The NCryptOpenKey function opens a key that exists in the specified CNG key storage provider.
SECURITY_STATUS NCryptOpenKey( NCRYPT_PROV_HANDLE hProvider, NCRYPT_KEY_HANDLE *phKey, LPCWSTR pszKeyName, DWORD dwLegacyKeySpec, DWORD dwFlags );
The handle of the key storage provider to open the key from.
A pointer to a NCRYPT_KEY_HANDLE variable that receives the key handle. When you have finished using this handle, release it by passing it to the NCryptFreeObject function.
A pointer to a null-terminated Unicode string that contains the name of the key to retrieve.
A legacy identifier that specifies the type of key. This can be one of the following values.
||The key is a key exchange key.|
||The key is a signature key.|
||The key is none of the above types.|
Flags that modify function behavior. This can be zero or a combination of one or more of the following values.
Returns a status code that indicates the success or failure of the function.
Possible return codes include, but are not limited to, the following.
||The function was successful.|
||The dwFlags parameter contains a value that is not valid.|
||The specified key was not found.|
||The hProvider parameter is not valid.|
||One or more parameters are not valid.|
||A memory allocation failure occurred.|
A service must not call this function from its StartService Function. If a service calls this function from its StartService function, a deadlock can occur, and the service may stop responding.
For performance reasons, Microsoft software-based KSPs cache private key material in the Local Security Authority (LSA) for as long as a handle to the key is open. The LSA is a privilidged system process. Therefore, other users cannot access this cached copy of the key unless the user possesses administrator privileges on the system. This behavior cannot be altered through configuration.
|Minimum supported client||Windows Vista [desktop apps | UWP apps]|
|Minimum supported server||Windows Server 2008 [desktop apps | UWP apps]|