Sample code for 30+ languages & platforms
SQL Server

Get a .pfx/.p12 Safe Bag Attribute

See more PFX/P12 Examples

Demonstrates how to get the value of a private key or certificate safe bag attribute. Safe bag attributes are associated with a key or certificate. They are attributes stored in the .p12/.pfx alongside a key or certificate.

Chilkat SQL Server Downloads

SQL Server
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    DECLARE @success int
    SELECT @success = 0

    DECLARE @pfx int
    EXEC @hr = sp_OACreate 'Chilkat.Pfx', @pfx OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    EXEC sp_OAMethod @pfx, 'LoadPfxFile', @success OUT, 'qa_data/pfx/test_ecdsa_secret.pfx', 'secret'
    IF @success = 0
      BEGIN
        EXEC sp_OAGetProperty @pfx, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @pfx
        RETURN
      END

    DECLARE @json int
    EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @json OUT

    EXEC sp_OAMethod @pfx, 'GetLastJsonData', NULL, @json

    EXEC sp_OASetProperty @json, 'EmitCompact', 0
    EXEC sp_OAMethod @json, 'Emit', @sTmp0 OUT
    PRINT @sTmp0

    -- The last JSON data provides information about the what is contained in the PFX.  It was collected in the call to LoadPfxFile.
    -- For example:

    -- {
    --   "authenticatedSafe": {
    --     "contentInfo": [
    --       {
    --         "type": "Data",
    --         "safeBag": [
    --           {
    --             "type": "pkcs8ShroudedKeyBag",
    --             "attrs": {
    --               "localKeyId": "16777216",
    --               "keyContainerName": "{B99EB9E7-6AF7-42AF-A43A-D4B2225B7605}",
    --               "msStorageProvider": "Microsoft Software Key Storage Provider"
    --             }
    --           }
    --         ]
    --       },
    --       {
    --         "type": "EncryptedData",
    --         "safeBag": [
    --           {
    --             "type": "certBag",
    --             "attrs": {
    --               "localKeyId": "16777216"
    --             },
    --             "subject": "EE",
    --             "serialNumber": "1a9da86df17ad411bb413b2aa724fe56fc71242d"
    --           },
    --           {
    --             "type": "certBag",
    --             "subject": "CA",
    --             "serialNumber": "02742228acbf3dd2e71f403abd8281ab6d70d490"
    --           }
    --         ]
    --       }
    --     ]
    --   }
    -- }

    -- Use this online tool to generate parsing code from sample JSON: 
    -- Generate Parsing Code from JSON

    -- In the above JSON, we can see the .pfx contains one private key (a pkcs8ShroudedKeyBag) and two certificates (each in a certBag).
    -- The certificates in a .pfx/.p12 are typicaly a single certificate with associated private key, along with the other certificates
    -- in the chain of authentication.

    -- We can see that the private key has 3 safebag attributes: localKeyId, keyContainerName, and msStorageProvider.
    -- The certificate associated with the private key contains one safebag attribute: localKeyId.
    -- Notice the localKeyId is the same.  The localKeyId helps associate the private key that corresponds to the given certificate.

    -- Let's demonstrate the GetSafeBagAttr method:

    -- Get each of the private key safebag attributes:
    DECLARE @getPrivateKeyAttr int
    SELECT @getPrivateKeyAttr = 1
    DECLARE @privateKeyIdx int
    SELECT @privateKeyIdx = 0

    PRINT '---- private key safebag attributes ----'
    EXEC sp_OAMethod @pfx, 'GetSafeBagAttr', @sTmp0 OUT, @getPrivateKeyAttr, @privateKeyIdx, 'localKeyId'
    PRINT @sTmp0
    EXEC sp_OAMethod @pfx, 'GetSafeBagAttr', @sTmp0 OUT, @getPrivateKeyAttr, @privateKeyIdx, 'keyContainerName'
    PRINT @sTmp0
    EXEC sp_OAMethod @pfx, 'GetSafeBagAttr', @sTmp0 OUT, @getPrivateKeyAttr, @privateKeyIdx, 'storageProvider'
    PRINT @sTmp0

    -- Get the localKeyId attribute for the 1st certificate.
    SELECT @getPrivateKeyAttr = 0

    PRINT '---- cert safebag attributes ----'
    EXEC sp_OAMethod @pfx, 'GetSafeBagAttr', @sTmp0 OUT, @getPrivateKeyAttr, 0, 'localKeyId'
    PRINT @sTmp0

    EXEC @hr = sp_OADestroy @pfx
    EXEC @hr = sp_OADestroy @json


END
GO