(SQL Server) Export a Certificate's Private Key to Various Formats

Loads a digital certificate and private key from a PFX file (also known as PKCS#12) and exports the private key to various formats: (1) PKCS8 Encrypted, (2) PKCS8 Encrypted PEM, (3) PKCS8 unencrypted, (4) PKCS8 PEM unencrypted, (5) RSA DER unencrypted, (6) RSA PEM unencrypted, (7) XML.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    DECLARE @iTmp0 int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    DECLARE @cert int
    -- Use "Chilkat_9_5_0.Cert" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.Cert', @cert OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    -- Load from the PFX file
    DECLARE @pfxFilename nvarchar(4000)
    SELECT @pfxFilename = '/Users/chilkat/testData/pfx/chilkat_ssl_pwd_is_test.pfx'
    DECLARE @pfxPassword nvarchar(4000)
    SELECT @pfxPassword = 'test'

    -- A PFX typically contains certificates in the chain of authentication.
    -- The Chilkat cert object will choose the certificate w/
    -- private key farthest from the root authority cert.
    -- To access all the certificates in a PFX, use the 
    -- Chilkat certificate store object instead.
    DECLARE @success int
    EXEC sp_OAMethod @cert, 'LoadPfxFile', @success OUT, @pfxFilename, @pfxPassword
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @cert
        RETURN
      END

    -- Get the private key...
    DECLARE @privKey int

    EXEC sp_OAMethod @cert, 'ExportPrivateKey', @privKey OUT
    EXEC sp_OAGetProperty @cert, 'LastMethodSuccess', @iTmp0 OUT
    IF @iTmp0 = 0
      BEGIN
        EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @cert
        RETURN
      END

    -- Export to various formats:

    DECLARE @password nvarchar(4000)
    SELECT @password = 'secret'
    DECLARE @path nvarchar(4000)

    -- PKCS8 Encrypted DER
    SELECT @path = '/Users/chilkat/testData/privkeys/chilkat_pkcs8_enc.der'
    EXEC sp_OAMethod @privKey, 'SavePkcs8EncryptedFile', @success OUT, @password, @path
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @privKey, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @privKey

        EXEC @hr = sp_OADestroy @cert
        RETURN
      END

    -- PKCS8 Encrypted PEM
    SELECT @path = '/Users/chilkat/testData/privkeys/chilkat_pkcs8_enc.pem'
    EXEC sp_OAMethod @privKey, 'SavePkcs8EncryptedPemFile', @success OUT, @password, @path
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @privKey, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @privKey

        EXEC @hr = sp_OADestroy @cert
        RETURN
      END

    -- PKCS8 Unencrypted DER
    SELECT @path = '/Users/chilkat/testData/privkeys/chilkat_pkcs8.der'
    EXEC sp_OAMethod @privKey, 'SavePkcs8File', @success OUT, @path
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @privKey, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @privKey

        EXEC @hr = sp_OADestroy @cert
        RETURN
      END

    -- PKCS8 Unencrypted PEM
    SELECT @path = '/Users/chilkat/testData/privkeys/chilkat_pkcs8.pem'
    EXEC sp_OAMethod @privKey, 'SavePkcs8PemFile', @success OUT, @path
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @privKey, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @privKey

        EXEC @hr = sp_OADestroy @cert
        RETURN
      END

    --  RSA DER (unencrypted)
    SELECT @path = '/Users/chilkat/testData/privkeys/chilkat_rsa.der'
    EXEC sp_OAMethod @privKey, 'SavePkcs1File', @success OUT, @path
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @privKey, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @privKey

        EXEC @hr = sp_OADestroy @cert
        RETURN
      END

    -- RSA PEM (unencrypted)
    SELECT @path = '/Users/chilkat/testData/privkeys/chilkat_rsa.pem'
    EXEC sp_OAMethod @privKey, 'SavePemFile', @success OUT, @path
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @privKey, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @privKey

        EXEC @hr = sp_OADestroy @cert
        RETURN
      END

    -- XML (unencrypted)
    SELECT @path = '/Users/chilkat/testData/privkeys/chilkat.xml'
    EXEC sp_OAMethod @privKey, 'SaveXmlFile', @success OUT, @path
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @privKey, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @privKey

        EXEC @hr = sp_OADestroy @cert
        RETURN
      END

    EXEC @hr = sp_OADestroy @privKey


    PRINT 'Private key exported to all formats.'

    EXEC @hr = sp_OADestroy @cert


END
GO