The DBMS_USER_CERTS package allows you add and delete certificates.

This chapter contains the following topics:


The DBMS_USER_CERTS package allows you add and delete certificates.

The DBMS_USER_CERTS package allows you to:
  • add certificates
  • delete certificates

One use case is to attach a digital signature to a row in a blockchain table and be able to verify the digital signature later. A certificate used to sign one or more rows in blockchain tables and which has since expired should remain in the database until all those rows have been deleted from the blockchain tables.

DBMS_USER_CERTS Security Model

The DBMS_USER_CERTS package is owned by SYS and is installed as part of database installation.

  • Both ADD_CERTIFICATE() and DROP_CERTIFICATE() sub-programs can be executed by any database user. The EXECUTE privilege on DBMS_USER_CERTS package is granted to PUBLIC role.
  • Using ADD_CERTIFICATE(), a database user can add multiple certificates, each one would be identified uniquely using a GUID.
  • Only SYSDBA or the user who owns the certificate, can drop it using DROP_CERTIFICATE().

Summary of DBMS_USER_CERTS Subprograms

The DBMS_USER_CERTS package uses ADD_CERTIFICATE, ADD_COPY, and DROP_CERTIFICATE subprograms to add, copy, and delete X.509 certificates which are used for signature verification for blockchain tables by the current user.

Table 202-1 DBMS_USER_CERTS Package Subprograms

Subprogram Description
ADD_CERTIFICATE Procedure Adds X.509 certificates which are used for signature verification of blockchain tables.
ADD_COPY Procedure Adds a certificate to the database and assign the certificate a specific global unique identifier (GUID).
DROP_CERTIFICATE Procedure Drops a certificate that is used for signature verification of blockchain tables.


This procedure can be used by the current user to add an X.509 certificate that is used for signature verification of blockchain tables.


   x509_cert                 IN  BLOB,
   cert_id                   OUT RAW);


Table 202-2 ADD_CERTIFICATE Procedure Parameters

Parameter Description


The X.509 certificate used for signature verification of blockchain tables.
cert_id The Global Unique Identifier (GUID) for the certificate.

ADD_COPY Procedure

This procedure enables you add a certificate to the database and assign the certificate a specific global unique identifier (GUID).

This procedure is used when a user needs to make a copy of the certificate that was previously created in one database and add the copy to another database while preserving its GUID. When recording blockchain table signatures in one database and verifying the signatures in another, the certificate GUID must be preserved. One scenario is when you use Oracle Data Pump to copy a blockchain table between databases. Another scenario is when you use Oracle GoldenGate to replicate rows in a blockchain table between databases.


   x509_cert IN   BLOB,  
   cert_id   IN   RAW,  
   username  IN   VARCHAR2 DEFAULT NULL);


Table 202-3 ADD_COPY Procedure Parameters

Parameter Description


The X.509 certificate used for signature verification of blockchain tables.
cert_id The Global Unique Identifier (GUID) for the certificate.
username The name of the user who will own the certificate. A NULL value defaults to the current user.

Usage Note

If username is not NULL, either username must refer to the current user, or the current user must be SYSDBA.


This procedure can be used by the current user to drop a certificate that is used for signature verification of blockchain tables.


   cert_id                    IN  RAW);


Table 202-4 DROP_CERTIFICATE Procedure Parameters

Parameter Description
cert_id The Global Unique Identifier (GUID) of the certificate.