What should you do if you find that DecryptMessage (Schannel) function returns SEC_E_INVALID_TOKEN; which means the buffers are of wrong type or no buffer of type SECBUFFER_DATA was found.

DecryptMessage (Schannel) function returns SEC_E_INVALID_TOKEN, means the buffers are of the wrong type or no buffer of type SECBUFFER_DATA was found.

In short the buffers are not set properly.

A quick reference is the example at the link http://msdn.microsoft.com/en-us/library/aa380536(VS.85).aspx, which references the code stated below.

BuffDesc.ulVersion    = 0;

BuffDesc.cBuffers     = 2;

BuffDesc.pBuffers     = SecBuff;

SecBuff[0].cbBuffer   = SigBufferSize;

SecBuff[0].BufferType = SECBUFFER_TOKEN;

SecBuff[0].pvBuffer   = pSigBuffer;

SecBuff[1].cbBuffer   = *pcbMessage;

SecBuff[1].BufferType = SECBUFFER_DATA;

SecBuff[1].pvBuffer   = pDataBuffer;


DecryptMessage( hCtxt, &BuffDesc, 0, &ulQop);

Couple of points to note:

· When using the Schannel SSP with contexts that are not connection oriented, on input, the structure must contain four SecBuffer structures. Exactly one buffer must be of type SECBUFFER_DATA and contain an encrypted message, which is decrypted in place. The remaining buffers are used for output and must be of type SECBUFFER_EMPTY.

· For connection-oriented contexts, a SECBUFFER_DATA type buffer must be supplied, as noted for non-connection-oriented contexts. Additionally, a second SECBUFFER_TOKEN type buffer that contains a security token must also be supplied. The above example is more appropriate for connection-oriented contexts.

Example (For Schannel SSP with contexts that are not connection oriented):

Buffers[0].pvBuffer     = pbIoBuffer;

Buffers[0].cbBuffer     = cbIoBuffer;

Buffers[0].BufferType  = SECBUFFER_DATA;

Buffers[1].BufferType  = SECBUFFER_EMPTY;

Buffers[2].BufferType  = SECBUFFER_EMPTY;

Buffers[3].BufferType  = SECBUFFER_EMPTY;

Message.ulVersion       = SECBUFFER_VERSION;

Message.cBuffers        = 4;

Message.pBuffers        = Buffers;


DecryptMessage(phContext, &Message, 0, NULL);




Shamik Misra

Comments (0)

Skip to main content