diff --git a/contrib/win32/win32compat/cng_cipher.c b/contrib/win32/win32compat/cng_cipher.c
index 208e75b..d3d756a 100644
--- a/contrib/win32/win32compat/cng_cipher.c
+++ b/contrib/win32/win32compat/cng_cipher.c
@@ -216,6 +216,7 @@ unsigned int cng_cipher_init(PSSH_CNG_CIPHER_CTX x, const unsigned char *key, un
 	DWORD					cbData = 0;
 	LPCWSTR					pAlg = NULL;
 	DWORD					cbBlockLen = 0;
+	DWORD					cbKeyObject = 0;
 
 	if ((0 == (flags & _CNG_CIPHER_AES)) || (0 == (flags & (_CNG_MODE_CBC | _CNG_MODE_CTR))))
 		return STATUS_INVALID_PARAMETER;
@@ -281,12 +282,23 @@ unsigned int cng_cipher_init(PSSH_CNG_CIPHER_CTX x, const unsigned char *key, un
 		}
 
 		if (status == S_OK)
+		{
+			status = BCryptGetProperty(
+				hAlg,
+				BCRYPT_OBJECT_LENGTH,
+				(PBYTE)cbKeyObject,
+				sizeof(DWORD),
+				&cbData,
+				0);
+		}
+
+		if ((status == S_OK) && (x->pKeyObject = (PBYTE)HeapAlloc(GetProcessHeap(),0,cbKeyObject)))
 		{
 			status = BCryptGenerateSymmetricKey(
 				hAlg,
 				&(x->hKey),
-				NULL,
-				0,
+				x->pKeyObject,
+				cbKeyObject,
 				(PBYTE)key,
 				keylen,
 				0);
@@ -310,6 +322,8 @@ void cng_cipher_cleanup(PSSH_CNG_CIPHER_CTX x)
 		HeapFree(GetProcessHeap(), 0, x->pbIV);
 	if (x->hKey)
 		BCryptDestroyKey(x->hKey);
+	if (x->pKeyObject)
+		HeapFree(GetProcessHeap(), 0, x->pKeyObject);
 }
 
 #endif
\ No newline at end of file
diff --git a/contrib/win32/win32compat/cng_cipher.h b/contrib/win32/win32compat/cng_cipher.h
index 80b4a31..ef35de0 100644
--- a/contrib/win32/win32compat/cng_cipher.h
+++ b/contrib/win32/win32compat/cng_cipher.h
@@ -63,6 +63,7 @@ extern "C" {
 		unsigned char *		pbIV;
 		unsigned int		cbBlockSize;
 		unsigned int		flags;
+		PBYTE				pKeyObject;
 	} SSH_CNG_CIPHER_CTX, *PSSH_CNG_CIPHER_CTX;