Specifies the attributes of the cryptographic session to be created by the user-mode driver's CreateCryptoSession function.


  GUID CryptoType;
  GUID DecodeProfile;
  GUID KeyExchangeType;



a GUID that indicates the encryption type, which the driver uses for the encryption session that the driver's CreateCryptoSession function creates. The GUID can be one of the following:

Value Meaning
D3D11_1DDI_CRYPTO_TYPE_AES128_CTR A 128-bit Advanced Encryption Standard CTR mode (AES-CTR) block cipher.
D3D11_1DDI_CRYPTO_TYPE_PROPRIETARY A proprietary encryption algorithm.


A GUID that specifies the DirectX Video Acceleration (DXVA) decode profile that the driver uses for the encryption session that the driver's CreateCryptoSession function creates. For a list of possible values, see CreateCryptoSession. If DXVA decoding will not be used, set this parameter to NULL_GUID.


A GUID that specifies the type of key exchange. The following GUID is defined.

Value Meaning
D3D11_1DDI_KEY_EXCHANGE_RSAES_OAEP The caller will create the session key, encrypt it with RSA Encryption Scheme - Optimal Asymmetric Encryption Padding (RSAES-OAEP) by using the driver's public key, and pass the session key to the driver.
D3DWDDM2_0DDI_KEY_EXCHANGE_HW_PROTECTION The crypto session will be used purely for communication between user mode DRM component and the secure execution environment.
When this GUID is specified, the following DDIs should not be called for the crypto session:
GetCertificateSize, GetCertificate, EncryptionBlt, DecryptionBlt, StartSessionKeyRefresh, FinishSessionKeyRefresh, GetEncryptionBltKey
The DRM commands are sent to the user mode driver by calling the NegotiateCryptoSessionKeyExchange function where the data passed is a pointer to a D3DWDDM2_0DDI_KEY_EXCHANGE_HW_PROTECTION_DATA structure.


Minimum supported client Windows 8
Minimum supported server Windows Server 2012
Header d3d10umddi.h (include D3d10umddi.h)