Sample code for 30+ languages & platforms
SQL Server

Read JCEKS Containing Secret Keys

See more Java KeyStore (JKS) Examples

Demonstrates how to read a JCEKS keystore file containing symmetric secret keys (for AES, Blowfish, HMAC SHA25, ChaCha, etc.)

This example uses the jceks sample file that you may download from Sample JCEKS with Secret Keys

The file password is "filePassword". The password for each secret key contained in the JCEKS is "secret".

This example requires Chilkat v9.5.0.66 or greater.

Chilkat SQL Server Downloads

SQL Server
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    DECLARE @success int
    SELECT @success = 0

    -- IMPORTANT: This example requires Chilkat v9.5.0.66 or greater.

    -- This example requires the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    DECLARE @jceks int
    EXEC @hr = sp_OACreate 'Chilkat.JavaKeyStore', @jceks OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    EXEC sp_OAMethod @jceks, 'LoadFile', @success OUT, 'filePassword', 'qa_data/jks/secretKeys_filePassword.jceks'
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @jceks, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jceks
        RETURN
      END

    DECLARE @keyPassword nvarchar(4000)
    SELECT @keyPassword = 'secret'

    -- Iterate over each secret key and get the key bytes and aliases..
    DECLARE @i int
    SELECT @i = 0
    DECLARE @numSecretKeys int
    EXEC sp_OAGetProperty @jceks, 'NumSecretKeys', @numSecretKeys OUT
    WHILE @i < @numSecretKeys
      BEGIN


        PRINT '---- Secret Key ' + @i

        EXEC sp_OAMethod @jceks, 'GetSecretKeyAlias', @sTmp0 OUT, @i
        PRINT 'Alias: ' + @sTmp0
        -- Get the secret key bytes in a desired encoding (base64, hex, base64url, etc.)

        EXEC sp_OAMethod @jceks, 'GetSecretKey', @sTmp0 OUT, @keyPassword, @i, 'hex'
        PRINT 'Key Bytes (hex): ' + @sTmp0

        EXEC sp_OAMethod @jceks, 'GetSecretKey', @sTmp0 OUT, @keyPassword, @i, 'base64'
        PRINT 'Key Bytes (base64): ' + @sTmp0

        SELECT @i = @i + 1
      END

    -- The output:

    -- ---- Secret Key 0
    -- Alias: aes_key
    -- Key Bytes (hex): CB3632FD12FF3256E0048C100DDE8DEF
    -- Key Bytes (base64): yzYy/RL/MlbgBIwQDd6N7w==
    -- ---- Secret Key 1
    -- Alias: chacha_key
    -- Key Bytes (hex): B37C73871C7B8F8D488DDE2F1A78CF51B6D74FFAF0E9B338B9609510A4688136
    -- Key Bytes (base64): s3xzhxx7j41Ijd4vGnjPUbbXT/rw6bM4uWCVEKRogTY=
    -- ---- Secret Key 2
    -- Alias: hmac_sha256_key
    -- Key Bytes (hex): 3C644B53F904A3BF161D3EAD1364E52EAE6C6EC8C61133B974A2484B894539C0
    -- Key Bytes (base64): PGRLU/kEo78WHT6tE2TlLq5sbsjGETO5dKJIS4lFOcA=
    -- ---- Secret Key 3
    -- Alias: blowfish_key
    -- Key Bytes (hex): FFE0574DE04B50F1E2FE79B4160B3B2183ACFF41721C46BFF9764CF24CA40E3C
    -- Key Bytes (base64): /+BXTeBLUPHi/nm0Fgs7IYOs/0FyHEa/+XZM8kykDjw=

    EXEC @hr = sp_OADestroy @jceks


END
GO