|
|
(SQL Server) ScMinidriver - Get Public Keys from Smart Card Key Container
Demonstrates how to query a key container on a smart card (or USB token) to get the public part of the private keys that are present. A key container can hold two separate private keys -- one in the "signature" position, and the other in the "key exchange" position.
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
DECLARE @hr int
DECLARE @iTmp0 int
-- Important: Do not use nvarchar(max). See the warning about using nvarchar(max).
DECLARE @sTmp0 nvarchar(4000)
-- This example requires the Chilkat API to have been previously unlocked.
-- See Global Unlock Sample for sample code.
-- Chilkat recommends the following free tool for interactively examining the contents of your smart card
-- through the ScMinidriver interface: MGTEK Tool for Minidriver enabled Smart Cards
-- Let's first look at our smart card..
-- Here's the view of our Gemalto (Thales) IDPrime MD T=0 smart card in the MGTEK tool:
DECLARE @scmd int
-- Use "Chilkat_9_5_0.ScMinidriver" for versions of Chilkat < 10.0.0
EXEC @hr = sp_OACreate 'Chilkat.ScMinidriver', @scmd OUT
IF @hr <> 0
BEGIN
PRINT 'Failed to create ActiveX component'
RETURN
END
-- First we need to acquire a context to the smart card in the reader where it is inserted.
-- Reader names (smart card readers or USB tokens) can be discovered
-- via List Readers or Find Smart Cards
DECLARE @readerName nvarchar(4000)
SELECT @readerName = 'Alcor Micro USB Smart Card Reader 0'
DECLARE @success int
EXEC sp_OAMethod @scmd, 'AcquireContext', @success OUT, @readerName
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @scmd, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @scmd
RETURN
END
-- If successful, the name of the currently inserted smart card is available:
EXEC sp_OAGetProperty @scmd, 'CardName', @sTmp0 OUT
PRINT 'Card name: ' + @sTmp0
-- We likely shouldn't need to authenticate with the smart card (use a PIN) to simply get a public key,
-- so we can skip the PIN authenticatin step..
-- Let's get the key(s) present in Container #7.
-- In our case (shown in the image above), there is a private key in the "key exchange" position, but no key in the "signature" position.
DECLARE @pubkey_sig int
-- Use "Chilkat_9_5_0.PublicKey" for versions of Chilkat < 10.0.0
EXEC @hr = sp_OACreate 'Chilkat.PublicKey', @pubkey_sig OUT
DECLARE @pubkey_kex int
-- Use "Chilkat_9_5_0.PublicKey" for versions of Chilkat < 10.0.0
EXEC @hr = sp_OACreate 'Chilkat.PublicKey', @pubkey_kex OUT
EXEC sp_OAMethod @scmd, 'GetContainerKeys', @success OUT, 7, @pubkey_sig, @pubkey_kex
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @scmd, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @scmd
EXEC @hr = sp_OADestroy @pubkey_sig
EXEC @hr = sp_OADestroy @pubkey_kex
RETURN
END
EXEC sp_OAGetProperty @pubkey_sig, 'Empty', @iTmp0 OUT
IF @iTmp0 = 1
BEGIN
PRINT 'No signature key is present.'
END
ELSE
BEGIN
PRINT 'Signature key:'
EXEC sp_OAMethod @pubkey_sig, 'GetPem', @sTmp0 OUT, 1
PRINT @sTmp0
END
EXEC sp_OAGetProperty @pubkey_kex, 'Empty', @iTmp0 OUT
IF @iTmp0 = 1
BEGIN
PRINT 'No Key Exchange key is present.'
END
ELSE
BEGIN
PRINT 'Key Exchange key:'
EXEC sp_OAMethod @pubkey_kex, 'GetPem', @sTmp0 OUT, 1
PRINT @sTmp0
END
EXEC sp_OAMethod @scmd, 'DeleteContext', @success OUT
PRINT 'Success.'
-- Here's the output of the above sample code:
-- Card name: IDPrime MD T=0
-- No signature key is present.
-- Key Exchange key:
-- -----BEGIN RSA PUBLIC KEY-----
-- MIIBCgKCAQEAsXeRhM55P13FbpNcXAMR3olbw2Wa6keZIHu5YTZYUBTlYWId+pNi
-- wUz3zFIEo+0IfYR0H27ybIycQO+1IIzJofUFNMAL3tZps2OKPlsjuCPls6kXpXhv
-- /gvhux8LrCtp4PcKWqJ6QVOZKChc7WAx40qFWzHi57ueqRTv3x0kESqGg/VjsqyT
-- Evb55psJO2RsfhLT7+YVh3hImRM3RDaJdkTkPuOxeFyT6N7VXD09329sLuS3QkUb
-- E9zEKDnz9X3d8dEQdJhSI9ba5fxl8R7fu8pB67ElfzFml96X1jLFtzy1pzOT5Fc4
-- ROcaqlYckVzdBq9sxezm6MYmDBjNAcibRwIDAQAB
-- -----END RSA PUBLIC KEY-----
EXEC @hr = sp_OADestroy @scmd
EXEC @hr = sp_OADestroy @pubkey_sig
EXEC @hr = sp_OADestroy @pubkey_kex
END
GO
|
