FirebirdSQL logo

RSA_DECRYPT()

Decrypts data using an RSA private key and removes OAEP or PKCS 1.5 padding

Result type

VARBINARY

Syntax
RSA_DECRYPT (encrypted_input KEY private_key
  [LPARAM tag_string] [HASH <hash>] [PKCS_1_5])

<hash> ::= MD5 | SHA1 | SHA256 | SHA512
Table 1. RSA_DECRYPT Function Parameters
Parameter Description

encrypted_input

Input data to decrypt

private_key

Private key to apply, PKCS#1 format

tag_string

An additional system-specific tag to identify which system encrypted the message;default is NULL.If the tag does not match what was used during encryption, RSA_DECRYPT will not decrypt the data.

hash

The hash used for OAEP padding;default is SHA256.

RSA_DECRYPT decrypts encrypted_input using the RSA private key and then removes padding from the resulting data.

By default, OAEP padding is used.The PKCS_1_5 option will switch to the less secure PKCS 1.5 padding.

Warning

The PKCS_1_5 option is only for backward compatibility with systems applying PKCS 1.5 padding.For security reasons, it should not be used in new projects.

Note
  • This function returns VARBINARY.

  • When the encrypted data was text, it must be explicitly cast to a string type of appropriate character set.

RSA_DECRYPT Examples

Tip

Run the examples of the RSA_PRIVATE and RSA_PUBLIC, RSA_ENCRYPT functions first.

select cast(rsa_decrypt(rdb$get_context('USER_SESSION', 'msg')
  key rdb$get_context('USER_SESSION', 'private_key')) as varchar(128))
from rdb$database;

RSA_ENCRYPT()

Pads data using OAEP or PKCS 1.5 and then encrypts it with an RSA public key

Result type

VARBINARY

Syntax
RSA_ENCRYPT (input KEY public_key
  [LPARAM tag_string] [HASH <hash>] [PKCS_1_5])

<hash> ::= MD5 | SHA1 | SHA256 | SHA512
Table 1. RSA_ENCRYPT Function Parameters
Parameter Description

input

Input data to encrypt

public_key

Public key to apply, PKCS#1 format

tag_string

An additional system-specific tag to identify which system encrypted the message;default is NULL.

hash

The hash used for OAEP padding;default is SHA256.

RSA_ENCRYPT pads input using the OAEP or PKCS 1.5 padding scheme and then encrypts it using the specified RSA public key.This function is normally used to encrypt short symmetric keys which are then used in block ciphers to encrypt a message.

By default, OAEP padding is used.The PKCS_1_5 option will switch to the less secure PKCS 1.5 padding.

Warning

The PKCS_1_5 option is only for backward compatibility with systems applying PKCS 1.5 padding.For security reasons, it should not be used in new projects.

RSA_ENCRYPT Examples

Tip

Run the examples of the RSA_PRIVATE and RSA_PUBLIC functions first.

select rdb$set_context('USER_SESSION', 'msg', rsa_encrypt('Some message'
  key rdb$get_context('USER_SESSION', 'public_key'))) from rdb$database;