The example for RSA_SIGN in the release notes is:

```
select rdb$set_context('USER_SESSION', 'msg',
  rsa_sign(crypt_hash('Test message' using sha256)
    key rdb$get_context('USER_SESSION', 'private_key'))) from rdb$database;
```

The use of `crypt_hash('Test message' using sha256)` as the input doesn't make sense to me, as generating a message digest is - AFAIU - done as part of signing itself, so now it's essentially double hashing the message.

Wouldn't the following make more sense?

```
select rdb$set_context('USER_SESSION', 'msg',
  rsa_sign('Test message'
    key rdb$get_context('USER_SESSION', 'private_key'))) from rdb$database;
```

And similar for RSA_VERIFY.

Mark
--
Mark Rotteveel


Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Reply via email to