Share via

PFXExportCertStoreEx

  • Article

A version of this page is also available for

Windows Embedded CE 6.0 R3

4/8/2010

This function exports the certificates and, if available, their associated private keys from the referenced certificate store in Personal Information Exchange (PFX) format.

PFX format is also known as Public-Key Cryptography Standards #12 (PKCS #12) format.

PFXExportCertStoreEx function should be used for its enhanced private key security.

Syntax

BOOL WINAPI PFXExportCertStoreEx(
  HCERTSTORE hStore,
  CRYPT_DATA_BLOB* pPFX,
  LPCWSTR szPassword,
  void* pvReserved,
  DWORD dwFlags
);

Parameters

  • hStore
    [in] Handle of the certificate store containing the certificates to be exported.
  • pPFX
    [in, out] Pointer to a CRYPT_DATA_BLOB structure to contain the PFX packet with the exported certificates and keys. If pPFX->pbData is NULL, the function calculates the number of bytes needed for the encoded BLOB and returns this in pPFX->cbData. When the function is called with pPFX->pbData pointing to an allocated buffer of the needed size, the function copies the encoded bytes into the buffer and updates pPFX->cbData with the encode byte length.
  • szPassword
    [in] String password used to encrypt and verify the PFX packet.
  • pvReserved
    Reserved for future use. Currently, this parameter must be NULL.

  • dwFlags
    [in] Flag values can be set to any combination of the following.

    Flag value Description

    EXPORT_PRIVATE_KEYS

    Private keys are exported as well as the certificates.

    REPORT_NO_PRIVATE_KEY

    If a certificate is encountered that has no associated private key, the function returns FALSE with the last error set to either CRYPT_E_NOT_FOUND or NTE_NO_KEY.

    REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY

    If a certificate is encountered that has a non-exportable private key, the function returns FALSE with the last error set to either CRYPT_E_NOT_FOUND or NTE_BAD_KEY or NTE_BAD_KEY_STATE.

Return Value

Returns TRUE if the function succeeds, and FALSE if the function fails.

For extended error information, call GetLastError.

Remarks

When you have finished using szPassword, clear the password from memory by calling the SecureZeroMemory function.

Requirements

Header wincrypt.h
Library crypt32.lib
Windows Embedded CE Windows CE 5.0 and later
Windows Mobile Windows Mobile Version 5.0 and later

See Also

Reference

Certificates Functions
PFXImportCertStore