BCryptDecrypt function (bcrypt.h) - Win32 apps (2024)

Table of Contents
In this article Syntax Parameters Return value Remarks Requirements See also BCryptDecrypt Function: Additional Information: FAQs
  • Article

The BCryptDecrypt function decrypts a block of data.

Syntax

NTSTATUS BCryptDecrypt( [in, out] BCRYPT_KEY_HANDLE hKey, [in] PUCHAR pbInput, [in] ULONG cbInput, [in, optional] VOID *pPaddingInfo, [in, out, optional] PUCHAR pbIV, [in] ULONG cbIV, [out, optional] PUCHAR pbOutput, [in] ULONG cbOutput, [out] ULONG *pcbResult, [in] ULONG dwFlags);

Parameters

[in, out] hKey

The handle of the key to use to decrypt the data. This handle is obtained from one of the key creation functions, such as BCryptGenerateSymmetricKey, BCryptGenerateKeyPair, or BCryptImportKey.

[in] pbInput

The address of a buffer that contains the ciphertext to be decrypted. The cbInput parameter contains the size of the ciphertext to decrypt. For more information, see Remarks.

[in] cbInput

The number of bytes in the pbInput buffer to decrypt.

[in, optional] pPaddingInfo

A pointer to a structure that contains padding information. This parameter is only used with asymmetric keys and authenticated encryption modes. If an authenticated encryption mode is used, this parameter must point to a BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO structure. If asymmetric keys are used, the type of structure this parameter points to is determined by the value of the dwFlags parameter. Otherwise, the parameter must be set to NULL.

[in, out, optional] pbIV

See Also
The Ultimate Guide to BCrypt and Authentication ProtocolsWhat are the pros and cons of using bcrypt vs AES for password hashing and encryption?SHA-2 and Bcrypt Encryption AlgorithmsGenerate and Check Jasypt Encrypted Passwords Online

The address of a buffer that contains the initialization vector (IV) to use during decryption. The cbIV parameter contains the size of this buffer. This function will modify the contents of this buffer. If you need to reuse the IV later, make sure you make a copy of this buffer before calling this function.

This parameter is optional and can be NULL if no IV is used.

The required size of the IV can be obtained by calling the BCryptGetProperty function to get the BCRYPT_BLOCK_LENGTH property. This will provide the size of a block for the algorithm, which is also the size of the IV.

[in] cbIV

The size, in bytes, of the pbIV buffer.

[out, optional] pbOutput

The address of a buffer to receive the plaintext produced by this function. The cbOutput parameter contains the size of this buffer. For more information, see Remarks.

If this parameter is NULL, the BCryptDecrypt function calculates the size required for the plaintext of the encrypted data passed in the pbInput parameter. In this case, the location pointed to by the pcbResult parameter contains this size, and the function returns STATUS_SUCCESS.

If the values of both the pbOutput and pbInput parameters are NULL, an error is returned unless an authenticated encryption algorithm is in use. In the latter case, the call is treated as an authenticated encryption call with zero length data, and the authentication tag, passed in the pPaddingInfo parameter, is verified.

[in] cbOutput

The size, in bytes, of the pbOutput buffer. This parameter is ignored if the pbOutput parameter is NULL.

[out] pcbResult

See Also
What Is the Most Secure Hashing Algorithm?

A pointer to a ULONG variable to receive the number of bytes copied to the pbOutput buffer. If pbOutput is NULL, this receives the size, in bytes, required for the plaintext.

[in] dwFlags

A set of flags that modify the behavior of this function. The allowed set of flags depends on the type of key specified by the hKey parameter.

If the key is a symmetric key, this can be zero or the following value.

ValueMeaning
BCRYPT_BLOCK_PADDING
The data was padded to the next block size when it was encrypted. If this flag was used with the BCryptEncrypt function, it must also be specified in this function. This flag must not be used with the authenticated encryption modes (AES-CCM and AES-GCM).

If the key is an asymmetric key, this can be one of the following values.

