(SQL Server) RSAES-OAEP Encrypt/Decrypt Binary Data with AES-128 and SHA56

Demonstrates the use of the new EncryptBd and DecryptBd methods introduced in Chilkat v9.5.0.67 to create a PKCS7/CMS (Cryptographic Message Syntax) message using RSAES-OAEP with AES-128 and SHA256.

Note: This example requires Chilkat v9.5.0.67 or greater.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    -- This example requires the Chilkat Crypt API to have been previously unlocked.
    -- See Unlock Chilkat Crypt for sample code.

    -- Load a small JPG file to be encrypted/decrypted.
    DECLARE @jpgBytes int
    -- Use "Chilkat_9_5_0.BinData" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.BinData', @jpgBytes OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    DECLARE @success int
    EXEC sp_OAMethod @jpgBytes, 'LoadFile', @success OUT, 'qa_data/jpg/starfish20.jpg'
    IF @success <> 1
      BEGIN

        PRINT 'Failed to load JPG file.'
        EXEC @hr = sp_OADestroy @jpgBytes
        RETURN
      END

    -- Show the unencrypted JPG bytes in Base64 format.
    -- (The "base64_mime" encoding was added in Chilkat v9.5.0.67.
    -- The "base64" encoding emits a single line of base64, whereas
    -- "base64_mime" will emit multi-line base64 as it would appear
    -- in MIME.)
    EXEC sp_OAMethod @jpgBytes, 'GetEncoded', @sTmp0 OUT, 'base64_mime'
    PRINT @sTmp0

    -- Sample base64_mime JPG data:

    -- /9j/4AAQSkZJRgABAQEASABIAAD//gAmRmlsZSB3cml0dGVuIGJ5IEFkb2JlIFBob3Rvc2hvcD8g
    -- NC4w/9sAQwAQCwwODAoQDg0OEhEQExgoGhgWFhgxIyUdKDozPTw5Mzg3QEhcTkBEV0U3OFBtUVdf
    -- YmdoZz5NcXlwZHhcZWdj/9sAQwEREhIYFRgvGhovY0I4QmNjY2NjY2NjY2NjY2NjY2NjY2NjY2Nj
    -- Y2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2Nj/8IAEQgAFAAUAwERAAIRAQMRAf/EABcAAAMBAAAA
    -- AAAAAAAAAAAAAAIDBAX/xAAYAQADAQEAAAAAAAAAAAAAAAABAgMEAP/aAAwDAQACEAMQAAAB2kZY
    -- NNEijWKddfTmLgALWH//xAAbEAACAgMBAAAAAAAAAAAAAAABAgMRAAQSE//aAAgBAQABBQL0XqN+
    -- pM2aqJGMiqFFCyg7z//EABwRAAICAgMAAAAAAAAAAAAAAAERAAIQIQMSUf/aAAgBAwEBPwHqU5aq
    -- Axx+y1tMQl4elj//xAAcEQEAAQUBAQAAAAAAAAAAAAABEQACEBIhA1H/2gAIAQIBAT8B3Bhqy7Zc
    -- enyiwmGgDhiOzj//xAAdEAABAwUBAAAAAAAAAAAAAAABAAIREBIhIkFR/9oACAEBAAY/ArZyn+Cg
    -- xtxWuJaoCnqDuin/xAAcEAABBAMBAAAAAAAAAAAAAAABABEhYRAxQVH/2gAIAQEAAT8hkEwPUUR9
    -- DYfE4nxtRpIkBTsayuALIiuY/9oADAMBAAIAAwAAABDWPTsf/8QAGhEAAwADAQAAAAAAAAAAAAAA
    -- AAEREDFBIf/aAAgBAwEBPxC0DVPcWm+Ce4OesrkE6bjH/8QAGBEBAQEBAQAAAAAAAAAAAAAAAREA
    -- QRD/2gAIAQIBAT8QahMiOc8YgSrnTY3ELclHXn//xAAcEAEBAAIDAQEAAAAAAAAAAAABEQAhMUFx
    -- EFH/2gAIAQEAAT8Qn3igmSZSj+c4N4zapMy9IjFV98wncN2iuLFsCEbDGxQkI6RO/n//2Q==

