SQL Server
SQL Server
PKCS11 Import an Existing RSA Public Key onto the HSM
See more PKCS11 Examples
Demonstrates how to import an existing RSA Public Key onto a smart card or token.Note: This example requires Chilkat v9.5.0.96 or later.
Chilkat SQL Server Downloads
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
DECLARE @hr int
-- Important: Do not use nvarchar(max). See the warning about using nvarchar(max).
DECLARE @sTmp0 nvarchar(4000)
DECLARE @success int
SELECT @success = 0
-- This example requires the Chilkat API to have been previously unlocked.
-- See Global Unlock Sample for sample code.
-- Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems.
DECLARE @pkcs11 int
EXEC @hr = sp_OACreate 'Chilkat.Pkcs11', @pkcs11 OUT
IF @hr <> 0
BEGIN
PRINT 'Failed to create ActiveX component'
RETURN
END
-- Use the PKCS11 driver (.dll, .so, .dylib) for your particular HSM.
-- (The format of the path will change with the operating system. Obviously, "C:/" is not used on non-Windows systems.
EXEC sp_OASetProperty @pkcs11, 'SharedLibPath', 'C:/Program Files (x86)/Gemalto/IDGo 800 PKCS#11/IDPrimePKCS1164.dll'
-- Establish a logged-on session.
DECLARE @pin nvarchar(4000)
SELECT @pin = '0000'
DECLARE @userType int
SELECT @userType = 1
EXEC sp_OAMethod @pkcs11, 'QuickSession', @success OUT, @userType, @pin
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @pkcs11, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @pkcs11
RETURN
END
-- Generate a new 2048-bit RSA key.
DECLARE @rsa int
EXEC @hr = sp_OACreate 'Chilkat.Rsa', @rsa OUT
DECLARE @privKey int
EXEC @hr = sp_OACreate 'Chilkat.PrivateKey', @privKey OUT
EXEC sp_OAMethod @rsa, 'GenKey', @success OUT, 2048, @privKey
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @rsa, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @pkcs11
EXEC @hr = sp_OADestroy @rsa
EXEC @hr = sp_OADestroy @privKey
RETURN
END
-- Get the public key information as XML, so we can access the modulus and exponent.
DECLARE @xml int
EXEC @hr = sp_OACreate 'Chilkat.Xml', @xml OUT
DECLARE @pubKey int
EXEC @hr = sp_OACreate 'Chilkat.PublicKey', @pubKey OUT
EXEC sp_OAMethod @privKey, 'ToPublicKey', @success OUT, @pubKey
EXEC sp_OAMethod @pubKey, 'GetXml', @sTmp0 OUT
EXEC sp_OAMethod @xml, 'LoadXml', @success OUT, @sTmp0
DECLARE @attrs int
EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @attrs OUT
-- Specify the type of object, and the type of key.
EXEC sp_OAMethod @attrs, 'UpdateString', @success OUT, 'class', 'CKO_PUBLIC_KEY'
EXEC sp_OAMethod @attrs, 'UpdateString', @success OUT, 'key_type', 'CKK_RSA'
-- Add an optional label if desired.
EXEC sp_OAMethod @attrs, 'UpdateString', @success OUT, 'label', 'RSA Public Key 1'
-- Allow the key to be use for verify, wrapping, and encryption operations.
EXEC sp_OAMethod @attrs, 'UpdateBool', @success OUT, 'verify', 1
EXEC sp_OAMethod @attrs, 'UpdateBool', @success OUT, 'wrap', 1
EXEC sp_OAMethod @attrs, 'UpdateBool', @success OUT, 'encrypt', 1
-- Make this a session-only public key.
-- To store the public key on the token so that it persists after the PKCS11 session, set token = 1.
EXEC sp_OAMethod @attrs, 'UpdateBool', @success OUT, 'token', 0
-- Provide the RSA public key material
EXEC sp_OAMethod @xml, 'GetChildContent', @sTmp0 OUT, 'Modulus'
EXEC sp_OAMethod @attrs, 'UpdateString', @success OUT, 'modulus', @sTmp0
EXEC sp_OAMethod @xml, 'GetChildContent', @sTmp0 OUT, 'Exponent'
EXEC sp_OAMethod @attrs, 'UpdateString', @success OUT, 'public_exponent', @sTmp0
-- Create the RSA public key.
-- Returns the PKCS11 object handle of the created key.
DECLARE @objHandle int
EXEC sp_OAMethod @pkcs11, 'CreatePkcs11Object', @objHandle OUT, @attrs
IF @objHandle = 0
BEGIN
EXEC sp_OAGetProperty @pkcs11, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
PRINT 'Failed.'
END
ELSE
BEGIN
PRINT 'PKCS11 object handle = ' + @objHandle
PRINT 'Successfully imported an RSA key..'
END
EXEC sp_OAMethod @pkcs11, 'Logout', @success OUT
EXEC sp_OAMethod @pkcs11, 'CloseSession', @success OUT
EXEC @hr = sp_OADestroy @pkcs11
EXEC @hr = sp_OADestroy @rsa
EXEC @hr = sp_OADestroy @privKey
EXEC @hr = sp_OADestroy @xml
EXEC @hr = sp_OADestroy @pubKey
EXEC @hr = sp_OADestroy @attrs
END
GO