FirebirdSQL logo

RSA_VERIFY_HASH()

Verifies a message hash against a signature using an RSA public key

Result type

BOOLEAN

Syntax
RSA_VERIFY_HASH (message_digest
  SIGNATURE signature KEY public_key
  [HASH <hash>] [SALT_LENGTH salt_length]
  [PKCS_1_5])

<hash> ::= MD5 | SHA1 | SHA256 | SHA512
Table 1. RSA_VERIFY Function Parameters
Parameter Description

message_digest

Hash of message to verify.The hash algorithm used should match hash

signature

Expected signature of input generated by RSA_SIGN_HASH

public_key

RSA public key in PKCS#1 format matching the private key used to sign

hash

Hash to use for the message digest;default is SHA256.This should be the same hash as used to generate message_digest, and as used in RSA_SIGN_HASH

salt_length

Length of the salt in bytes;default is 8;minimum 1, maximum 32.Value must match the length used in RSA_SIGN_HASH.

RSA_VERIFY_HASH performs PSS encoding of the message_digest to be verified, and verifies the digital signature using the provided RSA public key.

By default, OAEP padding is used.The PKCS_1_5 option will switch to the less secure PKCS 1.5 padding.

Warning

The PKCS_1_5 option is only for backward compatibility with systems applying PKCS 1.5 padding.For security reasons, it should not be used in new projects.

Caution

This function expects the hash of a message (or message digest), not the actual message.The hash argument should specify the algorithm that was used to generate that hash.

A function that accepts the actual message to hash might be introduced in a future version of Firebird.

RSA_VERIFY_HASH Examples

Tip

Run the examples of the RSA_PRIVATE, RSA_PUBLIC and RSA_SIGN_HASH functions first.

select rsa_verify_hash(
  crypt_hash('Test message' using sha256)
  signature rdb$get_context('USER_SESSION', 'msg')
  key rdb$get_context('USER_SESSION', 'public_key'))
from rdb$database

Other Functions

Functions that don’t fit in any other category.

MAKE_DBKEY()

Creates a DBKEY value

Result type

BINARY(8)

Syntax
MAKE_DBKEY (relation, recnum [, dpnum [, ppnum]])
Table 1. RDB$GET_TRANSACTION_CN Function Parameters
Parameter Description

relation

Relation name or relation id

recnum

Record number.Either absolute (if dpnum and ppnum are absent), or relative (if dpnum present)

dpnum

Data page number.Either absolute (if ppnum is absent) or relative (if ppnum present)

ppnum

Pointer page number.

MAKE_DBKEY creates a DBKEY value using a relation name or ID, record number, and (optionally) logical numbers of data page and pointer page.

Note
  1. If relation is a string expression or literal, then it is treated as a relation name, and the engine searches for the corresponding relation ID.The search is case-sensitive.In the case of string literal, relation ID is evaluated at query preparation time.In the case of expression, relation ID is evaluated at execution time.If the relation cannot be found, then error isc_relnotdef is raised.

  2. If relation is a numeric expression or literal, then it is treated as a relation ID and used “as is”, without verification against existing relations.If the argument value is negative or greater than the maximum allowed relation ID (65535 currently), then NULL is returned.

  3. Argument recnum represents an absolute record number in the relation (if the next arguments dpnum and ppnum are missing), or a record number relative to the first record, specified by the next arguments.

  4. Argument dpnum is a logical number of data page in the relation (if the next argument ppnum is missing), or number of data pages relative to the first data page addressed by the given ppnum.

  5. Argument ppnum is a logical number of pointer page in the relation.

  6. All numbers are zero-based.Maximum allowed value for dpnum and ppnum is 232 (4294967296).If dpnum is specified, then recnum can be negative.If dpnum is missing and recnum is negative, then NULL is returned.If ppnum is specified, then dpnum can be negative.If ppnum is missing and dpnum is negative, then NULL is returned.

  7. If any of specified arguments is NULL, the result is also NULL.

  8. Argument relation is described as INTEGER during query preparation, but it can be overridden by a client application as VARCHAR or CHAR.Arguments recnum, dpnum and ppnum are described as BIGINT.