Edit

DrtCreateDerivedKey function (drt.h)

  • Article

The DrtCreateDerivedKey function creates a key that can be utilized by DrtRegisterKey when the DRT is using a derived key security provider.

Syntax

HRESULT DrtCreateDerivedKey(
  [in]  PCCERT_CONTEXT pLocalCert,
  [out] DRT_DATA       *pKey
);

Parameters

[in] pLocalCert

Pointer to the certificate that is the "local" portion of the chain. The root of this chain must match the root specified by pRootCert in DrtCreateDerivedKeySecurityProvider. This certificate is used to generate a key that is used to register and prove "key ownership" with the DRT.

[out] pKey

Pointer to the created key.

Return value

This function returns S_OK on success. Other possible values include:

Return code Description
E_INVALIDARG
  • pLocalCert is NULL.
  • pKey is NULL.
  • The pb member in the DRT_DATA structure is NULL.
  • The cb member in the DRT_DATA structure is not equal to 32 bytes.
DRT_E_CAPABILITY_MISMATCH
  • The requested security algorithms are not available ( ie. BCRYPT_SHA256_ALGORITHM or BCRYPT_AES_ALGORITHM).
  • The BCryptOpenAlgorithmProvider operation failed.
  • The dwProvType parameter indicates that the certificate provider is not AES capable.

Requirements

Requirement Value
Minimum supported client Windows 7 Professional [desktop apps only]
Minimum supported server Windows Server 2008 R2 [desktop apps only]
Target Platform Windows
Header drt.h
Library Drtprov.lib
DLL Drt.dll

See also

DrtCreateDerivedKeySecurityProvider

DrtDeleteDerivedKeySecurityProvider

DrtRegisterKey