    DECLARE @crypt int
    -- Use "Chilkat_9_5_0.Crypt2" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.Crypt2', @crypt OUT

    -- Specify the encryption to be used.
    -- "pki" indicates "Public Key Infrastructure" and will create a PKCS7/CMS message.
    EXEC sp_OASetProperty @crypt, 'CryptAlgorithm', 'pki'
    EXEC sp_OASetProperty @crypt, 'Pkcs7CryptAlg', 'aes'
    EXEC sp_OASetProperty @crypt, 'KeyLength', 128
    EXEC sp_OASetProperty @crypt, 'OaepHash', 'sha256'
    EXEC sp_OASetProperty @crypt, 'OaepPadding', 1

    -- A certificate is needed as the encryption key..
    DECLARE @cert int
    -- Use "Chilkat_9_5_0.Cert" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.Cert', @cert OUT

    EXEC sp_OAMethod @cert, 'LoadFromFile', @success OUT, 'qa_data/rsaes-oaep/cert.pem'
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jpgBytes
        EXEC @hr = sp_OADestroy @crypt
        EXEC @hr = sp_OADestroy @cert
        RETURN
      END

    -- Tell the crypt object to use the certificate.
    EXEC sp_OAMethod @crypt, 'SetEncryptCert', @success OUT, @cert

    -- Do the in-place RSAES-OAEP encryption.
    -- The contents of jpgBytes are replaced with the CMS message.
    EXEC sp_OAMethod @crypt, 'EncryptBd', @success OUT, @jpgBytes
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @crypt, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jpgBytes
        EXEC @hr = sp_OADestroy @crypt
        EXEC @hr = sp_OADestroy @cert
        RETURN
      END

    -- Examine the JPG bytes again.  The bytes should be different because they are encrypted:
    EXEC sp_OAMethod @jpgBytes, 'GetEncoded', @sTmp0 OUT, 'base64_mime'
    PRINT @sTmp0

    -- Sample CMS message:
    -- This CMS message can be copy-and-pasted into the online web form
    -- at https://lapo.it/asn1js/   to verify the algorithms used.

