Share via


CryptDecrypt

A version of this page is also available for

Windows Embedded CE 6.0 R3

4/8/2010

This function decrypts data that was previously encrypted with the CryptEncrypt function.

Syntax

BOOL CRYPTFUNC CryptDecrypt( 
  HCRYPTKEY hKey,
  HCRYPTHASH hHash, 
  BOOL Final, 
  DWORD dwFlags, 
  BYTE* pbData,
  DWORD* pdwDataLen
);

Parameters

  • hHash
    [in] HCRYPTHASH is a handle to a hash object. If data is to be decrypted and hashed simultaneously, a handle to a hash object is passed in this parameter. The hash value is updated with the decrypted plaintext. This option is useful when simultaneously decrypting and verifying a signature.

    Before calling the CryptDecrypt function, the application must obtain a handle to the hash object by calling the CryptCreateHash function. After the decryption is complete, the hash value can be obtained through the CryptGetHashParam function, it can be signed using the CryptSignHash function, or it can be used to verify a digital signature using the CryptVerifySignature function.

    If hashing is not required, this parameter must be set to zero.

  • Final
    [in] Boolean value that specifies whether this is the last section in a series being decrypted. This value is TRUE if this is the last or only block; otherwise, the value is FALSE. For more information, see the Remarks section.
  • dwFlags
    [in] Reserved for future use and must be set to zero.
  • pbData
    [in, out] On input, pointer to the buffer that holds the data to be decrypted. On output, after the decryption has been performed, the plaintext is placed back in this same buffer. The number of encrypted bytes in this buffer is specified by pdwDataLen.
  • pdwDataLen
    [in, out] On input, pointer to the data length. Before calling this function, the caller sets this parameter to the number of bytes to be decrypted. On output, this address contains the number of bytes of plaintext generated.

    When a block cipher is used, this data length must be a multiple of the block size, unless this is the final section of data to be decrypted and the Final flag is TRUE.

Return Value

TRUE indicates success. FALSE indicates failure. To get extended error information, call the GetLastError function.

The following table shows the common error values. The error values prefaced by NTE are generated by the particular CSP you are using.

Value Description

ERROR_INVALID_HANDLE

One of the parameters specifies an invalid handle.

ERROR_INVALID_PARAMETER

One of the parameters contains an invalid value. This is most often an illegal pointer.

NTE_BAD_ALGID

The hKey session key specifies an algorithm that this CSP does not support.

NTE_BAD_DATA

The data to be decrypted is invalid. For example, when a block cipher is used and the Final flag is FALSE, the value specified by pdwDataLen must be a multiple of the block size. This error can also be returned when the padding is found to be invalid.

NTE_BAD_FLAGS

The dwFlags parameter is nonzero.

NTE_BAD_HASH

The hHash parameter contains an invalid handle.

NTE_BAD_KEY

The hKey parameter does not contain a valid handle to a key.

NTE_BAD_LEN

The size of the output buffer is too small to hold the generated plaintext.

NTE_BAD_UID

The CSP context that was specified when the key was created cannot be found.

NTE_DOUBLE_ENCRYPT

The application attempted to decrypt the same data twice.

NTE_FAIL

The function failed in some unexpected way.

Remarks

When a large amount of data needs to be decrypted, it can be done in sections by calling CryptDecrypt repeatedly. The Final parameter should be set to TRUE only on the last invocation of CryptDecrypt, so the decryption engine can properly finish the decryption process. The following extra actions are performed when Final is TRUE:

  • If the key is a block cipher key, the data is padded to a multiple of the block size of the cipher. To find the block size of a cipher, use CryptGetKeyParam to get the KP_BLOCKLEN value of the key.
  • If the cipher is operating in a chaining mode, the next CryptDecrypt operation resets the cipher's feedback register to the KP_IV value of the key.
  • If the cipher is a stream cipher, the next CryptDecrypt call resets the cipher to its initial state.

Requirements

Header wincrypt.h
Library coredll.lib
Windows Embedded CE Windows CE 2.10 and later
Windows Mobile Windows Mobile Version 5.0 and later

See Also

Reference

CryptCreateHash
CryptEncrypt
CryptGenKey
CryptGetKeyParam
CryptGetHashParam
CryptImportKey
CryptSignHash
CryptVerifySignature
HCRYPTHASH
HCRYPTKEY