SQL Server
SQL Server
Yubikey RSA Encrypt/Decrypt
See more RSA Examples
Demonstrates how to do RSA decryption using a private key stored on a Yubikey (or other USB token or smartcard).Note: RSA encryption uses the public key, which is freely exportable and does not need to occur on the token/smartcard.
Chilkat SQL Server Downloads
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
DECLARE @hr int
-- Important: Do not use nvarchar(max). See the warning about using nvarchar(max).
DECLARE @sTmp0 nvarchar(4000)
DECLARE @success int
SELECT @success = 0
-- This example assumes you have a certificate with private key on the Yubikey token.
-- When doing simple RSA encryption/decryption, we don't actually need the certificate,
-- but we'll be using the private key associated with the certificate.
--
-- The sensitive/secret material that needs to be kept private is the private key.
-- The certificate itself and the public key can be freely shared.
--
-- We're going to encrypt and decrypt 32-bytes of data.
DECLARE @bd int
EXEC @hr = sp_OACreate 'Chilkat.BinData', @bd OUT
IF @hr <> 0
BEGIN
PRINT 'Failed to create ActiveX component'
RETURN
END
EXEC sp_OAMethod @bd, 'AppendEncoded', @success OUT, '000102030405060708090A0B0C0D0E0F', 'hex'
EXEC sp_OAMethod @bd, 'AppendEncoded', @success OUT, '000102030405060708090A0B0C0D0E0F', 'hex'
-- Let's get the desired cert.
-- For this example, a self-signed certificate with a 2048-bit RSA key was generated in slot 9A.
DECLARE @cert int
EXEC @hr = sp_OACreate 'Chilkat.Cert', @cert OUT
-- Force Chilkat to use PKCS11 over ScMinidriver (if on Windows) and Apple Keychain (if on MacOS)
EXEC sp_OASetProperty @cert, 'UncommonOptions', 'NoScMinidriver,NoAppleKeychain'
EXEC sp_OASetProperty @cert, 'SmartCardPin', '123456'
EXEC sp_OAMethod @cert, 'LoadFromSmartcard', @success OUT, 'cn=chilkat_test_2048'
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @bd
EXEC @hr = sp_OADestroy @cert
RETURN
END
-- RSA encrypt using the public key.
DECLARE @rsa int
EXEC @hr = sp_OACreate 'Chilkat.Rsa', @rsa OUT
-- Provide the RSA object with the certificate on the Yubkey.
EXEC sp_OAMethod @rsa, 'SetX509Cert', @success OUT, @cert, 1
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @rsa, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @bd
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @rsa
RETURN
END
-- RSA encrypt using the public key.
DECLARE @usePrivateKey int
SELECT @usePrivateKey = 0
EXEC sp_OAMethod @rsa, 'EncryptBd', @success OUT, @bd, @usePrivateKey
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @rsa, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @bd
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @rsa
RETURN
END
PRINT 'RSA Encrypted Output in Hex:'
EXEC sp_OAMethod @bd, 'GetEncoded', @sTmp0 OUT, 'hex'
PRINT @sTmp0
-- Now let's decrypt, using the private key on the Yubikey.
SELECT @usePrivateKey = 1
EXEC sp_OAMethod @rsa, 'DecryptBd', @success OUT, @bd, @usePrivateKey
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @rsa, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @bd
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @rsa
RETURN
END
PRINT 'RSA Decrypted Output in Hex:'
EXEC sp_OAMethod @bd, 'GetEncoded', @sTmp0 OUT, 'hex'
PRINT @sTmp0
EXEC @hr = sp_OADestroy @bd
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @rsa
END
GO