(SQL Server) RSA Encryption -- Same Key Different Results

The RSA encryption algorithm produces different results for each call, even when encrypting the same data with the same key. Decryption however, will produce the correct results. This example demonstrates.

*** The reason this occurs is that RSA encryption uses PKCS1 v1.5 padding, and this padding scheme uses random bytes. It is random bytes in the padding that causes the result to be different each time.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    -- This example assumes the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    DECLARE @rsa int
    -- Use "Chilkat_9_5_0.Rsa" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.Rsa', @rsa OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    -- RSA public key in XML format:
    DECLARE @publicKey nvarchar(4000)
    SELECT @publicKey = '<RSAPublicKey><Modulus>xxyv1RDPU0MvfFIIa98HppXdcuI7zSu8uIqyGAy/VoxPvxZFX0acajznvjVRHipHbpcO6ryo2LwXUPf89qOqLb3Qd1lfD2ZnH+TQ6MZXNxfFRxTpTUd+tTR4EBYpd2t6kzq8ZRJYLdlviaMQQqUEwR54k7Op5HJYVKUcHIkP1xE=</Modulus><Exponent>AQAB</Exponent></RSAPublicKey>'

    DECLARE @privateKey nvarchar(4000)
    SELECT @privateKey = '<RSAKeyValue><Modulus>xxyv1RDPU0MvfFIIa98HppXdcuI7zSu8uIqyGAy/VoxPvxZFX0acajznvjVRHipHbpcO6ryo2LwXUPf89qOqLb3Qd1lfD2ZnH+TQ6MZXNxfFRxTpTUd+tTR4EBYpd2t6kzq8ZRJYLdlviaMQQqUEwR54k7Op5HJYVKUcHIkP1xE=</Modulus><Exponent>AQAB</Exponent><P>4cpW9fvG99Jsz8/AO7PDHTl+pPRAglksrR2kClLV2g9DEeFe/bvmCxLUgMCJ+0eGQ1zA6aA7McKr13zTQ7jKpQ==</P><Q>4cCS/kFlq/P1ExF37Fkh4pCodOEGutepLEG7Q/KljT3ZGlAY+2l8fGu4f+hrkUuGoFl7NOMaJflULoPIgQaq/Q==</Q><DP>lkjcSsvzqh3YKRXJiLNkyf3rypV8noYGU4+oEOsDxilkZfFRDafUPUiiQrRk4ui/d/SzvozU+ZDuWfaOk8PatQ==</DP><DQ>SYCD25i7W8Mwdibn3uIecEAdOQDTSh5RjIFSUYs9b8FFYJXXrHPp/jCsf6jS7RmkGa1Iui1/JAIL8KEjtS7QmQ==</DQ><InverseQ>EDAJa3TpNdPQ3GIdBpnTgFTQY5A60DcszsUW/iCYoXQdPVJ9BLBxVTe9jiLzGuNuzLkVBwQlCy0Bf84hACRV9A==</InverseQ><D>cMFdDYKkddlRNczaugOmOH8b1egpx2liSPs6GYZ2gFObAXJiPK8m+r6c2ckls7hrlUP0DZhi4cG6Tn7xANb0Ek17P7QquVhQYOmFy/YHzm+IJbcwwq7pJHhZBhtcjyXqfUZ+BADGE//GQbrSVwVltpOj5KcxG88NAprLn2MMxfE=</D></RSAKeyValue>'

    DECLARE @success int
    EXEC sp_OAMethod @rsa, 'ImportPublicKey', @success OUT, @publicKey

    -- Encrypt a string and return the encrypted data base64-encoded:
    EXEC sp_OASetProperty @rsa, 'EncodingMode', 'base64'

    DECLARE @plainText nvarchar(4000)
    SELECT @plainText = 'RSA gives different results with each call, weird but OK'

    DECLARE @usePrivateKey int
    SELECT @usePrivateKey = 0
    DECLARE @encryptedStr1 nvarchar(4000)
    EXEC sp_OAMethod @rsa, 'EncryptStringENC', @encryptedStr1 OUT, @plainText, @usePrivateKey

    PRINT @encryptedStr1

    -- Do it again. The results are different...
    DECLARE @encryptedStr2 nvarchar(4000)
    EXEC sp_OAMethod @rsa, 'EncryptStringENC', @encryptedStr2 OUT, @plainText, @usePrivateKey

    PRINT @encryptedStr2

    -- Now decrypt both strings, and the results are correct
    -- in both cases:
    DECLARE @rsa2 int
    -- Use "Chilkat_9_5_0.Rsa" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.Rsa', @rsa2 OUT

    EXEC sp_OAMethod @rsa2, 'ImportPrivateKey', @success OUT, @privateKey
    EXEC sp_OASetProperty @rsa2, 'EncodingMode', 'base64'
    SELECT @usePrivateKey = 1

    DECLARE @decryptedStr1 nvarchar(4000)
    EXEC sp_OAMethod @rsa2, 'DecryptStringENC', @decryptedStr1 OUT, @encryptedStr1, @usePrivateKey

    PRINT @decryptedStr1

    DECLARE @decryptedStr2 nvarchar(4000)
    EXEC sp_OAMethod @rsa2, 'DecryptStringENC', @decryptedStr2 OUT, @encryptedStr2, @usePrivateKey

    PRINT @decryptedStr2

    EXEC @hr = sp_OADestroy @rsa
    EXEC @hr = sp_OADestroy @rsa2


END
GO