Verify digital signatures with ORA

The ORA_RSA PL/SQL package offers additional methods for verifying RSA digital signatures.

In order to verify a digital signature as correct for given initial input data for which it was created, we need three things: the initial input data, the digital signature and the RSA public key corresponding to the RSA private key used for creating the digital signature.

Verify an RSA signature with public key loaded from file

In the sample PL/SQL code block below we are going to verify a previously created digital signature by loading the verification public key from a file located on the server file system.

For the sake of the example the input data for which the signature belongs, is a plain string. In a real world scenario probably it will be located in a database table along with the signature.

DECLARE
  public_key_file_handle  BFILE;
  public_key  BLOB;
 
  message VARCHAR(500);
  signature raw(32000);
  signature_check_result PLS_INTEGER;
BEGIN
    -- FBI_Agents.Fingerprint is of type VARCHAR2(500)
    SELECT Fingerprint INTO message FROM FBI_Agents WHERE Agent_Id = '007';  
	SELECT FingerprintSignature INTO signature FROM FBI_Agents WHERE Agent_Id = '007';  
 
    -- initialize the public key BLOB storage
    DBMS_LOB.createtemporary(public_key, TRUE);
 
    -- load a key from the flesystem
    -- the direcory name must be created upfront with CREATE DIRECTORY
    -- for example: CREATE DIRECTORY KEYS_DIR AS '/demo/schema/my_keys_folder';
    public_key_file_handle := BFILENAME('KEYS_DIR', 'didisoft_public.der'); -- Note: directory name must be Upper case 
 
    -- load the key into a BLOB
    DBMS_LOB.OPEN(public_key_file_handle, DBMS_LOB.LOB_READONLY);
    DBMS_LOB.LoadFromFile( DEST_LOB => public_key,
                         SRC_LOB  => public_key_file_handle,
                         AMOUNT   => DBMS_LOB.GETLENGTH(public_key_file_handle) );
    DBMS_LOB.CLOSE(public_key_file_handle);
 
    --
    -- RSA VERIFY
    --
    signature_check_result := ORA_RSA.VERIFY(message => UTL_I18N.STRING_TO_RAW(message, 'AL32UTF8'), 
                                             signature => signature, 
                                             public_key => DBMS_LOB.substr(public_key),
                                             hash => ORA_RSA.HASH_SHA1);
 
    IF signature_check_result = 1 THEN
       DBMS_OUTPUT.put_line('Signature verification passed.'); 
    ELSE
       DBMS_OUTPUT.put_line('Signature cannot be verified!'); 
    END IF;   
END;

Summary

This sample demonstrated how to verify an RSA digital signature in the Oracle ® PL/SQL programming language. You may also like to check how to create RSA digital signatures with PL/SQL and how to add an exception handling strategy for this code block.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Verify digital signatures with ORA_RSA

Verify an RSA signature with public key loaded from file

Contact Us

Announcements

Subscribe for Updates