The ORA_RSA package creates RSA digital signatures as well.
In order to create a signature for a data field we need an RSA private key (of course if the key is located in a password protected .pfx/.p12 (PKCS12) file, we will need also the private key password).
The package supports the following Hash functions:
ORA_RSA.HASH_SHA1 for SHA1withRSA
ORA_RSA.HASH_SHA224 for SHA224withRSA
ORA_RSA.HASH_SHA256 for SHA256withRSA
ORA_RSA.HASH_SHA384 for SHA384withRSA
ORA_RSA.HASH_SHA512 for SHA512withRSA
specified as the last parameter of the ORA_RSA.SIGN method.
There are no input data length restrictions for creating RSA digital signatures in contrast to the core RSA encryption.
Table of examples
1. Create RSA digital signature with private key loaded from file
2. Create RSA digital signature with inline private key
1. Create RSA digital signature with private key loaded from file
This sample shows how to create an RSA digital signature. The signature is returned as a RAW data field.
Please note that the example code below doesn’t provide a private key parameter as the key is in a non-password protected format. For keys protected with a password an overloaded version of the ORA_RSA.SIGN method is available with a third parameter for the private key password.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | DECLARE private_key_file_handle BFILE; private_key BLOB; message VARCHAR(500); signature raw(32000); BEGIN -- load a private key from the filesystem -- the direcory name must be created upfront with CREATE DIRECTORY -- for example: CREATE DIRECTORY KEYS_DIR AS '/demo/schema/my_keys_folder'; private_key_file_handle := BFILENAME('KEYS_DIR', 'didisoft_private_no.der'); -- Note: directory name must be Upper case -- initialize the private key BLOB storage DBMS_LOB.createtemporary(private_key, TRUE); -- load the private key into a BLOB DBMS_LOB.OPEN(private_key_file_handle, DBMS_LOB.LOB_READONLY); DBMS_LOB.LoadFromFile( DEST_LOB => private_key, SRC_LOB => private_key_file_handle, AMOUNT => DBMS_LOB.GETLENGTH(private_key_file_handle) ); DBMS_LOB.CLOSE(private_key_file_handle); message := 'Hello World'; -- -- RSA SIGN -- signature := ORA_RSA.SIGN(message => UTL_I18N.STRING_TO_RAW(message, 'AL32UTF8'), private_key => DBMS_LOB.substr(private_key), private_key_password => '', hash => ORA_RSA.HASH_SHA256); END; |
2. Create RSA digital signature with an inline private key
In this example, the private key is hardcoded inside the PL/SQL code in PEM (text-based) format. Of course code block can easily be modified to load the key data from a database table:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 | DECLARE private_key CLOB := '-----BEGIN PRIVATE KEY----- MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMJOVHMWQpGWTiR7 F5z3WQIIvJYUDubZAPUxzj2NgriomhnowjgiK40Q2UPNxgBq3wlMhMpAp01+Or6R 2mkOctOZ55Qjgm2VzTovW4MuOLWGB43fXm3qDe05/SIdV3K3h2KVwcNqecJTR25T RNeGHo4r8cce3BnuVzEKjk2DNQOXAgMBAAECgYEAuqIMQaL+++IYWrgU/UMkLmz/ 31OS4K9NWTamt77F8eKYagyFCO/hTxUA6zyqU9pTMxZZcf9Z83gsqsFjvYcQSHy6 mRXFuORzh0r/wXKJtyFF0B26KC7WipqtPAuzn7SNGNeMh8g3H1qH8neEjir15Uai 6lR/sDIOZlO9sUJoZBECQQDkLXnXl/YXGoQDdupUQMzrF+ZK/od2U9YjdSOi+k/j x23usurtzRhYGW/73vJd9Sw6Qc6ijPr+ItSpnl+qaxzvAkEA2f+OVzn1HwmYbc2a Booo32aT96TJrwN8V4gC7m5hseHoXDDoXmwLZwNm7+w0vu3lk1p9tSqs8oc/nR0E fHhT2QJAOQslasCSxTPbzQHtkyKgGCXhbN40/1/2KOcgAZ6SWl+BHCuej9S2QVAa rt0Num+Qnv/UqM6V8PLEN6NgRzqAAQJBALeQYrp+WjKNcOYc97LECdC73qLsBswx QjWumNFO70LLOE7Q/AnuLtfKXJZwrqWLSwJ+c1XnHoSGcIGK2qk45VkCQA6b1qCv jGFksgcQ8vff5lwOWfJ2ZxA8Zpgeq5w7EaDTWS/WhtVUYg3bBsadgXb3LxpZScxq U4Ad7pAZrI6H6Tc= -----END PRIVATE KEY-----'; message VARCHAR(500); signature raw(32000); BEGIN message := 'Hello World'; -- -- RSA SIGN -- signature := ORA_RSA.SIGN(message => UTL_I18N.STRING_TO_RAW(message, 'AL32UTF8'), private_key => UTL_RAW.cast_to_raw(private_key), private_key_password => '', hash => ORA_RSA.HASH_SHA256); END; |
Summary
This tutorial chapter illustrated how to create RSA digital signatures using Oracle ® database PL/SQL.
You may also be interested in how to verify the created this way digital signatures and how to add exception handling to your code.