Sample code for 30+ languages & platforms
SQL Server

Get Ed25519 Key in Different Formats

See more Ed25519 Examples

Demonstrates how to get/save an Ed25519 private key to different formats.

Converting a private key from one format to another is done by loading in one format and saving/getting in another.

Note: This example requires Chilkat v9.5.0.83 or greater.

Chilkat SQL Server Downloads

SQL Server
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    DECLARE @success int
    SELECT @success = 0

    -- This example assumes the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    DECLARE @eddsa int
    EXEC @hr = sp_OACreate 'Chilkat.EdDSA', @eddsa OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    DECLARE @prng int
    EXEC @hr = sp_OACreate 'Chilkat.Prng', @prng OUT

    DECLARE @privKey int
    EXEC @hr = sp_OACreate 'Chilkat.PrivateKey', @privKey OUT

    -- Generates a new ed25519 key and stores it in privKey.
    EXEC sp_OAMethod @eddsa, 'GenEd25519Key', @success OUT, @prng, @privKey
    IF @success = 0
      BEGIN
        EXEC sp_OAGetProperty @eddsa, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @eddsa
        EXEC @hr = sp_OADestroy @prng
        EXEC @hr = sp_OADestroy @privKey
        RETURN
      END

    -- ----------------------------------------------------------
    -- Ed25519 PKCS1 format
    -- 
    -- This is the format created by:  openssl genpkey -algorithm X25519 -out xkey.pem
    DECLARE @pkcs1Base64 nvarchar(4000)
    EXEC sp_OAMethod @privKey, 'GetPkcs1ENC', @pkcs1Base64 OUT, 'base64'

    PRINT @pkcs1Base64

    -- Sample output:  MC4CAQAwBQYDK2VuBCIEIB1mwirs+eC6XGbkjPIiZyBwQ7768uSd9v5PHOLFbIXo

    -- PKCS1 is a binary ASN.1 DER format.  You can examine the contents with two online tools:
    -- 1) Go to ASN.1 Decoder  and paste the base64 into the online form.
    -- 2) Or Decode Base64 ASN.1 to XML 

    -- The PKCS1 ASN.1 format for an Ed25519 key look like this:
    --   SEQUENCE
    --     INTEGER 0
    --     SEQUENCE
    --       OBJECT IDENTIFIER 1.3.101.110 curveX25519 (ECDH 25519 key agreement algorithm)
    --     OCTET STRING 
    --       OCTET STRING (32 byte) 1D66C...

    -- Save it directly to a file.
    EXEC sp_OAMethod @privKey, 'SavePkcs1File', @success OUT, 'qa_output/ed25519.key'

    -- ----------------------------------------------------------
    -- Ed25519 Unencrypted PKCS8 format
    -- 
    -- For ed25519, the ASN.1 output is the same as for PKCS1.
    DECLARE @pkcs8Base64 nvarchar(4000)
    EXEC sp_OAMethod @privKey, 'GetPkcs8ENC', @pkcs8Base64 OUT, 'base64'

    PRINT @pkcs8Base64

    -- PKCS8 is a binary ASN.1 DER format.  You can examine the contents with two online tools:
    -- 1) Go to ASN.1 Decoder  and paste the base64 into the online form.
    -- 2) Or Decode Base64 ASN.1 to XML 

    -- ----------------------------------------------------------
    -- Ed25519 Encrypted PKCS8 format
    -- 
    -- Note: The encrypted output cannot be examined using the above online tools because the ASN.1 is encrypted.
    DECLARE @password nvarchar(4000)
    SELECT @password = 'secret'
    DECLARE @pkcs8EncBase64 nvarchar(4000)
    EXEC sp_OAMethod @privKey, 'GetPkcs8EncryptedENC', @pkcs8EncBase64 OUT, 'base64', @password

    PRINT @pkcs8EncBase64

    -- ----------------------------------------------------------
    -- Ed25519 in PEM format:
    -- 
    DECLARE @ed25519Pem nvarchar(4000)
    EXEC sp_OAMethod @privKey, 'GetPkcs1Pem', @ed25519Pem OUT

    PRINT @ed25519Pem

    -- Sample output:

    -- -----BEGIN PRIVATE KEY-----
    -- MC4CAQAwBQYDK2VuBCIEIOKPhbULJagBAi7hbRdn1f4AAzh1RqqCHqCAvau7N6yO
    -- -----END PRIVATE KEY-----

    -- ----------------------------------------------------------
    -- Ed25519 in JWK Format
    -- 
    DECLARE @jwk nvarchar(4000)
    EXEC sp_OAMethod @privKey, 'GetJwk', @jwk OUT

    DECLARE @json int
    EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @json OUT

    EXEC sp_OAMethod @json, 'Load', @success OUT, @jwk
    EXEC sp_OASetProperty @json, 'EmitCompact', 0
    EXEC sp_OAMethod @json, 'Emit', @sTmp0 OUT
    PRINT @sTmp0

    -- Sample output:
    -- {
    --   "kty": "OKP",
    --   "crv": "Ed25519",
    --   "x": "SE2Kne5xt51z1eciMH2T2ftDQp96Gl6FhY6zSQujiP0",
    --   "d": "O-eRXewadF0sNyB0U9omcnt8Qg2ZmeK3WSXPYgqe570",
    --   "use": "sig"
    -- }

    -- In the above JWK, x is the public key, y is the private key.
    -- Both are 32 bytes and are base64-url encoded.

    -- ----------------------------------------------------------
    -- Ed25519 in XML Format
    -- 
    DECLARE @ed25519_xml nvarchar(4000)
    EXEC sp_OAMethod @privKey, 'GetXml', @ed25519_xml OUT

    PRINT @ed25519_xml

    -- Sample output:  <Ed25519KeyValue>w4b/gI0zgYKgjtfWLjNfc4issmP7Qap84uesYNgEefP/WoY3jNOhOzgTYsMtOnuyGn3MdA4NZtsUXVNI1NiTlA==</Ed25519KeyValue>

    -- The base64 content is composed of the concatenation of the 32-byte private key with the 32-byte public key and then base64 encoded.
    -- In other words:  Base64(privKey || pubKey)

    -- ----------------------------------------------------------
    -- Ed25519 in Raw Hex Format
    -- 
    DECLARE @sbPubKeyHex int
    EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbPubKeyHex OUT

    DECLARE @privKeyHex nvarchar(4000)
    EXEC sp_OAMethod @privKey, 'GetRawHex', @privKeyHex OUT, @sbPubKeyHex

    -- We should have a 32-byte private key (a 64 character hex string).

    PRINT 'private key = ' + @privKeyHex

    -- We should have a 32-byte public key (a 64 character hex string).

    EXEC sp_OAMethod @sbPubKeyHex, 'GetAsString', @sTmp0 OUT
    PRINT 'public key = ' + @sTmp0

    -- Sample output:
    -- key type = ed25519
    -- size in bits = 256
    -- private key = d4ee72dbf913584ad5b6d8f1f769f8ad3afe7c28cbf1d4fbe097a88f44755842
    -- public key = 19bf44096984cdfe8541bac167dc3b96c85086aa30b6b6cb0c5c38ad703166e1

    EXEC @hr = sp_OADestroy @eddsa
    EXEC @hr = sp_OADestroy @prng
    EXEC @hr = sp_OADestroy @privKey
    EXEC @hr = sp_OADestroy @json
    EXEC @hr = sp_OADestroy @sbPubKeyHex


END
GO