Sample code for 30+ languages & platforms
SQL Server

SSH HSM Public Key Authentication

See more uncategorized Examples

Demonstrates how to authenticate with an SSH server using public key authentication using an HSM (USB token or smartcard).

Chilkat SQL Server Downloads

SQL Server
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    DECLARE @success int
    SELECT @success = 0

    -- This example assumes the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    -- Note: Chilkat's PKCS11 implementation runs on Windows, Linux, MacOs, and other supported operating systems.

    DECLARE @pkcs11 int
    EXEC @hr = sp_OACreate 'Chilkat.Pkcs11', @pkcs11 OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    -- This would be a path to a .dylib on MacOS, or a path to a .so shared lib on Linux.
    EXEC sp_OASetProperty @pkcs11, 'SharedLibPath', 'C:/Program Files (x86)/Gemalto/IDGo 800 PKCS#11/IDPrimePKCS1164.dll'
    DECLARE @pin nvarchar(4000)
    SELECT @pin = '0000'
    DECLARE @userType int
    SELECT @userType = 1

    -- Establish a PKCS11 logged-on session using the driver (.so, .dylib, or .dll) as specified in the SharedLibPath above.
    EXEC sp_OAMethod @pkcs11, 'QuickSession', @success OUT, @userType, @pin
    IF @success = 0
      BEGIN
        EXEC sp_OAGetProperty @pkcs11, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @pkcs11
        RETURN
      END

    -- Set PKCS11 attributes to find our desired private key object.
    DECLARE @json int
    EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @json OUT

    EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'class', 'private_key'
    EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'label', 'MySshKey'

    -- Get the PKCS11 handle to the private key located on the HSM.
    DECLARE @priv_handle int
    EXEC sp_OAMethod @pkcs11, 'FindObject', @priv_handle OUT, @json

    -- Get the PKCS11 handle to the corresponding public key located on the HSM.
    EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'class', 'public_key'

    DECLARE @pub_handle int
    EXEC sp_OAMethod @pkcs11, 'FindObject', @pub_handle OUT, @json

    DECLARE @key int
    EXEC @hr = sp_OACreate 'Chilkat.SshKey', @key OUT

    -- The key type can be "rsa" or "ec"
    DECLARE @keyType nvarchar(4000)
    SELECT @keyType = 'rsa'
    EXEC sp_OAMethod @key, 'UsePkcs11', @success OUT, @pkcs11, @priv_handle, @pub_handle, @keyType
    IF @success = 0
      BEGIN
        EXEC sp_OAGetProperty @key, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @pkcs11
        EXEC @hr = sp_OADestroy @json
        EXEC @hr = sp_OADestroy @key
        RETURN
      END

    DECLARE @ssh int
    EXEC @hr = sp_OACreate 'Chilkat.Ssh', @ssh OUT

    EXEC sp_OAMethod @ssh, 'Connect', @success OUT, 'example.com', 22
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @ssh, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @pkcs11
        EXEC @hr = sp_OADestroy @json
        EXEC @hr = sp_OADestroy @key
        EXEC @hr = sp_OADestroy @ssh
        RETURN
      END

    -- Authenticate with the SSH server using the login and
    -- HSM private key.  (The corresponding public key should've 
    -- been installed on the SSH server beforehand.)
    EXEC sp_OAMethod @ssh, 'AuthenticatePk', @success OUT, 'myLogin', @key
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @ssh, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @pkcs11
        EXEC @hr = sp_OADestroy @json
        EXEC @hr = sp_OADestroy @key
        EXEC @hr = sp_OADestroy @ssh
        RETURN
      END


    PRINT 'Public-Key Authentication Successful!'

    EXEC @hr = sp_OADestroy @pkcs11
    EXEC @hr = sp_OADestroy @json
    EXEC @hr = sp_OADestroy @key
    EXEC @hr = sp_OADestroy @ssh


END
GO