DSA Signature Create and Verify

Shows how to create a DSA (DSS) signature for the contents of a file. The first step is to create an SHA-1 hash of the file contents. The hash is signed using the Digital Signature Algorithm and the signature bytes are retrieved as a hex-encoded string.

The 2nd part of the example loads the signature and verifies it against the hash.

Download Chilkat DSA ActiveX

Download Chilkat Crypt ActiveX

CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    DECLARE @sTmp0 nvarchar(4000)

    DECLARE @success int

    --  Use Chilkat Crypt to hash the contents of a file.
    DECLARE @crypt int
    EXEC @hr = sp_OACreate 'Chilkat.Crypt2', @crypt OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    EXEC sp_OAMethod @crypt, 'UnlockComponent', @success OUT, 'Anything for 30-day trial.'
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @crypt, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        RETURN
      END

    EXEC sp_OASetProperty @crypt, 'EncodingMode', 'hex'
    EXEC sp_OASetProperty @crypt, 'HashAlgorithm', 'sha-1'

    DECLARE @hashStr nvarchar(4000)

    --  Return the SHA-1 hash of a file.  The file may be any size.
    --  The Chilkat Crypt component will stream the file when
    --  computing the hash, keeping the memory usage constant
    --  and reasonable.
    --  The 20-byte SHA-1 hash is returned as a hex-encoded string.
    EXEC sp_OAMethod @crypt, 'HashFileENC', @hashStr OUT, 'hamlet.xml'

    DECLARE @dsa int
    EXEC @hr = sp_OACreate 'Chilkat.Dsa', @dsa OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    --  The Chilkat Crypt and Chilkat DSA components are separate
    --  products.  To license both, it's least expensive to purchase
    --  the "Chilkat Bundle" which provides licenses to all the
    --  Chilkat components.
    EXEC sp_OAMethod @dsa, 'UnlockComponent', @success OUT, 'Anything for 30-day trial'
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @dsa, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        RETURN
      END

    --  Load a DSA private key from a PEM file.  Chilkat DSA
    --  provides the ability to load and save DSA public and private
    --  keys from encrypted or non-encrypted PEM or DER.
    --  The LoadText method is for convenience only.  You may
    --  use any means to load the contents of a PEM file into
    --  a string.
    DECLARE @pemPrivateKey nvarchar(4000)

    EXEC sp_OAMethod @dsa, 'LoadText', @pemPrivateKey OUT, 'dsa_priv.pem'
    EXEC sp_OAMethod @dsa, 'FromPem', @success OUT, @pemPrivateKey
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @dsa, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        RETURN
      END

    --  You may optionally verify the key to ensure that it is a valid
    --  DSA key.
    EXEC sp_OAMethod @dsa, 'VerifyKey', @success OUT
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @dsa, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        RETURN
      END

    --  Load the hash to be signed into the DSA object:
    EXEC sp_OAMethod @dsa, 'SetEncodedHash', @success OUT, 'hex', @hashStr
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @dsa, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        RETURN
      END

    --  Now that the DSA object contains both the private key and hash,
    --  it is ready to create the signature:
    EXEC sp_OAMethod @dsa, 'SignHash', @success OUT
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @dsa, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        RETURN
      END

    --  If SignHash is successful, the DSA object contains the
    --  signature.  It may be accessed as a hex or base64 encoded
    --  string.  (It is also possible to access directly in byte array form via
    --  the "Signature" property.)
    DECLARE @hexSig nvarchar(4000)

    EXEC sp_OAMethod @dsa, 'GetEncodedSignature', @hexSig OUT, 'hex'

    PRINT 'Signature:'

    PRINT @hexSig

    --  -----------------------------------------------------------
    --  Step 2: Verify the DSA Signature
    --  -----------------------------------------------------------

    DECLARE @dsa2 int
    EXEC @hr = sp_OACreate 'Chilkat.Dsa', @dsa2 OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    --  Load the DSA public key to be used for verification:
    DECLARE @pemPublicKey nvarchar(4000)

    EXEC sp_OAMethod @dsa2, 'LoadText', @pemPublicKey OUT, 'dsa_pub.pem'
    EXEC sp_OAMethod @dsa2, 'FromPublicPem', @success OUT, @pemPublicKey
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @dsa2, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        RETURN
      END

    --  Load the hash to be verified against the signature.
    EXEC sp_OAMethod @dsa2, 'SetEncodedHash', @success OUT, 'hex', @hashStr
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @dsa2, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        RETURN
      END

    --  Load the signature:
    EXEC sp_OAMethod @dsa2, 'SetEncodedSignature', @success OUT, 'hex', @hexSig
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @dsa2, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        RETURN
      END

    --  Verify:
    EXEC sp_OAMethod @dsa2, 'Verify', @success OUT
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @dsa2, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
      END
    ELSE
      BEGIN

        PRINT 'DSA Signature Verified!'
      END


END
GO