Specifying a Salt Value
Both the Base Provider and the Extended Provider can specify the value and length of the salt value to be used. The Base Provider sets a salt value using the KP_SALT parameter value. The Base Provider always sets eleven bytes of salt value.
The Enhanced Provider sets the salt value by calling CryptSetKeyParam with the KP_SALT_EX parameter value specified and with the pbData parameter pointing to a CRYPT_INTEGER_BLOB structure that contains the salt.
Note
The total length of an Enhanced Provider symmetric key and its salt value cannot be greater than 128 bits.
KP_SALT continues to be provided for backward compatibility with the Base Provider. Newer applications should use the KP_SALT_EX parameter value.
The following example sets a salt value.
// Specify 4 bytes of salt.
BYTE rgbSalt[] = {0x01, 0x02, 0x03, 0x04};
CRYPT_DATA_BLOB sSaltData;
sSaltData.pbData = rgbSalt;
sSaltData.cbData = sizeof(rgbSalt);
// Set the 4 bytes of salt required.
// hKey is an HCRYPTPROV handle previously
// assigned, such as by CryptImportKey.
if (CryptSetKeyParam(
hKey,
KP_SALT_EX,
(BYTE*)&sSaltData,
0))
{
printf("The salt value is set.\n");
}
else
{
printf("Setting the salt value failed.\n");
}