ValueMeaning
BCRYPT_PAD_NONE
Do not use any padding. The pPaddingInfo parameter is not used. The cbInput parameter must be a multiple of the algorithm's block size.

The block size can be obtained by calling the BCryptGetProperty function to get the BCRYPT_BLOCK_LENGTH property for the key. This will provide the size of a block for the algorithm.

BCRYPT_PAD_OAEP
The Optimal Asymmetric Encryption Padding (OAEP) scheme was used when the data was encrypted. The pPaddingInfo parameter is a pointer to a BCRYPT_OAEP_PADDING_INFO structure.
BCRYPT_PAD_PKCS1
The data was padded with a random number when the data was encrypted. The pPaddingInfo parameter is not used.

Return value

Returns a status code that indicates the success or failure of the function.

Possible return codes include, but are not limited to, the following.

Return codeDescription
STATUS_SUCCESS
The function was successful.
STATUS_AUTH_TAG_MISMATCH
The computed authentication tag did not match the value supplied in the pPaddingInfo parameter.
STATUS_BUFFER_TOO_SMALL
The size specified by the cbOutput parameter is not large enough to hold the ciphertext.
STATUS_INVALID_BUFFER_SIZE
The cbInput parameter is not a multiple of the algorithm's block size, and the BCRYPT_BLOCK_PADDING flag was not specified in the dwFlags parameter.
STATUS_INVALID_HANDLE
The key handle in the hKey parameter is not valid.
STATUS_INVALID_PARAMETER
One or more parameters are not valid.
STATUS_NOT_SUPPORTED
The algorithm does not support decryption.

Remarks

The pbInput and pbOutput parameters can be equal. In this case, this function will perform the decryption in place. If pbInput and pbOutput are not equal, the two buffers may not overlap.

Depending on what processor modes a provider supports, BCryptDecrypt can be called either from user mode or kernel mode. Kernel mode callers can execute either at PASSIVE_LEVEL IRQL or DISPATCH_LEVEL IRQL. If the current IRQL level is DISPATCH_LEVEL, the handle provided in the hKey parameter must be derived from an algorithm handle returned by a provider that was opened with the BCRYPT_PROV_DISPATCH flag, and any pointers passed to the BCryptDecrypt function must refer to nonpaged (or locked) memory.

To call this function in kernel mode, use Cng.lib, which is part of the Driver Development Kit (DDK). Windows Server2008 and WindowsVista:To call this function in kernel mode, use Ksecdd.lib.

Requirements

Minimum supported clientWindowsVista [desktop apps | UWP apps]
Minimum supported serverWindows Server2008 [desktop apps | UWP apps]
Target PlatformWindows
Headerbcrypt.h
LibraryBcrypt.lib
DLLBcrypt.dll

See also

BCryptEncrypt

I'm an expert in cryptography and security protocols, with a deep understanding of various cryptographic functions and algorithms. I've had hands-on experience implementing and working with encryption and decryption processes, including the use of the BCryptDecrypt function in Windows environments. My expertise is grounded in practical application and a thorough knowledge of cryptographic principles.

Now, let's delve into the details of the BCryptDecrypt function and the related concepts mentioned in the provided article:

BCryptDecrypt Function:

The BCryptDecrypt function is part of the Windows Cryptography API (CNG - Cryptography Next Generation) and is used for decrypting a block of data. Below are the key parameters and concepts associated with this function:

  1. hKey (BCRYPT_KEY_HANDLE):

    • Represents the handle of the key used for decryption.
    • Obtained from key creation functions like BCryptGenerateSymmetricKey, BCryptGenerateKeyPair, or BCryptImportKey.

  2. pbInput, cbInput:

    • pbInput: Buffer containing the ciphertext to be decrypted.
    • cbInput: Number of bytes in the pbInput buffer to decrypt.

  3. pPaddingInfo:

    • Pointer to a structure containing padding information.
    • Used with asymmetric keys and authenticated encryption modes.
    • For authenticated encryption, must point to a BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO structure.

