Skip to content

[BCrypt] GetProperty and SetProperty Identifiers: Add BCRYPT_PUBLIC_KEY_LENGTH + Additional Refactors #2153

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ibuprof3n wants to merge 3 commits into
base: docs
Choose a base branch
from
Open

[BCrypt] GetProperty and SetProperty Identifiers: Add BCRYPT_PUBLIC_KEY_LENGTH + Additional Refactors #2153

ibuprof3n wants to merge 3 commits into from

Conversation

@ibuprof3n
Copy link

@ibuprof3n ibuprof3n commented Jan 5, 2026

Adding the BCRYPT_PUBLIC_KEY_LENGTH identifier, including some additional information for when it applies to ECC curves.

Correcting the string values for some of the KEM identifiers.

@ibuprof3n
Add BCRYPT_PUBLIC_KEY_LENGTH, refactoring some KEM identifier strings
4925964 
Adding the BCRYPT_PUBLIC_KEY_LENGTH identifier, including some additional information for when it applies to ECC curves.

Correcting the string values for some of the KEM identifiers.
samuel-lee-msft
samuel-lee-msft approved these changes Jan 5, 2026
View reviewed changes
desktop-src/SecCNG/cng-property-identifiers.md Outdated
L"PublicKeyLength"
</dt> <dt>

The size, in bits, of the public key. For ECC we return the size, in bits, of the field modulus. This data type is a **DWORD**.
Copy link
Contributor

@samuel-lee-msft samuel-lee-msft Jan 5, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good to call out that ECC is peculiar, might wordsmith to something like:

The size, in bits, of the public key. This data type is a DWORD.

This specific size returned varies according to the algorithm. For programmatic use, most callers should use the pcbResult output of a BCryptExportKey call.

For most algorithms the returned length corresponds to the bit-size of the serialized public key without any further encoding. For ECC the returned length corresponds to the bit-size of the field modulus (P-256 returns 256 even though the public key is represented by a pair of 256-bit coordinates).

Copy link
Author

@ibuprof3n ibuprof3n Jan 5, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ahh yea this is a lot better ahaha

We generally want callers to use the pcbResult output of a BCryptExportKey call when in a program right? Would it be worth including a variation of this line at the top of the file instead? I'm not entirely sure how all of the identifiers are used, but a general callout towards the top of this page might be worthwhile if this is the expectation for a lot of the identifiers.

Also, since there's a callout for ECC, it might be helpful to include a callout for KEM since the encapsulation key length is a slightly different terminology than the public key length terminology other algorithms use. I was thinking of something like:

For KEM, the returned length corresponds to the bit-size of the encapsulation key.

Copy link
Contributor

@samuel-lee-msft samuel-lee-msft Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tend to think Encapsulation key is just a fancy name for public key (in the BCrypt API we call it BCRYPT_MLKEM_PUBLIC_BLOB), I don't think it needs to be called out.

The BCryptExportKey comment could apply to the BCRYPT_KEY_LENGTH. Not opposed to putting something like this in the description for that property too.

@ibuprof3n
Copy link
Author

ibuprof3n commented Jan 6, 2026

@microsoft-github-policy-service agree company="Microsoft"

@prmerger-automator
Copy link
Contributor

prmerger-automator bot commented Jan 6, 2026

@ibuprof3n : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change.

@prmerger-automator
Copy link
Contributor

prmerger-automator bot commented Jan 6, 2026

@ibuprof3n : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change.

@ibuprof3n ibuprof3n changed the title [BCrypt] GetProperty and SetProperty Identifiers: Add BCRYPT_PUBLIC_KEY_LENGTH, refactoring some KEM identifier strings [BCrypt] GetProperty and SetProperty Identifiers: Add BCRYPT_PUBLIC_KEY_LENGTH + Additional Refactors Jan 6, 2026
alvinashcraft
alvinashcraft reviewed Jan 6, 2026
View reviewed changes
alvinashcraft
alvinashcraft reviewed Jan 6, 2026
View reviewed changes
@alvinashcraft
Copy link
Contributor

alvinashcraft commented Jan 6, 2026

I'm adding @GrantMeStrength to the PR too. I've been moved over to the Microsoft Foundry docs team, so he can assign another writer if needed. The changes look good to me though, as long as @samuel-lee-msft is happy with them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alvinashcraft alvinashcraft alvinashcraft left review comments

@GrantMeStrength GrantMeStrength Awaiting requested review from GrantMeStrength

+1 more reviewer

@samuel-lee-msft samuel-lee-msft samuel-lee-msft approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@alvinashcraft alvinashcraft

@GrantMeStrength GrantMeStrength

Labels

Change sent to author do-not-merge security-identity/subsvc windows-api-desktop-tech/svc

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ibuprof3n @alvinashcraft @samuel-lee-msft @GrantMeStrength