Sample code for 30+ languages & platforms
SQL Server

How to Generate a JSON Web Key (JWK)

See more JSON Web Signatures (JWS) Examples

Demonstrates how to generate the following types of JSON Web Keys:
  • RSA key pair
  • EC key pair
  • Octet sequence key (HMAC-256)
  • 192-bit AES GCM key

Chilkat SQL Server Downloads

SQL Server
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    DECLARE @success int
    SELECT @success = 0

    -- This requires the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    -- ----------------------------------------------
    -- Generate an RSA key pair in JWK format.
    -- (Examples for generating other key types are shown below...)
    DECLARE @rsa int
    EXEC @hr = sp_OACreate 'Chilkat.Rsa', @rsa OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    DECLARE @rsaKey int
    EXEC @hr = sp_OACreate 'Chilkat.PrivateKey', @rsaKey OUT

    EXEC sp_OAMethod @rsa, 'GenKey', @success OUT, 2048, @rsaKey
    IF @success = 0
      BEGIN
        EXEC sp_OAGetProperty @rsa, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @rsa
        EXEC @hr = sp_OADestroy @rsaKey
        RETURN
      END

    DECLARE @rsaJwkStr nvarchar(4000)
    EXEC sp_OAMethod @rsaKey, 'GetJwk', @rsaJwkStr OUT

    -- The string returned is the most compact possible, and therefore it is not
    -- very readable.  To pretty-print, load into a JSON object and emit..
    DECLARE @json int
    EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @json OUT

    EXEC sp_OASetProperty @json, 'EmitCompact', 0
    EXEC sp_OAMethod @json, 'Load', @success OUT, @rsaJwkStr
    EXEC sp_OAMethod @json, 'Emit', @sTmp0 OUT
    PRINT @sTmp0

    -- Sample RSA JWK:

    -- { 
    --   "kty": "RSA",
    --   "n": "6w1Xpof7gKmytJ3yc_yjI5_K3MvVXnBYBDy5Oh2W6Xqu_fOl3W18SjS2AU5xJrTHlB_j84yQjPyXJh_ixjACK4K4dCSYqlLmn3R7QJ84vnHLIEkqwUICqOHdCBjK5xhMrdZxIhuNlJzbARY-3u9RqjsT3HYTjA6JNHUWTYBBRou4gYGm4cJgvX4uexdikqxnze014RmZMaOV_4MR--WL4G8QfNJ2pRBEXQeKyije89H6M5oTSK7KZqFTIqu9hwNtx2oGpGAIcS0Jv5xVl-hDtwXZNwQJaOxMzLw1nwnb2kMliJa67EabQFrQY_xthQNsfzcHJJlpqYiMprW8wRkzmQ",
    --   "e": "AQAB",
    --   "d": "1_bnXMw-SeYhmxAwb19lqVqtMpdaES5ZwHLmoT4EpbsiQ5T1BfENrMSnoaWoEy8w3Kk8cU7qlY-TdOUBIKWFqOKvhY8GciA_Y6zLfgGNSnYVczGmxfBXr0HvKvxUmWZbNbH9OqBkQnKoSmRdGcp7l1Q2mG4o4ZuNdxRJjKXV0_DTrNLUJzst0hsfoZ6mWUrQcn39XGvvLjz9ySS-DYGI1vli3ayx8jVNuw0rU8UXVs9WmPQLvZO_ZDMhoLEeKsdejnNkUNPAUjqxcSOZRojt4BfCmbt-_1slFb0NsoaqnDVZGezd9J9ocxGuyIWHAJu9GGZEcdaFyiDDs_WA1IS_fQ",
    --   "p": "9dU8f6yOklRcpV6ayVMKpyQ6AMuBTF3rZmB498eAvvTkVG1-upm8IkikTVNpPjEalc82Sxuq8oF4N5x1-F33sgVEoCZG-1WFZTn-rnPnXSALES9hqSaVYEwnh61EiY8ckjBVr9jD2nL1JKdbfgVVeo69-9PdjnKYYDVL8eLNPwM",
    --   "q": "9MX2sW0GyaOsZ86AYe3eG2ZgcgKHvhJa573gih5Jvi2e-Nv-L0EVK29_DA7n0Pjm-gl9zVAsGsMMkphJyEF9QgyUlJ-59XLqWnECS5gO6WZdtHrJxVvcO-_AOrLIxeYnYcwhmaVaxs_UEpqGzupKHCWgf4cfXe49lrIsqGKH4jM",
    --   "dp": "IQgj9uvSxGq9gCL0HXUhC1Bc0tqFZyN_i-QOnQybig0R2R5VVvFtTBYCrbk1fPvQHK0ZGIKBN9CZvK8zUsodjDgU_ofmJcNaBz4BsKM2RVcW5Zo-PyJGFAhnj12CxhEKv8Hq4ZP4zROBSQmLy6Uf1TX05S-Up51SSCshJ0FYXs0",
    --   "dq": "RijsMiUfGfL5OvP85pUI4e-xW1yQThHyzpQlZVGTL5jiBVEBhcfw6ndWAj3Pgp2ljyvjTFNboPwhgW93Tpg-8AytFgDGi605sVzNHJ_kPlBiMZY0eYaAFQn-npSaaecziJu7UdAMugneLsruMycCwRij7Ynsmr7sFmLR3B4J9vM",
    --   "qi": "jZE-a1pa8YjflpCSH5oqp1f6f6I6-hpZcLdamLCoAcjVSIPk86gtXtOFES4411-DqYzYIZM6B_g_SRYY6JpKAOuZ40mmMTlnIEoVf8BHiGl3g6bBAiN1yQGXrwXJsg2OYnocyRA-xWNdcMSSFA52SwEdar2Mmw29qVzxtC1QbpA"
    -- }

