Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(SQL Server) Generate Encryption KeyDiscusses symmetric encryption key generation techniques for block encryption algorithms such as AES, Blowfish, and Twofish, or for other algorithms such as ChaCha20.
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls. -- CREATE PROCEDURE ChilkatSample AS BEGIN DECLARE @hr int -- Symmetric encryption algorithms are such that the encryptor and decryptor -- share a pre-known secret key. This could be a "single-use" key that is -- derived from a secure key exchange algorithm using RSA, ECC, or Diffie-Hellman, -- or it could be a password known to both sides, or -- it could simply be the binary bytes of the secret key known in advance on both -- sides. -- A secret key has no structure. It's nothing more than N bytes of data. -- It should typically be random data, or bytes that resemble random data such -- as the hash of a password. -- The number of bytes in the secret key defines the bit-strength of an encryption -- algorithm. For example, AES with a 32-byte key is 256-bit AES. Most algorithms -- define restrictions on key sizes. For example, AES has 3 choices: 128-bit, 192-bit, -- or 256-bit. In the ChaCha20 algorithm, the key size must always be 256-bits (32-bytes). -- Both sides (encryptor and decryptor) must be in possession of the same secret key -- in order to communicate. Whichever side generates the key, it must somehow -- deliver the key to the other side beforehand. Key exchange algorithms, such as RSA, ECC, -- and Diffie-Hellman define secure ways of exchanging symmetric encryption keys. -- They do so using asymmetric encryption algorithms (public/private keys). It is not -- required to use a key exchange algorithm to achieve the goal of having both sides -- in possession of the same secret key. A long-living secret key could be exchanged -- via any secure out-of-band means. For example, exchanging the information over a secure -- TLS (HTTPS) or SSH connection... -- This example assumes the Chilkat API to have been previously unlocked. -- See Global Unlock Sample for sample code. DECLARE @success int DECLARE @crypt int -- Use "Chilkat_9_5_0.Crypt2" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.Crypt2', @crypt OUT IF @hr <> 0 BEGIN PRINT 'Failed to create ActiveX component' RETURN END EXEC sp_OASetProperty @crypt, 'CryptAlgorithm', 'aes' EXEC sp_OASetProperty @crypt, 'KeyLength', 256 -- Generate a 32-byte random secret key, -- and use it in the crypt object. DECLARE @prng int -- Use "Chilkat_9_5_0.Prng" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.Prng', @prng OUT DECLARE @secretKeyHex nvarchar(4000) EXEC sp_OAMethod @prng, 'GenRandom', @secretKeyHex OUT, 32, 'hex' -- It is important that the number of bytes in the secret key -- matches the value specified in the KeyLength property (above). EXEC sp_OAMethod @crypt, 'SetEncodedKey', NULL, @secretKeyHex, 'hex' PRINT 'randomly generated key: ' + @secretKeyHex -- Alternatively, a password could be hashed using a hash algorithm -- the results in the desired key length. Our desired key length -- in this case is 32 bytes, so we wouldn't want MD5 (16 bytes), -- nor would we want to use SHA-1 (20 bytes). SHA256 would be the -- hash of choice because it results in 32-bytes of random-looking -- key material. EXEC sp_OASetProperty @crypt, 'HashAlgorithm', 'SHA256' EXEC sp_OASetProperty @crypt, 'EncodingMode', 'hex' EXEC sp_OAMethod @crypt, 'HashStringENC', @secretKeyHex OUT, 'mypassword' EXEC sp_OAMethod @crypt, 'SetEncodedKey', NULL, @secretKeyHex, 'hex' PRINT 'password-based key: ' + @secretKeyHex EXEC @hr = sp_OADestroy @crypt EXEC @hr = sp_OADestroy @prng END GO |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.