|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(SQL Server) Import an SSH Key to an HSM using PKCS11See more PKCS11 ExamplesDemonstrates how to import an SSH private key to an HSM (smartcard or token). Note: This example requires Chilkat v9.5.0.96 or later.
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls. -- CREATE PROCEDURE ChilkatSample AS BEGIN DECLARE @hr int -- Important: Do not use nvarchar(max). See the warning about using nvarchar(max). DECLARE @sTmp0 nvarchar(4000) -- This example requires the Chilkat API to have been previously unlocked. -- See Global Unlock Sample for sample code. -- Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems. DECLARE @pkcs11 int -- Use "Chilkat_9_5_0.Pkcs11" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.Pkcs11', @pkcs11 OUT IF @hr <> 0 BEGIN PRINT 'Failed to create ActiveX component' RETURN END -- Use the PKCS11 driver (.dll, .so, .dylib) for your particular HSM. -- For example: EXEC sp_OASetProperty @pkcs11, 'SharedLibPath', 'C:/Program Files (x86)/Gemalto/IDGo 800 PKCS#11/IDPrimePKCS11.dll' -- Use your HSM's PIN. DECLARE @pin nvarchar(4000) SELECT @pin = '0000' -- Normal user = 1 DECLARE @userType int SELECT @userType = 1 -- Establish a logged-on user session with the HSM. DECLARE @success int EXEC sp_OAMethod @pkcs11, 'QuickSession', @success OUT, @userType, @pin IF @success = 0 BEGIN EXEC sp_OAGetProperty @pkcs11, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @pkcs11 RETURN END -- Create a PKCS11 template for importing the SSH key. DECLARE @jsonTemplate int -- Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @jsonTemplate OUT -- Indicate the key is to be stored on the token (i.e. it is not a session-only key) EXEC sp_OAMethod @jsonTemplate, 'UpdateBool', @success OUT, 'token', 1 -- The key should have the ability to sign EXEC sp_OAMethod @jsonTemplate, 'UpdateBool', @success OUT, 'sign', 1 -- Let's provide a few attributes to help us find the this key at a later time. -- See SSH Public-Key Authentication using an HSM -- The ID is byte data, so it should be base64 or hex. -- Specify "id" if passing base64 data, "id_hex" for hexidecimal, or "id_ascii" for directly copying the ascii bytes of the string. -- You can provide any ID of your choice. It is optional. EXEC sp_OAMethod @jsonTemplate, 'UpdateString', @success OUT, 'id_hex', '0A0B0C0D01020304' -- Optionally specify a label. EXEC sp_OAMethod @jsonTemplate, 'UpdateString', @success OUT, 'label', 'MySshKey' -- Load the SSH key to be imported to the HSM (smartcard or token) DECLARE @sshKey int -- Use "Chilkat_9_5_0.SshKey" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.SshKey', @sshKey OUT EXEC sp_OASetProperty @sshKey, 'Password', 'password_of_the_encrypted_ppk_file' DECLARE @ppkContents nvarchar(4000) EXEC sp_OAMethod @sshKey, 'LoadText', @ppkContents OUT, 'c:/my_ssh_keys/someSshKey.ppk' EXEC sp_OAMethod @sshKey, 'FromPuttyPrivateKey', @success OUT, @ppkContents IF @success = 0 BEGIN EXEC sp_OAGetProperty @sshKey, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @pkcs11 EXEC @hr = sp_OADestroy @jsonTemplate EXEC @hr = sp_OADestroy @sshKey RETURN END -- Import the SSH private key onto the HSM. -- The PKCS11 handle to the imported private key is returned. -- A 0 is returned on failure. DECLARE @privKeyHandle int EXEC sp_OAMethod @pkcs11, 'ImportSshKey', @privKeyHandle OUT, @sshKey, @jsonTemplate IF @privKeyHandle = 0 BEGIN EXEC sp_OAGetProperty @pkcs11, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @pkcs11 EXEC @hr = sp_OADestroy @jsonTemplate EXEC @hr = sp_OADestroy @sshKey RETURN END -- The private key handle is only valid during the PKCS11 session. -- If you wish to use the private key in another PKCS11 session, -- you'll first need to find it. See SSH Public-Key Authentication using a Smartcard PRINT 'private key handle: ' + @privKeyHandle PRINT 'Successfully imported the SSH key onto the HSM.' EXEC sp_OAMethod @pkcs11, 'Logout', @success OUT EXEC sp_OAMethod @pkcs11, 'CloseSession', @success OUT EXEC @hr = sp_OADestroy @pkcs11 EXEC @hr = sp_OADestroy @jsonTemplate EXEC @hr = sp_OADestroy @sshKey END GO |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.