FirebirdSQL logo

RSA_ENCRYPT()

Pads data using OAEP or PKCS 1.5 and then encrypts it with an RSA public key

Result type

VARBINARY

Syntax
RSA_ENCRYPT (input KEY public_key
  [LPARAM tag_string] [HASH <hash>] [PKCS_1_5])

<hash> ::= MD5 | SHA1 | SHA256 | SHA512
Table 1. RSA_ENCRYPT Function Parameters
Parameter Description

input

Input data to encrypt

public_key

Public key to apply, PKCS#1 format

tag_string

An additional system-specific tag to identify which system encrypted the message;default is NULL.

hash

The hash used for OAEP padding;default is SHA256.

RSA_ENCRYPT pads input using the OAEP or PKCS 1.5 padding scheme and then encrypts it using the specified RSA public key.This function is normally used to encrypt short symmetric keys which are then used in block ciphers to encrypt a message.

By default, OAEP padding is used.The PKCS_1_5 option will switch to the less secure PKCS 1.5 padding.

Warning

The PKCS_1_5 option is only for backward compatibility with systems applying PKCS 1.5 padding.For security reasons, it should not be used in new projects.

RSA_ENCRYPT Examples

Tip

Run the examples of the RSA_PRIVATE and RSA_PUBLIC functions first.

select rdb$set_context('USER_SESSION', 'msg', rsa_encrypt('Some message'
  key rdb$get_context('USER_SESSION', 'public_key'))) from rdb$database;

RSA_PRIVATE()

Generates an RSA private key

Result type

VARBINARY

Syntax
RSA_PRIVATE (key_length)
Table 1. RSA_PRIVATE Function Parameters
Parameter Description

key_length

Key length in bytes;minimum 4, maximum 1024.A size of 256 bytes (2048 bits) or larger is recommended.

RSA_PRIVATE generates an RSA private key of the specified length (in bytes) in PKCS#1 format.

Note

The larger the length specified, the longer it takes for the function to generate a private key.

RSA_PRIVATE Examples

select rdb$set_context('USER_SESSION', 'private_key', rsa_private(256))
  from rdb$database;
Warning

Putting private keys in the context variables is not secure;we’re doing it here for demonstration purposes.SYSDBA and users with the role RDB$ADMIN or the system privilege MONITOR_ANY_ATTACHMENT can see all context variables from all attachments.