(SQL Server) Verify the RSA Signature of a SHA256 Hash

See more RSA Examples

Demonstrates how to verify an RSA signature of a SHA256 hash.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    DECLARE @sTmp1 nvarchar(4000)
    -- This example assumes the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    -- Let's say you have a file containing the 32-bytes of a SHA256 hash,
    -- and a file that is an RSA signature of those 32 bytes.
    -- Here's how you verify using the RSA public key found in a PEM.

    DECLARE @pubKey int
    -- Use "Chilkat_9_5_0.PublicKey" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.PublicKey', @pubKey OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    DECLARE @success int
    EXEC sp_OAMethod @pubKey, 'LoadFromFile', @success OUT, 'rsaPubKey.pem'
    IF @success = 0
      BEGIN
        EXEC sp_OAGetProperty @pubKey, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @pubKey
        RETURN
      END

    DECLARE @rsa int
    -- Use "Chilkat_9_5_0.Rsa" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.Rsa', @rsa OUT

    -- Get the public key.
    EXEC sp_OAMethod @rsa, 'ImportPublicKeyObj', @success OUT, @pubKey
    IF @success = 0
      BEGIN
        EXEC sp_OAGetProperty @rsa, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @pubKey
        EXEC @hr = sp_OADestroy @rsa
        RETURN
      END

    -- Get the 32-byte SHA256 hash.
    DECLARE @bdHash int
    -- Use "Chilkat_9_5_0.BinData" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.BinData', @bdHash OUT

    EXEC sp_OAMethod @bdHash, 'LoadFile', @success OUT, 'myHash.sha256'
    IF @success = 0
      BEGIN

        PRINT 'Failed to load SHA256 hash.'
        EXEC @hr = sp_OADestroy @pubKey
        EXEC @hr = sp_OADestroy @rsa
        EXEC @hr = sp_OADestroy @bdHash
        RETURN
      END

    -- Get the RSA signature to be validated.
    DECLARE @bdSig int
    -- Use "Chilkat_9_5_0.BinData" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.BinData', @bdSig OUT

    EXEC sp_OAMethod @bdSig, 'LoadFile', @success OUT, 'mySig.sig'
    IF @success = 0
      BEGIN

        PRINT 'Failed to load RSA signature.'
        EXEC @hr = sp_OADestroy @pubKey
        EXEC @hr = sp_OADestroy @rsa
        EXEC @hr = sp_OADestroy @bdHash
        EXEC @hr = sp_OADestroy @bdSig
        RETURN
      END

    -- Verify the signature against the SHA256 hash.
    DECLARE @enc nvarchar(4000)
    SELECT @enc = 'base64'
    EXEC sp_OASetProperty @rsa, 'EncodingMode', @enc
    EXEC sp_OAMethod @bdHash, 'GetEncoded', @sTmp0 OUT, @enc
    EXEC sp_OAMethod @bdSig, 'GetEncoded', @sTmp1 OUT, @enc
    EXEC sp_OAMethod @rsa, 'VerifyHashENC', @success OUT, @sTmp0, 'sha256', @sTmp1
    IF @success = 0
      BEGIN
        EXEC sp_OAGetProperty @rsa, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @pubKey
        EXEC @hr = sp_OADestroy @rsa
        EXEC @hr = sp_OADestroy @bdHash
        EXEC @hr = sp_OADestroy @bdSig
        RETURN
      END


    PRINT 'Signature validated.'

    EXEC @hr = sp_OADestroy @pubKey
    EXEC @hr = sp_OADestroy @rsa
    EXEC @hr = sp_OADestroy @bdHash
    EXEC @hr = sp_OADestroy @bdSig


END
GO