|
The function takes the private or public key handle, the filename or the key body and saves
the key content to a file. All keys are stored in PEM format. PEM is specified in IETF RFCs 1421-1424.
Those documents can be found at www.ietf.org
Private keys are always stored on disk encrypted with TripleDES algorithm. If you
save the private key you must specify also the password which should be more
than 4
chars. If the pswd_cache option is set to yes the password for
this source will be stored in the session.
Syntax
xp_rsa_save_key { key_src, filename [OUTPUT], [write_password]
[, src_password] }
Arguments
key_src
VARCHAR. The key which is to be saved. It can be private or public. It
can be a key handle, a file name or a key in string. If you want to specify the
file name, precede the file name with '<' char. For example, if key is
stored in the file c:\publickey.pem set this parameter to '<c:\publickey.pem'. If
your key source is a private key in a file or in a key body, you must also specify
src_password as 4th parameter. This parameter is not needed if key_src
is a key handle or a public key.
filename
VARCHAR. Name of file destination. If you specify this parameter with
OUTPUT the key body will be written to this variable, not to the file.
write_password
VARCHAR. A password which is used for saving the key. Do not provide passwords for the
public keys or certificates. If password is given the key is considered as private,
otherwise the function will try to save the key as a public key.
src_password
VARCHAR. This parameter is optional. It is used to read the
source of the private key if you specified the filename or the key body in key_src. Do not provide passwords for the
public keys, certificates or if you specified the key handle in key_src. If
a password is given key_src is considered as a private key,
otherwise the function will attempt to read key_src as a public key or
certificate. If the pswd_cache option is set to yes and the given
password is '?' XP_CRYPT will try to load the key with the password stored
in the session. See xp_crypt_set_option
for more information about pswd_cache option.
Permissions
Execute permissions for xp_rsa_save_key default to members of the db_owner
fixed database role in the master database, but can be granted to other
users.
Return Code Values
0 - success, or Error code
if failed.
Examples
Generate couple of keys and save them in files.
-- Declare length enough for out test
-- Now, size of 10 varchars is enough for key with any length
declare @PrivateKey varchar (20)
declare @PublicKey varchar (20)
declare @CryptedText varchar (50)
declare @DecryptedText varchar (50)
declare @KeyBody varchar (8000)
declare @return_code int
-- Creates Private key of 256 bit length and with password "SecurePassword"
exec xp_rsa_generate_couple '256' , @PrivateKey output, @PublicKey output
-- Outputs private key just for you :)
select @PrivateKey
-- Then we save and load the same key ...
exec xp_rsa_save_key @PrivateKey , 'privkey.pem', 'SecurePassword'
-- Saves the content of the key (key body) to the variable and
selects it. You may want to save this body at the client side for future
usage.
exec @return_code = xp_rsa_save_key @PrivateKey , @KeyBody output, 'SecurePassword'
|
Changes the password of the private key from 'OldPassword' to 'NewPassword'
| exec @return_code = xp_rsa_save_key '<c:\privatekey.pem','c:\privatekey.pem','NewPassword','OldPassword' |
|