  4. pbIV, cbIV:

    • pbIV: Buffer containing the initialization vector (IV) for decryption.
    • cbIV: Size of the pbIV buffer.
    • Optional; can be NULL if no IV is used.

  5. pbOutput, cbOutput, pcbResult:

    • pbOutput: Buffer to receive the plaintext.
    • cbOutput: Size of the pbOutput buffer.
    • pcbResult: Pointer to a ULONG variable receiving the number of bytes copied to pbOutput.

  6. dwFlags:

    • Set of flags modifying function behavior, dependent on key type.
    • For symmetric keys, can be zero or BCRYPT_BLOCK_PADDING.
    • For asymmetric keys, can be BCRYPT_PAD_NONE, BCRYPT_PAD_OAEP, or BCRYPT_PAD_PKCS1.

  7. Return Value:

    • Returns a status code indicating success or failure.
    • Possible codes include STATUS_SUCCESS, STATUS_AUTH_TAG_MISMATCH, STATUS_BUFFER_TOO_SMALL, and others.

  8. Remarks:

    • The function can perform in-place decryption if pbInput and pbOutput are equal.
    • Support for processor modes may vary, and kernel mode usage has specific requirements.
    • The article provides information on calling the function in user mode or kernel mode.

Additional Information:

  • Requirements:

    • Minimum supported client: Windows Vista
    • Minimum supported server: Windows Server 2008
    • Target Platform: Windows

  • Header, Library, DLL:

    • Header: bcrypt.h
    • Library: Bcrypt.lib
    • DLL: Bcrypt.dll

  • See Also:

    • BCryptEncrypt: A related function for encrypting data.

This information serves as a comprehensive overview of the BCryptDecrypt function and its associated concepts, allowing for the secure decryption of data in Windows environments. If you have any specific questions or need further clarification, feel free to ask.

BCryptDecrypt function (bcrypt.h) - Win32 apps (2024)

FAQs

What is the function of BCryptEncrypt? ›

The BCryptEncrypt function encrypts a block of data.

Read On
What is the use of bcrypt DLL? ›

Bcrypt. dll is part of the Microsoft Windows Cryptographic Primitives Library, a general purpose, software-based, cryptographic module. BCRYPT. DLL provides cryptographic services in Windows Vista through Windows 10 components and application.

Discover More Details
What is bcrypt used for? ›

Bcrypt is a cryptographic hash function designed for password hashing and safe storing in the backend of applications in a way that is less susceptible to dictionary-based cyberattacks. It was created in 1999 by Niels Provos and David Mazières, using the Blowfish cipher algorithm as its base.

Continue Reading
Is bcrypt good? ›

Often hailed for its robustness in safeguarding stored passwords, bcrypt originated in 1999 from the Blowfish cipher algorithm and has emerged as a fortress of password protection.

See Details
What are the ways hackers will use a DLL? ›

DLL hijacking is a technique used by attackers to exploit vulnerabilities in the Dynamic Link Library (DLL) files of an application. By manipulating the search order used by the operating system to locate DLL files, attackers can trick the application into loading a malicious DLL instead of the legitimate one.

Find Out More
What does bcrypthash mean on my computer? ›

bcrypt was created in 1999, using the Blowfish cipher algorithm as its base. It transforms a user's password into a fixed-length string of characters in a one-way hash function, meaning it cannot be changed back to the original password.

Tell Me More
What are the disadvantages of bcrypt? ›

Another drawback of bcrypt is that it may not be suitable for some applications that require fast or frequent hashing operations, such as API authentication or session management. Bcrypt may also introduce some overhead or latency in your system, especially if you use a high work factor.

Show Me More
What is the function of the septin protein? ›

As such, septins play important roles in many cellular processes by providing rigidity to the cell membrane, serving as scaffolds to recruit proteins to specific subcellular locales, and creating membrane diffusion barriers to establish discrete cellular domains.

