RSA_PUBLIC
Examples
Tip
|
Run the example of the |
select rdb$set_context('USER_SESSION', 'public_key',
rsa_public(rdb$get_context('USER_SESSION', 'private_key'))) from rdb$database;
Functions for Sequences (Generators)
RSA_PUBLIC
Examples
Tip
|
Run the example of the |
select rdb$set_context('USER_SESSION', 'public_key',
rsa_public(rdb$get_context('USER_SESSION', 'private_key'))) from rdb$database;
RSA_SIGN_HASH()
PSS encodes a message hash and signs it with an RSA private key
VARBINARY
RSA_SIGN_HASH (message_digest KEY private_key [HASH <hash>] [SALT_LENGTH salt_length] [PKCS_1_5]) <hash> ::= MD5 | SHA1 | SHA256 | SHA512
Parameter | Description |
---|---|
message_digest |
Hash of message to sign.The hash algorithm used should match hash |
private_key |
RSA private key in PKCS#1 format |
hash |
Hash to generate PSS encoding;default is |
salt_length |
Length of the desired salt in bytes;default is 8;minimum 1, maximum 32.The recommended value is between 8 and 16. |
RSA_SIGN_HASH
performs PSS encoding of the message_digest to be signed, and signs using the RSA private key.
By default, OAEP padding is used.The PKCS_1_5
option will switch to the less secure PKCS 1.5 padding.
Warning
|
The |
Caution
|
This function expects the hash of a message (or message digest), not the actual message.The hash argument should specify the algorithm that was used to generate that hash. A function that accepts the actual message to hash might be introduced in a future version of Firebird. |
Probabilistic Signature Scheme (PSS) is a cryptographic signature scheme specifically developed to allow modern methods of security analysis to prove that its security directly relates to that of the RSA problem.There is no such proof for the traditional PKCS#1 v1.5 scheme.
RSA_SIGN_HASH
Examples
Tip
|
Run the example of the |
select rdb$set_context('USER_SESSION', 'msg',
rsa_sign_hash(crypt_hash('Test message' using sha256)
key rdb$get_context('USER_SESSION', 'private_key'))) from rdb$database;
RSA_VERIFY_HASH()
Verifies a message hash against a signature using an RSA public key
BOOLEAN
RSA_VERIFY_HASH (message_digest SIGNATURE signature KEY public_key [HASH <hash>] [SALT_LENGTH salt_length] [PKCS_1_5]) <hash> ::= MD5 | SHA1 | SHA256 | SHA512
Parameter | Description |
---|---|
message_digest |
Hash of message to verify.The hash algorithm used should match hash |
signature |
Expected signature of input generated by |
public_key |
RSA public key in PKCS#1 format matching the private key used to sign |
hash |
Hash to use for the message digest;default is |
salt_length |
Length of the salt in bytes;default is 8;minimum 1, maximum 32.Value must match the length used in |
RSA_VERIFY_HASH
performs PSS encoding of the message_digest to be verified, and verifies the digital signature using the provided RSA public key.
By default, OAEP padding is used.The PKCS_1_5
option will switch to the less secure PKCS 1.5 padding.
Warning
|
The |
Caution
|
This function expects the hash of a message (or message digest), not the actual message.The hash argument should specify the algorithm that was used to generate that hash. A function that accepts the actual message to hash might be introduced in a future version of Firebird. |