CMS signature verification with PL/SQL

CMS (Cryptography message syntax) digital signatures usually contain the X.509 certificate of the signer embedded inside them. In that case, we can verify the validity of the signature with only the signature itself.

Verifying CMS signature located in a CLOB field

The example code below illustrates how to verify the validity of a CMS signature with PL/SQL

DECLARE
  message CLOB;
  signature CLOB;
  signature_check_result PLS_INTEGER;
BEGIN
    signature := ... -- load the signature
 
    signature_check_result := ORA_RSA.CMS_VERIFY_CLOB(message => signature);
 
    IF signature_check_result = 1 THEN
       DBMS_OUTPUT.put_line('Signature verification passed.'); 
    ELSE
       DBMS_OUTPUT.put_line('Signature verification failed!'); 
    END IF;   
END;