption Padding (RSAES-OAEP) algorithm with the public key from the cryptographic session certificate.

The key exchange for a cryptographic session is identical to the key exchange for the Output Protection Manager (OPM) interface. However, the OPM key buffer contains additional data besides the session key.

Note  The same certificate can be used for the cryptographic session and OPM session key.


Minimum supported client Windows 8
Minimum supported server Windows Server 2012
Target Platform Desktop
Header d3d10umddi.h (include D3d10umddi.h)

See Also