Cryptographic Primitives Library
7.8.4 BCryptKeyDerivation
NTSTATUS WINAPI BCryptKeyDerivation(
_In_
BCRYPT_KEY_HANDLE hKey,
_In_opt_ BCryptBufferDesc *pParameterList,
_Out_writes_bytes_to_(cbDerivedKey, *pcbResult) PUCHAR pbDerivedKey,
_In_
ULONG
cbDerivedKey,
_Out_
ULONG
*pcbResult,
_In_
ULONG
dwFlags);
The BCryptKeyDerivation() function executes a Key Derivation Function (KDF) on a key generated with
BCryptGenerateSymmetricKey() function. It differs from the BCryptDeriveKey() function in that it does
not require a secret agreement step to create a shared secret.
hKey [in] is a handle to a key created with the BCryptGenerateSymmetricKey function.
pParameterList [in] is the algorithm-specific parameter list for the selected KDF.
pbDerivedKey [out] is the address of a buffer that receives the key. The cbDerivedKey parameter
contains the size of this buffer.
cbDerivedKey [in] contains the size, in bytes, of the pbDerivedKey buffer.
pcbResult [out] is a pointer to a ULONG that receives the number of bytes that were copied to the
pbDerivedKey buffer. If the pbDerivedKey parameter is NULL, this function will place the required size,
in bytes, in the ULONG pointed to by this parameter.
dwFlags [in] is a set of flags that modify the behavior of this function. This must be zero.
7.8.5 BCryptDeriveKeyPBKDF2
NTSTATUS WINAPI BCryptDeriveKeyPBKDF2(
BCRYPT_ALG_HANDLE hPrf,
PUCHAR pbPassword,
ULONG cbPassword,
PUCHAR pbSalt,
ULONG cbSalt,
ULONGLONG cIterations,
PUCHAR pbDerivedKey,
ULONG cbDerivedKey,
ULONG dwFlags);
The BCryptDeriveKeyPBKDF2() function derives a key from a hash value by using the password based key
derivation function as defined by SP 800-132 PBKDF and IETF RFC 2898 (specified as PBKDF2).
hPrf [in] is the handle of an algorithm provider that provides the pseudo-random function.
© 2016 Microsoft. All Rights Reserved
Page 34 of 48
This Security Policy is non-proprietary and may be reproduced only in its original entirety (without revision).