SQL Server
SQL Server
PKCS11 Import a Private Key onto the HSM
See more PKCS11 Examples
Demonstrates how to import an existing RSA private key onto the smartcard/token. The imported key is a token object, meaning it stays on the HSM and exists beyond the end of the PKCS11 session.Chilkat SQL Server Downloads
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
DECLARE @hr int
-- Important: Do not use nvarchar(max). See the warning about using nvarchar(max).
DECLARE @sTmp0 nvarchar(4000)
DECLARE @success int
SELECT @success = 0
-- This example requires the Chilkat API to have been previously unlocked.
-- See Global Unlock Sample for sample code.
-- Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems.
DECLARE @pkcs11 int
EXEC @hr = sp_OACreate 'Chilkat.Pkcs11', @pkcs11 OUT
IF @hr <> 0
BEGIN
PRINT 'Failed to create ActiveX component'
RETURN
END
-- Use the PKCS11 driver (.dll, .so, .dylib) for your particular HSM.
-- (The format of the path will change with the operating system. Obviously, "C:/" is not used on non-Windows systems.
EXEC sp_OASetProperty @pkcs11, 'SharedLibPath', 'C:/Program Files (x86)/Gemalto/IDGo 800 PKCS#11/IDPrimePKCS1164.dll'
-- Establish a logged-on session.
DECLARE @pin nvarchar(4000)
SELECT @pin = '0000'
DECLARE @userType int
SELECT @userType = 1
EXEC sp_OAMethod @pkcs11, 'QuickSession', @success OUT, @userType, @pin
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @pkcs11, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @pkcs11
RETURN
END
-- Let's import a certificate's private key onto the HSM.
-- First, we'll load the certificate from a .pfx (also known as .p12), which is a file format
-- that also includes the certificate's private key.
DECLARE @cert int
EXEC @hr = sp_OACreate 'Chilkat.Cert', @cert OUT
EXEC sp_OAMethod @cert, 'LoadPfxFile', @success OUT, 'qa_data/pfx/ehealth.fgov.be_testing.p12', 'p12_password'
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @pkcs11
EXEC @hr = sp_OADestroy @cert
RETURN
END
-- Let's get the certificate's private key.
DECLARE @privKey int
EXEC @hr = sp_OACreate 'Chilkat.PrivateKey', @privKey OUT
EXEC sp_OAMethod @cert, 'GetPrivateKey', @success OUT, @privKey
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @pkcs11
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @privKey
RETURN
END
-- Build a PKCS11 template to provide additional information about the key to be imported.
DECLARE @jsonTemplate int
EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @jsonTemplate OUT
-- Indicate that the key is to be stored on the token. It is NOT a session object.
EXEC sp_OAMethod @jsonTemplate, 'UpdateBool', @success OUT, 'token', 1
-- Indicate that the key can be used for signing.
EXEC sp_OAMethod @jsonTemplate, 'UpdateBool', @success OUT, 'sign', 1
-- Provide an arbitrary ID and label (anything you want).
-- The information in the ID and/or label provides one means for finding the key in future PKCS11 sessions.
EXEC sp_OAMethod @jsonTemplate, 'UpdateString', @success OUT, 'id_hex', '010203040A0B0C0D0E0F'
EXEC sp_OAMethod @jsonTemplate, 'UpdateString', @success OUT, 'label', 'ehealth private key'
-- Import the key. The private key handle is returned on success. Otherwise 0 is returned.
-- If our only task for now is to simply import the key, we can ignore the returned handle,
-- other than to check for success/failure. Otherwise, the handle can be used in other PKCS11 operations.
-- This example just creates the key and does not use the returned handle.
DECLARE @keyHandle int
EXEC sp_OAMethod @pkcs11, 'ImportPrivateKey', @keyHandle OUT, @privKey, @jsonTemplate
IF @keyHandle = 0
BEGIN
EXEC sp_OAGetProperty @pkcs11, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
END
ELSE
BEGIN
PRINT 'key handle = ' + @keyHandle
PRINT 'Successfully imported a private key onto the HSM.'
END
EXEC sp_OAMethod @pkcs11, 'Logout', @success OUT
EXEC sp_OAMethod @pkcs11, 'CloseSession', @success OUT
EXEC @hr = sp_OADestroy @pkcs11
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @privKey
EXEC @hr = sp_OADestroy @jsonTemplate
END
GO