|
The function takes a private or public key handle, a filename or key body and saves
the content of the
key to file. All keys are stored in PEM format. PEM is specified in IETF RFCs 1421-1424.
These documents can be found at www.ietf.org
Private keys are always stored on disk encrypted with TripleDES algorithm. If you
save the private key, you must specify also the password which is more than 4
chars. If the pswd_cache option is set to yes the password for
this source will be stored in the session.
Syntax
xp_dsa_save_key { key_src, filename [OUTPUT], [write_password]
[, src_password] }
Arguments
key_src
VARCHAR. The key which is to be saved. It can be private or public. It
can be a key handle, a file name or a key in a string. If you want to specify the
file name, precede the file name with '<' char. For example if the key is
stored in the file c:\publickey.pem set this parameter to '<c:\publickey.pem'. If
your key source is a private key in the file or in the key body you must also specify
src_password as 4th parameter. This src_password is not needed if key_src
is a key handle or a public key file.
filename
VARCHAR. Name of file destination. If you specify this parameter with OUTPUT, the
key body will be written to this variable, not to the file.
write_password
VARCHAR. A password for saving the key. Do not provide passwords for the
public keys or certificates. If password is given the key is considered as private,
otherwise the function will try to attempt to save your key as a public key.
src_password
VARCHAR. This parameter is optional. It is used to read the
source of the private key if you specified the filename or the key body instead of
the handle. Do not provide passwords for the
public keys, certificates or for the handle in key_src. If a password is given,
key_src is considered as a private key,
otherwise the function will try to attempt to read key_src as a public key or
certificate. If the pswd_cache option is set to yes and the given
password is '?' XP_CRYPT will try to load the key with a password stored
in the session. See xp_crypt_set_option
for more information about pswd_cache option.
Permissions
Execute permissions for xp_dsa_save_key default to members of the db_owner
fixed database role in the master database, but can be granted to other
users.
Return Code Values
0 - success, or Error code
if failed.
Examples
Generates a couple of keys and saves them in files.
-- Declare length enough for out test
-- Now, size of 10 varchars is enough for key with any length
declare @PrivateKey varchar (10)
declare @PublicKey varchar (10)
declare @CryptedText varchar (50)
declare @DecryptedText varchar (50)
declare @KeyBody varchar (8000)
declare @return_code int
-- Creates Private key of 256 bit length and with password "SecurePassword"
exec xp_dsa_generate_couple '256' , @PrivateKey output, @PublicKey output
-- Outputs private key just for you :)
select @PrivateKey
-- Then we save and load the same key ...
exec xp_dsa_save_key @PrivateKey , 'privkey.pem', 'SecurePassword'
-- Saves the content of the key (key body) to the variable and
select it. You may want to save this body at the client side for future
usage.
exec @return_code = xp_dsa_save_key @PrivateKey , @KeyBody output, 'SecurePassword'
|
Changes the password of the private key from 'OldPassword' to 'NewPassword'
| exec @return_code = xp_dsa_save_key '<c:\privatekey.pem','c:\privatekey.pem','NewPassword','OldPassword' |
|
