: A pointer that receives the unique provider handle. This handle must be closed later using NCryptFreeObject .
// Using a built-in provider via a static property CngProvider softwareProvider = CngProvider.MicrosoftSoftwareKeyStorageProvider;
status = NCryptOpenStorageProvider( &hProvider, MS_PLATFORM_KEY_STORAGE_PROVIDER, // TPM Provider 0 ); Use code with caution. 3. Using Flags for New Key Scenarios ncryptopenstorageprovider new
A pointer to an NCRYPT_PROV_HANDLE variable that receives the opened provider handle. This handle must eventually be explicitly released using NCryptFreeObject to avoid resource leaks. pszProviderName [in, optional]
When calling NCryptOpenStorageProvider , you can explicitly target different built-in cryptographic boundaries: Provider Constant System Visual String Ideal Use Case MS_KEY_STORAGE_PROVIDER "Microsoft Software Key Storage Provider" Default software-isolated user/machine persistent keys. MS_SMART_CARD_KEY_STORAGE_PROVIDER "Microsoft Smart Card Key Storage Provider" Hardware-backed physical tokens and virtual smart cards. MS_PLATFORM_KEY_STORAGE_PROVIDER "Microsoft Platform Crypto Provider" Hardware Trusted Platform Module (TPM) operations. Basic Implementation (C++) : A pointer that receives the unique provider handle
The pszProviderName must be the registered alias of the KSP. For custom providers, this name is defined during registration. Using an incorrect name will result in an error.
It is composed of three key parameters:
The NCryptOpenStorageProvider function remains a cornerstone of Windows CNG programming, and its modern .NET counterpart continues to evolve with new static properties like MicrosoftPlatformCryptoProvider . For developers building custom KSPs, the current Microsoft Cryptographic Provider Development Kit (CPDK) is based on Windows 8/Server 2008 and is outdated for Windows 11/Server 2022. The data structure for NCRYPT_PROV_HANDLE has been updated, and developers are actively seeking documentation for these changes.
When invoking NCryptOpenStorageProvider , developers target different security isolation boundaries depending on the string passed to pszProviderName . Provider Constant System Alias Underlying Storage Architecture "Microsoft Software Key Storage Provider" When invoking NCryptOpenStorageProvider
To start, you might need to simply open the default software-based provider to create a new key in user storage.
SECURITY_STATUS NCryptOpenStorageProvider( [out] NCRYPT_PROV_HANDLE *phProvider, [in] LPCWSTR pszProviderName, [in] DWORD dwFlags );