    -- MIIFDAYJKoZIhvcNAQcDoIIE/TCCBPkCAQAxggGgMIIBnAIBADB1MGgxCzAJBgNVBAYTAlVTMQsw
    -- CQYDVQQIDAJJTDEQMA4GA1UEBwwHV2hlYXRvbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
    -- dHkgTHRkMRcwFQYDVQQDDA5DaGlsa2F0V2lkZ2V0cwIJAMRwugDmvniwMBwGCSqGSIb3DQEBBzAP
    -- oA0wCwYJYIZIAWUDBAIBBIIBAHyWLgkJfIvoA3cYEAR/uHfA7uoi4eQXHl2woQAd6W5BbUNVBcYD
    -- zuCTTOTWo1e7Uh0j0AhMZvVQf3+cngTiimzKwIZ2LNuNAgYOhrO/7coHyB22ImVetncUpCsAv/u7
    -- 2tYp1dO36T56K+2hMELwcQXTj6v5ODO6a3emdCjITCjHhlYePvq2l0HyU2ALG5RFB6ldk9imhKzn
    -- 6gfcijfH65S+KfMRlFBCXFu5nCBKmi8Ywo8Ue0rFssUDKLCjCeQNY52symiDbN/d06K/luOUwVhY
    -- 1KQffdIKmTrZUugw+FaoQRq0xGj39T/sYu8qCinNZu/vPdUmxcXszSaSVJ/LGwcwggNOBgkqhkiG
    -- 9w0BBwEwHQYJYIZIAWUDBAECBBDLnqRASqqnNUV2IiDkTRl/gIIDIPRaxdKEjhR5RD7pc7yI5j7N
    -- TioZNvuMETdHWgHy7eOGz+1hP7fObk/RI0mtQx7IPEjkxaduNbXNzTpXAVRVj4Fw1zzXlqh9UPwt
    -- p3TN3NsVRPQ5GmQ+cnPTSZD8i3i8ru8WFHyj1M6vyA0phrEGltKgqsZbb+OkuO5qG3laJv4XGkmn
    -- 039pPGSTydQzW+HAp/hsJZLEMwdngXToi854ytjEk+ahCkeOz+d2MAfXZAR+nBCkmAmCQ9SDVTqH
    -- FVJOAV2WrKBqNv4+iMn63f7QeoVIjk0QTE8D2iRsUiFYjy4ICaUpplLJEewneH5l0W40KA2+mOep
    -- lIrvWnaX2H8ltOEBGD6Jng7i6p/Q4Lr+Y+HBYIHsBPLox3A4NOh/b0MZcyBr/AV2CsIwkIUGLlYl
    -- /3rnpl7dRTuHP+fe1lDQVLAxD+U0c73sW7vOALhEe2t2Ae3ayukWPRyfXK9FNHAMhcOI4stHNSwx
    -- o2fHa+ctTpPh0V5CHY/ELAKKkrH3nW954pk52tc8Xt6CnzVO5ry/ndcmTlQA0PkG6CK98TE9hCTA
    -- hBdSL4/gVFgi9c35I6VXieY9kJe5ICljw5Ftm5yqTwlJIxGU3Z/WeIYBF4uyMegG75AQ9Md9tX0h
    -- w8OOu2b6sIvxOZ+durIrYQDlXUXU/IR9exzAlYFENNBPhBgtDsWKSx5gcp+32kC5wtSYSiy3JxNt
    -- 0W1yEJz8JGZXhuUvRXjwf+AjS4+/o82WTNXVLVKZ0TP50NVvtf9QqWuXvK/kDDPx6w+abK/aqdAs
    -- QSL7wCxOosR2YUPWbXtwGhyHbIfAwWXijO2RnrqKeXL25Ywg16LQUTHq9Mlbgfw/tx3l5pjrmqFC
    -- e9t9aaU6kDZqyyfRDOeWwkuDIsT90ulazbed2apgUXYj6AVVvMiC1pRld9wSuHH0vW0x5VsNbmXy
    -- EY0NJlJY6II/1szy3bpiP6MsqFveCyCX8rM7UgGgpMNbvWPnsX0F/0eJywIrXrnQYXpvfgghIrlr
    -- qu/ftXWypfcfvATxme+cN2EBsCDhq4VcMgB6JY3ykv6P8PK/QpMTbu4Y

    -- To decrypt, we'll need the cert with private key.  
    -- (The certificate alone contains only the public key.)
    -- Provide the required cert + private key from a PFX (.pfx/.p12) file.
    EXEC sp_OAMethod @crypt, 'AddPfxSourceFile', @success OUT, 'qa_data/rsaes-oaep/cert_plus_privatekey.pfx', 'PFX_PASSWORD'
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @crypt, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jpgBytes
        EXEC @hr = sp_OADestroy @crypt
        EXEC @hr = sp_OADestroy @cert
        RETURN
      END

    -- Decrypt to restore back to the original:
    EXEC sp_OAMethod @crypt, 'DecryptBd', @success OUT, @jpgBytes
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @crypt, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jpgBytes
        EXEC @hr = sp_OADestroy @crypt
        EXEC @hr = sp_OADestroy @cert
        RETURN
      END

    EXEC sp_OAMethod @jpgBytes, 'GetEncoded', @sTmp0 OUT, 'base64_mime'
    PRINT @sTmp0

    EXEC @hr = sp_OADestroy @jpgBytes
    EXEC @hr = sp_OADestroy @crypt
    EXEC @hr = sp_OADestroy @cert


END
GO