0 Replies Latest reply on Jul 13, 2018 5:07 AM by pmalera

    Why "dbms_crypto.mac" doesn't match "openssl" ?

    pmalera

      When I execute this PL/SQL code which is supposed to sign a message with "sh256" algorythm (Oracle 12.1) :

       

      DECLARE
        l_temp RAW(4000);
        c_msg CONSTANT CLOB := 'Here is a message to be signed';
        c_key CONSTANT CLOB := '-----BEGIN RSA PRIVATE KEY-----
      MIICXwIBAAKBgQDTQRqsiQBSWZ1w9aONc2NSZx6kv2vrM70g4aYImANVpsnOjxM6
      S/gdUXhXo92TyD/sD5AMZzgGyOaRkWc3cSnLRo02IcWvLL2B4zP1P7461TvfkM5p
      DjiVC8oGQ6x6izRlSQ2x+HAKHhzF7vri9WtK2aWmnnUTnbK2ZyFk4sDi0QIDAQAB
      AoGBAKqRb2sNdwAGsVNKUhLcrr4S2rAkiosujC8nYjqgGlkmwNyRsvGn8x4g8Ky6
      dyZiUhJUgncxRBBeV6QDJbajHR03NVhn1qWXCzkLIppKz0ta3nCclMohwA25n518
      s8X7jESLLcS/DZ3qz3ljRxwXs3iZVodDgMxaKD775cQR1NZRAkEA7EiO5XO/kr4j
      d3xKOPHukRmdKsZlMS2DUTwNnXpxA48T9b4TCn5/ht+Qs7YMtVt2dVHJTNq+UOmY
      mkhj1cffPQJBAOTh4PYMckkjEU/UEdEBxCAhfOErbiVNSyqZjEcTR3HB97IJWZkC
      98HKspV9R4qXr/y93ufL8TU2VRenOgO+CyUCQQCMIew9wQwZJ5M5RglvBG0MuTgx
      KkDRjcCX6RnaD8f+6FhaIkSAsM1JXEYhjxKybHAw3DSa1BCTRDcxKUWsgEGxAkEA
      tgVomWRmkwFfaCPYE2abKY5YON4IF4Qzreo04+VSIQbHzH+hEI2KqURg53+dIHvn
      ilEZbzACYHYYD9p+ybEePQJBAIivBKeEYeV+ZT5HtwbNv30n35H2WmluSzrEoM0W
      Dj0HTQoaKBcjFEEIgBUeHei2DKdo2L2Lamo9y4BqnSPodIc=
      -----END RSA PRIVATE KEY-----';
      BEGIN
        l_temp := dbms_crypto.mac(src => sys.utl_raw.cast_to_raw(c_msg),
                                  key => sys.utl_raw.cast_to_raw(c_key),
                                  typ => dbms_crypto.hmac_sh256);
        l_temp := utl_encode.base64_encode(l_temp);
        dbms_output.put_line(sys.utl_raw.cast_to_varchar2(l_temp));
      END;
      
      

       

      Result is : SjPV6jCQJg2RlvSOlAJQEP6YToahMja4RklVLDMmV4Q=

       

      But if I do the same operation with openssl:

      openssl.exe dgst -sha256 -sign PrivateKey.txt -out Record1.sha1 Record1.txt
      openssl.exe enc -base64 -in Record1.sha1 -out Record1.b64 -A
      

       

      Where "Record1.txt" contain same string as "c_msg" and "PrivateKey.txt" same as "c_key".

      I get (Record1.b64) : RJ0Z4HEmJSvrfDwxVjL2Nq+W6NDq2y/LGQi5ADImb5vlatEy8LSlubbiiW/ZuT2E3OTah7ZbP+nlgsQJiPXq/cixkATE7Z+sRbN+bhBG2vUSf37vI2G6nqKBI8L5OO755mjGnVGXtxIncF4LNm6o9PtT4zwmIGDvMRgXcoX7ZXg=

       

      Where is the mistake (in PL/SQL) ? How can I reach the result of "openssl" ?

      Thanks for your help.