|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(SQL Server) PKCS11 Import a Private Key onto the HSMSee more PKCS11 ExamplesDemonstrates how to import an existing RSA private key onto the smartcard/token. The imported key is a token object, meaning it stays on the HSM and exists beyond the end of the PKCS11 session. Note: This example requires Chilkat v9.5.0.96 or later.
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls. -- CREATE PROCEDURE ChilkatSample AS BEGIN DECLARE @hr int DECLARE @iTmp0 int -- Important: Do not use nvarchar(max). See the warning about using nvarchar(max). DECLARE @sTmp0 nvarchar(4000) -- This example requires the Chilkat API to have been previously unlocked. -- See Global Unlock Sample for sample code. -- Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems. DECLARE @pkcs11 int -- Use "Chilkat_9_5_0.Pkcs11" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.Pkcs11', @pkcs11 OUT IF @hr <> 0 BEGIN PRINT 'Failed to create ActiveX component' RETURN END -- Use the PKCS11 driver (.dll, .so, .dylib) for your particular HSM. -- (The format of the path will change with the operating system. Obviously, "C:/" is not used on non-Windows systems. EXEC sp_OASetProperty @pkcs11, 'SharedLibPath', 'C:/Program Files (x86)/Gemalto/IDGo 800 PKCS#11/IDPrimePKCS1164.dll' -- Establish a logged-on session. DECLARE @pin nvarchar(4000) SELECT @pin = '0000' DECLARE @userType int SELECT @userType = 1 DECLARE @success int EXEC sp_OAMethod @pkcs11, 'QuickSession', @success OUT, @userType, @pin IF @success = 0 BEGIN EXEC sp_OAGetProperty @pkcs11, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @pkcs11 RETURN END -- Let's import a certificate's private key onto the HSM. -- First, we'll load the certificate from a .pfx (also known as .p12), which is a file format -- that also includes the certificate's private key. DECLARE @cert int -- Use "Chilkat_9_5_0.Cert" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.Cert', @cert OUT EXEC sp_OAMethod @cert, 'LoadPfxFile', @success OUT, 'qa_data/pfx/ehealth.fgov.be_testing.p12', 'p12_password' IF @success = 0 BEGIN EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @pkcs11 EXEC @hr = sp_OADestroy @cert RETURN END -- Let's get the certificate's private key. DECLARE @privKey int EXEC sp_OAMethod @cert, 'ExportPrivateKey', @privKey OUT EXEC sp_OAGetProperty @cert, 'LastMethodSuccess', @iTmp0 OUT IF @iTmp0 = 0 BEGIN EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @pkcs11 EXEC @hr = sp_OADestroy @cert RETURN END -- Build a PKCS11 template to provide additional information about the key to be imported. DECLARE @jsonTemplate int -- Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @jsonTemplate OUT -- Indicate that the key is to be stored on the token. It is NOT a session object. EXEC sp_OAMethod @jsonTemplate, 'UpdateBool', @success OUT, 'token', 1 -- Indicate that the key can be used for signing. EXEC sp_OAMethod @jsonTemplate, 'UpdateBool', @success OUT, 'sign', 1 -- Provide an arbitrary ID and label (anything you want). -- The information in the ID and/or label provides one means for finding the key in future PKCS11 sessions. EXEC sp_OAMethod @jsonTemplate, 'UpdateString', @success OUT, 'id_hex', '010203040A0B0C0D0E0F' EXEC sp_OAMethod @jsonTemplate, 'UpdateString', @success OUT, 'label', 'ehealth private key' -- Import the key. The private key handle is returned on success. Otherwise 0 is returned. -- If our only task for now is to simply import the key, we can ignore the returned handle, -- other than to check for success/failure. Otherwise, the handle can be used in other PKCS11 operations. -- This example just creates the key and does not use the returned handle. DECLARE @keyHandle int EXEC sp_OAMethod @pkcs11, 'ImportPrivateKey', @keyHandle OUT, @privKey, @jsonTemplate IF @keyHandle = 0 BEGIN EXEC sp_OAGetProperty @pkcs11, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 END ELSE BEGIN PRINT 'key handle = ' + @keyHandle PRINT 'Successfully imported a private key onto the HSM.' END EXEC @hr = sp_OADestroy @privKey EXEC sp_OAMethod @pkcs11, 'Logout', @success OUT EXEC sp_OAMethod @pkcs11, 'CloseSession', @success OUT EXEC @hr = sp_OADestroy @pkcs11 EXEC @hr = sp_OADestroy @cert EXEC @hr = sp_OADestroy @jsonTemplate END GO |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.