Sample code for 30+ languages & platforms
SQL Server

Create JCEKS Containing Secret Keys

See more Java KeyStore (JKS) Examples

Demonstrates how to create a JCEKS keystore file containing symmetric secret keys (for AES, Blowfish, HMAC SHA25, ChaCha20, etc.)

This example requires Chilkat v9.5.0.66 or greater.

Chilkat SQL Server Downloads

SQL Server
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    DECLARE @success int
    SELECT @success = 0

    -- IMPORTANT: This example requires Chilkat v9.5.0.66 or greater.

    -- This example requires the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    DECLARE @jceks int
    EXEC @hr = sp_OACreate 'Chilkat.JavaKeyStore', @jceks OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    -- We'll need a pseudo-random number generator (PRNG) to generate symmetric keys.
    DECLARE @prng int
    EXEC @hr = sp_OACreate 'Chilkat.Prng', @prng OUT

    -- Generate some keys..

    -- 128-bit AES key (16 bytes)
    DECLARE @aesKey nvarchar(4000)
    EXEC sp_OAMethod @prng, 'GenRandom', @aesKey OUT, 16, 'base64'

    -- 256-bit Blowfish key (32 bytes)
    DECLARE @blowfishKey nvarchar(4000)
    EXEC sp_OAMethod @prng, 'GenRandom', @blowfishKey OUT, 32, 'base64'

    -- HMAC SHA256 key
    -- (An HMAC key can be anything, and any length. We'll use the following string:
    DECLARE @hmacKey nvarchar(4000)
    SELECT @hmacKey = 'This is my HMAC key'

    -- ChaCha20 256-bit
    DECLARE @chachaKey nvarchar(4000)
    EXEC sp_OAMethod @prng, 'GenRandom', @chachaKey OUT, 32, 'base64'

    -- Add each secret key to the JCEKS
    DECLARE @encoding nvarchar(4000)
    SELECT @encoding = 'base64'
    DECLARE @password nvarchar(4000)
    SELECT @password = 'secret'
    EXEC sp_OAMethod @jceks, 'AddSecretKey', @success OUT, @aesKey, @encoding, 'AES', 'my aes key', @password
    EXEC sp_OAMethod @jceks, 'AddSecretKey', @success OUT, @blowfishKey, @encoding, 'BLOWFISH', 'my blowfish key', @password
    -- For HMAC, we're using the us-ascii bytes for the key..
    EXEC sp_OAMethod @jceks, 'AddSecretKey', @success OUT, @hmacKey, 'ascii', 'HMAC_SHA256', 'my hmac key', @password
    EXEC sp_OAMethod @jceks, 'AddSecretKey', @success OUT, @chachaKey, @encoding, 'CHACHA', 'my chacha20 key', @password

    DECLARE @filePassword nvarchar(4000)
    SELECT @filePassword = 'password'
    -- Write the JCEKs to a file.
    EXEC sp_OAMethod @jceks, 'ToFile', @success OUT, @filePassword, 'qa_output/secretKeys.jceks'
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @jceks, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jceks
        EXEC @hr = sp_OADestroy @prng
        RETURN
      END

    -- We can also emit as a JWK Set..
    DECLARE @sbJson int
    EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbJson OUT

    EXEC sp_OAMethod @jceks, 'ToJwkSet', @success OUT, 'secret', @sbJson
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @jceks, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jceks
        EXEC @hr = sp_OADestroy @prng
        EXEC @hr = sp_OADestroy @sbJson
        RETURN
      END

    -- Emit the JSON in pretty-printed (indented) form:
    DECLARE @json int
    EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @json OUT

    EXEC sp_OAMethod @json, 'LoadSb', @success OUT, @sbJson
    EXEC sp_OASetProperty @json, 'EmitCompact', 0
    EXEC sp_OAMethod @json, 'Emit', @sTmp0 OUT
    PRINT @sTmp0

    -- Output is:

    -- { 
    --   "keys": [
    --     { 
    --       "kty": "oct",
    --       "alg": "AES",
    --       "k": "vHekQQB0Gc1NvppapUTW2g",
    --       "kid": "my aes key"
    --     },
    --     { 
    --       "kty": "oct",
    --       "alg": "BLOWFISH",
    --       "k": "qHsdXaJsXicVCZbK8l8hJQpYOa0GkiO9gsRK9WLtht8",
    --       "kid": "my blowfish key"
    --     },
    --     { 
    --       "kty": "oct",
    --       "alg": "HMAC_SHA256",
    --       "k": "VGhpcyBpcyBteSBITUFDIGtleQ",
    --       "kid": "my hmac key"
    --     },
    --     { 
    --       "kty": "oct",
    --       "alg": "CHACHA",
    --       "k": "yNv832U43C9BcWvaQAH2_rG-GwfmpgT5JBRllWGQY1o",
    --       "kid": "my chacha20 key"
    --     }
    --   ]
    -- }
    -- 

    EXEC @hr = sp_OADestroy @jceks
    EXEC @hr = sp_OADestroy @prng
    EXEC @hr = sp_OADestroy @sbJson
    EXEC @hr = sp_OADestroy @json


END
GO