Bcrypt APIs available in VBS enclaves

Applies to: ✅ Windows 11 Build 26100.2314 or later ✅ Windows Server 2025 or later

Enclaves are used to create trusted execution environments. These Bcrypt APIs are available to developers in VBS enclaves.

List of Bcrypt.h APIs

The following APIs in the bcrypt.h header file are available to be called in VBS enclaves.

API Description
BCRYPT_INIT_AUTH_MODE_INFO Initializes a BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO structure for use in calls to BCryptEncrypt and BCryptDecrypt functions.
BCryptAddContextFunction Adds a cryptographic function to the list of functions that are supported by an existing CNG context.
BCryptCloseAlgorithmProvider Closes an algorithm provider.
BCryptConfigureContext Sets the configuration information for an existing CNG context.
BCryptConfigureContextFunction Sets the configuration information for the cryptographic function of an existing CNG context.
BCryptCreateContext Creates a new CNG configuration context.
BCryptCreateHash Called to create a hash or Message Authentication Code (MAC) object.
BCryptCreateMultiHash Creates a multi-hash state that allows for the parallel computation of multiple hash operations.
BCryptDecrypt Decrypts a block of data.
BCryptDeleteContext Deletes an existing CNG configuration context.
BCryptDeriveKey Derives a key from a secret agreement value.
BCryptDeriveKeyCapi Derives a key from a hash value.
BCryptDeriveKeyPBKDF2 Derives a key from a hash value by using the PBKDF2 key derivation algorithm as defined by RFC 2898.
BCryptDestroyHash Destroys a hash or Message Authentication Code (MAC) object.
BCryptDestroyKey Destroys a key.
BCryptDestroySecret Destroys a secret agreement handle that was created by using the BCryptSecretAgreement function.
BCryptDuplicateHash Duplicates an existing hash or Message Authentication Code (MAC) object.
BCryptDuplicateKey Creates a duplicate of a symmetric key.
BCryptEncrypt Encrypts a block of data.
BCryptEnumAlgorithms Gets a list of the registered algorithm identifiers.
BCryptEnumContextFunctionProviders Obtains the providers for the cryptographic functions for a context in the specified configuration table.
BCryptEnumContextFunctions Obtains the cryptographic functions for a context in the specified configuration table.
BCryptEnumContexts Obtains the identifiers of the contexts in the specified configuration table.
BCryptEnumProviders Obtains all of the CNG providers that support a specified algorithm.
BCryptEnumRegisteredProviders Retrieves information about the registered providers.
BCryptExportKey Exports a key to a memory BLOB that can be persisted for later use.
BCryptFinalizeKeyPair Completes a public/private key pair.
BCryptFinishHash Retrieves the hash or Message Authentication Code (MAC) value for the data accumulated from prior calls to BCryptHashData.
BCryptFreeBuffer Used to free memory that was allocated by one of the CNG functions.
BCryptGenerateKeyPair Creates an empty public/private key pair.
BCryptGenerateSymmetricKey Creates a key object for use with a symmetrical key encryption algorithm from a supplied key.
BCryptGenRandom Generates a random number.
BCryptGetFipsAlgorithmMode Determines whether Federal Information Processing Standard (FIPS) compliance is enabled.
BCryptGetProperty Retrieves the value of a named property for a CNG object.
BCryptHash Performs a single hash computation. This is a convenience function that wraps calls to BCryptCreateHash, BCryptHashData, BCryptFinishHash, and BCryptDestroyHash.
BCryptHashData Performs a one way hash or Message Authentication Code (MAC) on a data buffer.
BCryptImportKey Imports a symmetric key from a key BLOB.
BCryptImportKeyPair Imports a public/private key pair from a key BLOB.
BCryptKeyDerivation Derives a key without requiring a secret agreement.
BCryptOpenAlgorithmProvider Loads and initializes a CNG provider.
BCryptProcessMultiOperations Processes a sequence of operations on a multi-object state.
BCryptQueryContextConfiguration Retrieves the current configuration for the specified CNG context.
BCryptQueryContextFunctionConfiguration Obtains the cryptographic function configuration information for an existing CNG context.
BCryptQueryContextFunctionProperty Obtains the value of a named property for a cryptographic function in an existing CNG context.
BCryptQueryProviderRegistration Retrieves information about a CNG provider.
BCryptRegisterConfigChangeNotify Creates a user mode CNG configuration change event handler.
BCryptRegisterConfigChangeNotify Describes how the BCryptRegisterConfigChangeNotify(PRKEVENT) function creates kernel mode CNG configuration change event handler.
BCryptRemoveContextFunction Removes a cryptographic function from the list of functions that are supported by an existing CNG context.
BCryptResolveProviders Obtains a collection of all of the providers that meet the specified criteria.
BCryptSecretAgreement Creates a secret agreement value from a private and a public key.
BCryptSetContextFunctionProperty Sets the value of a named property for a cryptographic function in an existing CNG context.
BCryptSetProperty Sets the value of a named property for a CNG object.
BCryptSignHash Creates a signature of a hash value.
BCryptUnregisterConfigChangeNotify Removes a user mode CNG configuration change event handler that was created by using the BCryptRegisterConfigChangeNotify(HANDLE*) function.
BCryptUnregisterConfigChangeNotify Removes a user mode CNG configuration change event handler that was created by using the BCryptRegisterConfigChangeNotify(HANDLE*) function.
BCryptVerifySignature Verifies that the specified signature matches the specified hash.

See also