    -- ----------------------------------------------
    -- Generate an EC P-256 key pair in JWK format

    DECLARE @prng int
    EXEC @hr = sp_OACreate 'Chilkat.Prng', @prng OUT

    DECLARE @ecc int
    EXEC @hr = sp_OACreate 'Chilkat.Ecc', @ecc OUT

    DECLARE @ecKey int
    EXEC @hr = sp_OACreate 'Chilkat.PrivateKey', @ecKey OUT

    EXEC sp_OAMethod @ecc, 'GenKey', @success OUT, 'P-256', @prng, @ecKey

    DECLARE @ecJwkStr nvarchar(4000)
    EXEC sp_OAMethod @ecKey, 'GetJwk', @ecJwkStr OUT
    EXEC sp_OAMethod @json, 'Load', @success OUT, @ecJwkStr
    EXEC sp_OAMethod @json, 'Emit', @sTmp0 OUT
    PRINT @sTmp0

    -- Sample EC JWK Key:
    -- { 
    --   "kty": "EC",
    --   "crv": "P-256",
    --   "x": "tDeeYABgKEAbWicYPCEEI8sP4SRIhHKcHDW7VqrB4LA",
    --   "y": "J08HOoIZ0rX2Me3bNFZUltfxIk1Hrc8FsLu8VaSxsMI",
    --   "d": "-bqt1T0wNAN8sP5ruycQZRVlMlt3V_dSwlJ60xAX5io"
    -- }

    -- ----------------------------------------------
    -- Octet sequence keys are intended for representing secret keys, such as HMAC keys and AES keys.

    -- We'll use crypt to generate a random UUID..
    DECLARE @crypt int
    EXEC @hr = sp_OACreate 'Chilkat.Crypt2', @crypt OUT

    -- AES and HMAC keys are simply random arrays of bytes
    -- For these, we can just build the JSON directly,
    -- with the help of the PRNG object.

    DECLARE @jwkHmac int
    EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @jwkHmac OUT

    EXEC sp_OASetProperty @jwkHmac, 'EmitCompact', 0

    -- Generate a 256-bit HMAK key (32 bytes)
    EXEC sp_OAMethod @jwkHmac, 'AppendString', @success OUT, 'kty', 'oct'
    -- Give the key an optional ID, which can be anything, even strings as simple as "1", "2", etc.
    EXEC sp_OAMethod @crypt, 'GenerateUuid', @sTmp0 OUT
    EXEC sp_OAMethod @jwkHmac, 'AppendString', @success OUT, 'kid', @sTmp0
    -- Indicate the intended key alg (optional)
    EXEC sp_OAMethod @jwkHmac, 'AppendString', @success OUT, 'alg', 'HS256'
    -- Generate the actual key bytes
    EXEC sp_OAMethod @prng, 'GenRandom', @sTmp0 OUT, 32, 'base64url'
    EXEC sp_OAMethod @jwkHmac, 'AppendString', @success OUT, 'k', @sTmp0

    EXEC sp_OAMethod @jwkHmac, 'Emit', @sTmp0 OUT
    PRINT @sTmp0

    -- Sample HMAC-256 JWK:

    -- { 
    --   "kty": "oct",
    --   "kid": "06c2515d-41fb-e436-e405-3abb361f5f7a",
    --   "alg": "HS256",
    --   "k": "wR32w7yiMe5Lhb1vkW2koBpoMxpXTFYuxOYCCIEKjdE"
    -- }

    -- ----------------------------------------------
    -- Now generate a 192-bit (24 byte) key that could be used with AES192GCM

    DECLARE @jwkAes int
    EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @jwkAes OUT

    EXEC sp_OASetProperty @jwkAes, 'EmitCompact', 0

    EXEC sp_OAMethod @jwkAes, 'AppendString', @success OUT, 'kty', 'oct'
    EXEC sp_OAMethod @jwkAes, 'AppendString', @success OUT, 'kid', '2'
    EXEC sp_OAMethod @prng, 'GenRandom', @sTmp0 OUT, 24, 'base64url'
    EXEC sp_OAMethod @jwkAes, 'AppendString', @success OUT, 'k', @sTmp0

    EXEC sp_OAMethod @jwkAes, 'Emit', @sTmp0 OUT
    PRINT @sTmp0

    -- Sample AES key:
    -- { 
    --   "kty": "oct",
    --   "kid": "2",
    --   "k": "akAkq-L_ZTZ6-tEIhDUMtU2ENhsEgL-p"
    -- }

    EXEC @hr = sp_OADestroy @rsa
    EXEC @hr = sp_OADestroy @rsaKey
    EXEC @hr = sp_OADestroy @json
    EXEC @hr = sp_OADestroy @prng
    EXEC @hr = sp_OADestroy @ecc
    EXEC @hr = sp_OADestroy @ecKey
    EXEC @hr = sp_OADestroy @crypt
    EXEC @hr = sp_OADestroy @jwkHmac
    EXEC @hr = sp_OADestroy @jwkAes


END
GO