FirebirdSQL logo
 Procedural SQL (PSQL) StatementsAggregate Functions 

RSA_SIGN_HASH Examples

Tip

Run the example of the RSA_PRIVATE function first.

 
select rdb$set_context('USER_SESSION', 'msg',
  rsa_sign_hash(crypt_hash('Test message' using sha256)
    key rdb$get_context('USER_SESSION', 'private_key'))) from rdb$database;
See also

[fblangref50-scalarfuncs-rsaverifyhash], [fblangref50-scalarfuncs-rsaprivate], [fblangref50-scalarfuncs-crypthash]

RSA_VERIFY_HASH()

Verifies a message hash against a signature using an RSA public key

Result type

BOOLEAN

Syntax
RSA_VERIFY_HASH (message_digest
  SIGNATURE signature KEY public_key
  [HASH <hash>] [SALT_LENGTH salt_length]
  [PKCS_1_5])

<hash> ::= MD5 | SHA1 | SHA256 | SHA512
Table 1. RSA_VERIFY Function Parameters
Parameter Description

message_digest

Hash of message to verify.The hash algorithm used should match hash

signature

Expected signature of input generated by RSA_SIGN_HASH

public_key

RSA public key in PKCS#1 format matching the private key used to sign

hash

Hash to use for the message digest;default is SHA256.This should be the same hash as used to generate message_digest, and as used in RSA_SIGN_HASH

salt_length

Length of the salt in bytes;default is 8;minimum 1, maximum 32.Value must match the length used in RSA_SIGN_HASH.

RSA_VERIFY_HASH performs PSS encoding of the message_digest to be verified, and verifies the digital signature using the provided RSA public key.

By default, OAEP padding is used.The PKCS_1_5 option will switch to the less secure PKCS 1.5 padding.

Warning

The PKCS_1_5 option is only for backward compatibility with systems applying PKCS 1.5 padding.For security reasons, it should not be used in new projects.
Caution

This function expects the hash of a message (or message digest), not the actual message.The hash argument should specify the algorithm that was used to generate that hash.

A function that accepts the actual message to hash might be introduced in a future version of Firebird.