Bcrypt APIs available in VBS enclaves
Applies to: ✅ Windows 11 Build 26100.2314 or later ✅ Windows Server 2025 or later
Enclaves are used to create trusted execution environments. These Bcrypt APIs are available to developers in VBS enclaves.
List of Bcrypt.h APIs
The following APIs in the bcrypt.h header file are available to be called in VBS enclaves.
API | Description |
---|---|
BCRYPT_INIT_AUTH_MODE_INFO | Initializes a BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO structure for use in calls to BCryptEncrypt and BCryptDecrypt functions. |
BCryptAddContextFunction | Adds a cryptographic function to the list of functions that are supported by an existing CNG context. |
BCryptCloseAlgorithmProvider | Closes an algorithm provider. |
BCryptConfigureContext | Sets the configuration information for an existing CNG context. |
BCryptConfigureContextFunction | Sets the configuration information for the cryptographic function of an existing CNG context. |
BCryptCreateContext | Creates a new CNG configuration context. |
BCryptCreateHash | Called to create a hash or Message Authentication Code (MAC) object. |
BCryptCreateMultiHash | Creates a multi-hash state that allows for the parallel computation of multiple hash operations. |
BCryptDecrypt | Decrypts a block of data. |
BCryptDeleteContext | Deletes an existing CNG configuration context. |
BCryptDeriveKey | Derives a key from a secret agreement value. |
BCryptDeriveKeyCapi | Derives a key from a hash value. |
BCryptDeriveKeyPBKDF2 | Derives a key from a hash value by using the PBKDF2 key derivation algorithm as defined by RFC 2898. |
BCryptDestroyHash | Destroys a hash or Message Authentication Code (MAC) object. |
BCryptDestroyKey | Destroys a key. |
BCryptDestroySecret | Destroys a secret agreement handle that was created by using the BCryptSecretAgreement function. |
BCryptDuplicateHash | Duplicates an existing hash or Message Authentication Code (MAC) object. |
BCryptDuplicateKey | Creates a duplicate of a symmetric key. |
BCryptEncrypt | Encrypts a block of data. |
BCryptEnumAlgorithms | Gets a list of the registered algorithm identifiers. |
BCryptEnumContextFunctionProviders | Obtains the providers for the cryptographic functions for a context in the specified configuration table. |
BCryptEnumContextFunctions | Obtains the cryptographic functions for a context in the specified configuration table. |
BCryptEnumContexts | Obtains the identifiers of the contexts in the specified configuration table. |
BCryptEnumProviders | Obtains all of the CNG providers that support a specified algorithm. |
BCryptEnumRegisteredProviders | Retrieves information about the registered providers. |
BCryptExportKey | Exports a key to a memory BLOB that can be persisted for later use. |
BCryptFinalizeKeyPair | Completes a public/private key pair. |
BCryptFinishHash | Retrieves the hash or Message Authentication Code (MAC) value for the data accumulated from prior calls to BCryptHashData. |
BCryptFreeBuffer | Used to free memory that was allocated by one of the CNG functions. |
BCryptGenerateKeyPair | Creates an empty public/private key pair. |
BCryptGenerateSymmetricKey | Creates a key object for use with a symmetrical key encryption algorithm from a supplied key. |
BCryptGenRandom | Generates a random number. |
BCryptGetFipsAlgorithmMode | Determines whether Federal Information Processing Standard (FIPS) compliance is enabled. |
BCryptGetProperty | Retrieves the value of a named property for a CNG object. |
BCryptHash | Performs a single hash computation. This is a convenience function that wraps calls to BCryptCreateHash, BCryptHashData, BCryptFinishHash, and BCryptDestroyHash. |
BCryptHashData | Performs a one way hash or Message Authentication Code (MAC) on a data buffer. |
BCryptImportKey | Imports a symmetric key from a key BLOB. |
BCryptImportKeyPair | Imports a public/private key pair from a key BLOB. |
BCryptKeyDerivation | Derives a key without requiring a secret agreement. |
BCryptOpenAlgorithmProvider | Loads and initializes a CNG provider. |
BCryptProcessMultiOperations | Processes a sequence of operations on a multi-object state. |
BCryptQueryContextConfiguration | Retrieves the current configuration for the specified CNG context. |
BCryptQueryContextFunctionConfiguration | Obtains the cryptographic function configuration information for an existing CNG context. |
BCryptQueryContextFunctionProperty | Obtains the value of a named property for a cryptographic function in an existing CNG context. |
BCryptQueryProviderRegistration | Retrieves information about a CNG provider. |
BCryptRegisterConfigChangeNotify | Creates a user mode CNG configuration change event handler. |
BCryptRegisterConfigChangeNotify | Describes how the BCryptRegisterConfigChangeNotify(PRKEVENT) function creates kernel mode CNG configuration change event handler. |
BCryptRemoveContextFunction | Removes a cryptographic function from the list of functions that are supported by an existing CNG context. |
BCryptResolveProviders | Obtains a collection of all of the providers that meet the specified criteria. |
BCryptSecretAgreement | Creates a secret agreement value from a private and a public key. |
BCryptSetContextFunctionProperty | Sets the value of a named property for a cryptographic function in an existing CNG context. |
BCryptSetProperty | Sets the value of a named property for a CNG object. |
BCryptSignHash | Creates a signature of a hash value. |
BCryptUnregisterConfigChangeNotify | Removes a user mode CNG configuration change event handler that was created by using the BCryptRegisterConfigChangeNotify(HANDLE*) function. |
BCryptUnregisterConfigChangeNotify | Removes a user mode CNG configuration change event handler that was created by using the BCryptRegisterConfigChangeNotify(HANDLE*) function. |
BCryptVerifySignature | Verifies that the specified signature matches the specified hash. |