On 5/10/21 2:02 PM, Mark Rotteveel wrote:
The example for RSA_SIGN in the release notes is:
```
select rdb$set_context('USER_SESSION', 'msg',
rsa_sign(crypt_hash('Test message' using sha256)
key rdb$get_context('USER_SESSION', 'private_key'))) from
rdb$database;
```
The use of `crypt_hash('Test message' using sha256)` as the input
doesn't make sense to me, as generating a message digest is - AFAIU -
done as part of signing itself, so now it's essentially double hashing
the message.
Wouldn't the following make more sense?
```
select rdb$set_context('USER_SESSION', 'msg',
rsa_sign('Test message'
key rdb$get_context('USER_SESSION', 'private_key'))) from
rdb$database;
```
That may work only for very short (like in a sample) 'Test message'- for
real-size messages hash is used for signing. rsa_sign just would not
work with too long argument.
Also take into an account - different people need different hashs here.
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel