CRYPT_KEY_PROV_INFO structure

The CRYPT_KEY_PROV_INFO structure contains information about a key container within a cryptographic service provider (CSP).

Syntax

typedef struct _CRYPT_KEY_PROV_INFO {
  LPWSTR                pwszContainerName;
  LPWSTR                pwszProvName;
  DWORD                 dwProvType;
  DWORD                 dwFlags;
  DWORD                 cProvParam;
  PCRYPT_KEY_PROV_PARAM rgProvParam;
  DWORD                 dwKeySpec;
} CRYPT_KEY_PROV_INFO, *PCRYPT_KEY_PROV_INFO;

Members

pwszContainerName

A pointer to a null-terminated Unicode string that contains the name of the key container.

When the dwProvType member is zero, this string contains the name of a key within a CNG key storage provider. This string is passed as the pwszKeyName parameter to the NCryptOpenKey function.

pwszProvName

A pointer to a null-terminated Unicode string that contains the name of the CSP.

When the dwProvType member is zero, this string contains the name of a CNG key storage provider. This string is passed as the pwszProviderName parameter to the NCryptOpenStorageProvider function.

dwProvType

Specifies the CSP type. This can be zero or one of the Cryptographic Provider Types.

If this member is zero, the key container is one of the CNG key storage providers.

dwFlags

A set of flags that indicate additional information about the provider. This can be zero or one of the following values.

Value Meaning
CERT_SET_KEY_PROV_HANDLE_PROP_ID / CERT_SET_KEY_CONTEXT_PROP_ID
Enables the handle to the key provider to be kept open for subsequent calls to the cryptographic functions.
CRYPT_MACHINE_KEYSET / NCRYPT_MACHINE_KEY_FLAG
The key container contains machine keys. If this flag is not present, the key container contains user keys.
CRYPT_SILENT / NCRYPT_SILENT_FLAG
The key container will attempt to open any keys silently without any user interface prompts.
 

The cryptographic functions CryptDecryptMessage, CryptSignMessage, CryptDecryptAndVerifyMessageSignature, and CryptSignAndEncryptMessage internally perform CryptAcquireContext operations using the CRYPT_KEY_PROV_INFO from a certificate. When the CERT_SET_KEY_CONTEXT_PROP_ID or CERT_SET_KEY_PROV_HANDLE_PROP_ID flag is set, these cryptographic functions then can call CertSetCertificateContextProperty with CERT_KEY_CONTEXT_PROP_ID. This call enables the handle to the key provider to be kept open for subsequent calls to the cryptographic functions mentioned that use that same certificate, which eliminates the need to perform additional calls to CryptAcquireContext, improving efficiency. Also, because some providers can require that a password be entered for calls to CryptAcquireContext, it is desirable for applications to minimize the number of CryptAcquireContext calls made. Handles to key providers that were kept open are automatically released when the store is closed.

For example, consider an email application where five encrypted messages have been received, all encrypted with the public key from the same certificate. If the handle to the key provider is kept open after the first message is processed, calls to CryptAcquireContext are not required for the four remaining messages.

cProvParam

The number of elements in the rgProvParam array.

When the dwProvType member is zero, this member is not used and must be zero.

rgProvParam

An array of CRYPT_KEY_PROV_PARAM structures that contain the parameters for the key container. The cProvParam member contains the number of elements in this array.

When the dwProvType member is zero, this member is not used and must be NULL.

dwKeySpec

The specification of the private key to retrieve.

The following values are defined for the default provider.

When the dwProvType member is zero, this value is passed as the dwLegacyKeySpec parameter to the NCryptOpenKey function.

Value Meaning
AT_KEYEXCHANGE
Keys used to encrypt/decrypt session keys.
AT_SIGNATURE
Keys used to create and verify digital signatures.

Requirements

   
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Header wincrypt.h

See Also

CRYPT_KEY_PROV_PARAM

CertGetCertificateContextProperty

CertSetCertificateContextProperty