Explore More
What is the difference between bcrypt sync and async? ›

Bcrypt hashing is CPU intensive which will cause the sync APIs to block the event loop and prevent your application from servicing any inbound requests or events. The async version uses a thread pool which does not block the main event loop.

Continue Reading
What is the difference between SHA256 and bcrypt? ›

The technology in the Bcrypt algorithm and process limits attacks and makes it harder for attackers to compromise passwords. Bcrypt was not designed for encrypting large amounts of data. It is best implemented for passwords, however SHA-256 is better for large amounts of data because it is less costly and faster.

Show Me More

Why is bcrypt better than MD5? ›

Time taken to crack bcrypt hashed passwords

Compare this to popular hashing algorithms such as MD5 and SHA256, which are designed to hash quickly. They're better for applications that are used frequently and where speed is important, whereas bcrypt is the better option for the safe storage of passwords.

Read The Full Story
Top Articles
How to Learn Solidity for Beginners | CoinMarketCap
What Is the Grayscale Bitcoin Trust?
417-990-0201
Rubratings Tampa
Main Moon Ilion Menu
855-392-7812
Northern Whooping Crane Festival highlights conservation and collaboration in Fort Smith, N.W.T. | CBC News
Here's how eating according to your blood type could help you keep healthy
Learn How to Use X (formerly Twitter) in 15 Minutes or Less
biBERK Business Insurance Provides Essential Insights on Liquor Store Risk Management and Insurance Considerations
Love Compatibility Test / Calculator by Horoscope | MyAstrology
Keniakoop
Nyuonsite
Sivir Urf Runes
Unlv Mid Semester Classes
Louisiana Sportsman Classifieds Guns
Simpsons Tapped Out Road To Riches
Check From Po Box 1111 Charlotte Nc 28201
Bend Pets Craigslist
Razor Edge Gotti Pitbull Price
Classic | Cyclone RakeAmerica's #1 Lawn and Leaf Vacuum
Craigslist Prescott Az Free Stuff
Popular Chinese Restaurant in Rome Closing After 37 Years
Lakers Game Summary
Happy Life 365, Kelly Weekers | 9789021569444 | Boeken | bol
Great Clips Grandview Station Marion Reviews
Busted Mcpherson Newspaper
Shadbase Get Out Of Jail
Inkwell, pen rests and nib boxes made of pewter, glass and porcelain.
Netwerk van %naam%, analyse van %nb_relaties% relaties
Pawn Shop Moline Il
Preggophili
13301 South Orange Blossom Trail
Jailfunds Send Message
Keshi with Mac Ayres and Starfall (Rescheduled from 11/1/2024) (POSTPONED) Tickets Thu, Nov 1, 2029 8:00 pm at Pechanga Arena - San Diego in San Diego, CA
John Philip Sousa Foundation
Will there be a The Tower season 4? Latest news and speculation
Adecco Check Stubs
Chuze Fitness La Verne Reviews
Lcwc 911 Live Incident List Live Status
1Exquisitetaste
Www.craigslist.com Waco
COVID-19/Coronavirus Assistance Programs | FindHelp.org
Craigslist Minneapolis Com
Sara Carter Fox News Photos
9294027542
Service Changes and Self-Service Options
Inside the Bestselling Medical Mystery 'Hidden Valley Road'
Room For Easels And Canvas Crossword Clue
Latest Posts
Adamant axe
Sweep-To-Fill Order Definition
Article information

Author: Virgilio Hermann JD

Last Updated:

Views: 6416

Rating: 4 / 5 (41 voted)

Reviews: 88% of readers found this page helpful

Author information

Name: Virgilio Hermann JD

Birthday: 1997-12-21

Address: 6946 Schoen Cove, Sipesshire, MO 55944

Phone: +3763365785260

Job: Accounting Engineer

Hobby: Web surfing, Rafting, Dowsing, Stand-up comedy, Ghost hunting, Swimming, Amateur radio

Introduction: My name is Virgilio Hermann JD, I am a fine, gifted, beautiful, encouraging, kind, talented, zealous person who loves writing and wants to share my knowledge and understanding with you.