SQL Server
SQL Server
SSH HSM Public Key Authentication
See more uncategorized Examples
Demonstrates how to authenticate with an SSH server using public key authentication using an HSM (USB token or smartcard).Chilkat SQL Server Downloads
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
DECLARE @hr int
-- Important: Do not use nvarchar(max). See the warning about using nvarchar(max).
DECLARE @sTmp0 nvarchar(4000)
DECLARE @success int
SELECT @success = 0
-- This example assumes the Chilkat API to have been previously unlocked.
-- See Global Unlock Sample for sample code.
-- Note: Chilkat's PKCS11 implementation runs on Windows, Linux, MacOs, and other supported operating systems.
DECLARE @pkcs11 int
EXEC @hr = sp_OACreate 'Chilkat.Pkcs11', @pkcs11 OUT
IF @hr <> 0
BEGIN
PRINT 'Failed to create ActiveX component'
RETURN
END
-- This would be a path to a .dylib on MacOS, or a path to a .so shared lib on Linux.
EXEC sp_OASetProperty @pkcs11, 'SharedLibPath', 'C:/Program Files (x86)/Gemalto/IDGo 800 PKCS#11/IDPrimePKCS1164.dll'
DECLARE @pin nvarchar(4000)
SELECT @pin = '0000'
DECLARE @userType int
SELECT @userType = 1
-- Establish a PKCS11 logged-on session using the driver (.so, .dylib, or .dll) as specified in the SharedLibPath above.
EXEC sp_OAMethod @pkcs11, 'QuickSession', @success OUT, @userType, @pin
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @pkcs11, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @pkcs11
RETURN
END
-- Set PKCS11 attributes to find our desired private key object.
DECLARE @json int
EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @json OUT
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'class', 'private_key'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'label', 'MySshKey'
-- Get the PKCS11 handle to the private key located on the HSM.
DECLARE @priv_handle int
EXEC sp_OAMethod @pkcs11, 'FindObject', @priv_handle OUT, @json
-- Get the PKCS11 handle to the corresponding public key located on the HSM.
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'class', 'public_key'
DECLARE @pub_handle int
EXEC sp_OAMethod @pkcs11, 'FindObject', @pub_handle OUT, @json
DECLARE @key int
EXEC @hr = sp_OACreate 'Chilkat.SshKey', @key OUT
-- The key type can be "rsa" or "ec"
DECLARE @keyType nvarchar(4000)
SELECT @keyType = 'rsa'
EXEC sp_OAMethod @key, 'UsePkcs11', @success OUT, @pkcs11, @priv_handle, @pub_handle, @keyType
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @key, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @pkcs11
EXEC @hr = sp_OADestroy @json
EXEC @hr = sp_OADestroy @key
RETURN
END
DECLARE @ssh int
EXEC @hr = sp_OACreate 'Chilkat.Ssh', @ssh OUT
EXEC sp_OAMethod @ssh, 'Connect', @success OUT, 'example.com', 22
IF @success <> 1
BEGIN
EXEC sp_OAGetProperty @ssh, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @pkcs11
EXEC @hr = sp_OADestroy @json
EXEC @hr = sp_OADestroy @key
EXEC @hr = sp_OADestroy @ssh
RETURN
END
-- Authenticate with the SSH server using the login and
-- HSM private key. (The corresponding public key should've
-- been installed on the SSH server beforehand.)
EXEC sp_OAMethod @ssh, 'AuthenticatePk', @success OUT, 'myLogin', @key
IF @success <> 1
BEGIN
EXEC sp_OAGetProperty @ssh, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @pkcs11
EXEC @hr = sp_OADestroy @json
EXEC @hr = sp_OADestroy @key
EXEC @hr = sp_OADestroy @ssh
RETURN
END
PRINT 'Public-Key Authentication Successful!'
EXEC @hr = sp_OADestroy @pkcs11
EXEC @hr = sp_OADestroy @json
EXEC @hr = sp_OADestroy @key
EXEC @hr = sp_OADestroy @ssh
END
GO