SslCreateEphemeralKey function

The SslCreateEphemeralKey function creates an ephemeral key for use during the authentication that occurs during the Secure Sockets Layer protocol (SSL) handshake.

Syntax

SECURITY_STATUS WINAPI SslCreateEphemeralKey(
  _In_  NCRYPT_PROV_HANDLE hSslProvider,
  _Out_ NCRYPT_KEY_HANDLE  *phEphemeralKey,
  _In_  DWORD              dwProtocol,
  _In_  DWORD              dwCipherSuite,
  _In_  DWORD              dwKeyType,
  _In_  DWORD              dwKeyBitLen,
  _In_  PBYTE              pbParams,
  _In_  DWORD              cbParams,
  _In_  DWORD              dwFlags
);

Parameters

hSslProvider [in]

The handle of the SSL protocol provider instance.

phEphemeralKey [out]

The handle of the ephemeral key.

dwProtocol [in]

One of the CNG SSL Provider Protocol Identifier values.

dwCipherSuite [in]

One of the CNG SSL Provider Cipher Suite Identifier values.

dwKeyType [in]

One of the CNG SSL Provider Key Type Identifier values. Set this parameter to zero for key types that are not elliptic curve cryptography (ECC).

dwKeyBitLen [in]

The length, in bits, of the key.

pbParams [in]

A pointer to a buffer to contain parameters for the key that is to be created. If a Diffie-Hellman (ephemeral) key-exchange algorithm (DHE) cipher suite is not used, set the pbParams parameter to NULL and the cbParams parameter to zero.

cbParams [in]

The length, in bytes, of the data in the pbParams buffer.

dwFlags [in]

This parameter is reserved for future use.

Return value

If the function succeeds, it returns zero.

If the function fails, it returns a nonzero error value.

Return code/value Description
NTE_NO_MEMORY
0x8009000EL
There is insufficient memory to allocate the buffer.
NTE_INVALID_HANDLE
0x80090026L
The hSslProvider handle is not valid.
NTE_INVALID_PARAMETER
0x80090027L
One of the supplied parameters is not valid.

Remarks

When using a DHE cipher suite, the internal SSL implementation passes server p and g parameters to the SslCreateEphemeralKey function in the pbParams and cbParams parameters.

The format of the data in the pbParams buffer is the same as that used when setting the BCRYPT_DH_PARAMETERS property, and it starts with a BCRYPT_DH_PARAMETER_HEADER structure.

Requirements

Requirement Value
Minimum supported client
Windows Vista [desktop apps only]
Minimum supported server
Windows Server 2008 [desktop apps only]
Header
Sslprovider.h
DLL
Ncrypt.dll