Bouncy Castle Cryptography Library 1.85

org.bouncycastle.crypto.params
Class RSABlindSignatureParameters

java.lang.Object
  extended byorg.bouncycastle.crypto.params.RSABlindSignatureParameters

public final class RSABlindSignatureParameters
extends java.lang.Object

Variant parameters for the RSA Blind Signature Scheme with Appendix (RSABSSA) defined in RFC 9474. Each variant fixes a content digest, an EMSA-PSS salt length, and whether the message-preparation step is identity or randomised (32-byte prefix per RFC 9474 sec. 4.1). The four named variants from RFC 9474 sec. 5 are exposed as constants; SHA-384 with MGF1(SHA-384) is the only hash profile named by the RFC.

The randomised variants are RECOMMENDED by RFC 9474 sec. 5; the deterministic variants are useful for interop with callers that must derive the prepared message from alone.


Field Summary
static int RANDOMIZED_PREFIX_LEN
          Length in bytes of the random prefix prepended to by (RFC 9474 sec. 4.1).
static RSABlindSignatureParameters RSABSSA_SHA384_PSS_DETERMINISTIC
          RSABSSA-SHA384-PSS-Deterministic — SHA-384, 48-byte salt, identity preparation.
static RSABlindSignatureParameters RSABSSA_SHA384_PSS_RANDOMIZED
          RSABSSA-SHA384-PSS-Randomized — SHA-384, 48-byte salt, 32-byte random prefix.
static RSABlindSignatureParameters RSABSSA_SHA384_PSSZERO_DETERMINISTIC
          RSABSSA-SHA384-PSSZERO-Deterministic — SHA-384, empty salt, identity preparation.
static RSABlindSignatureParameters RSABSSA_SHA384_PSSZERO_RANDOMIZED
          RSABSSA-SHA384-PSSZERO-Randomized — SHA-384, empty salt, 32-byte random prefix.
 
Method Summary
 Digest createDigest()
          Return a fresh Digest instance for the variant's content hash (SHA-384 for every variant defined in RFC 9474 sec. 5).
 java.lang.String getName()
          Return the RFC 9474 sec. 5 variant name (e.g.
 int getSaltLength()
          Return the EMSA-PSS salt length, in bytes.
 boolean isRandomized()
          Return true if the step prepends a fresh 32-byte random prefix (RFC 9474 sec. 4.1 — PrepareRandomize); false if is the identity (RFC 9474 sec. 4.1 — PrepareIdentity).
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

RANDOMIZED_PREFIX_LEN

public static final int RANDOMIZED_PREFIX_LEN
Length in bytes of the random prefix prepended to by (RFC 9474 sec. 4.1).

See Also:
Constant Field Values

RSABSSA_SHA384_PSS_RANDOMIZED

public static final RSABlindSignatureParameters RSABSSA_SHA384_PSS_RANDOMIZED
RSABSSA-SHA384-PSS-Randomized — SHA-384, 48-byte salt, 32-byte random prefix. RECOMMENDED by RFC 9474 sec. 5.


RSABSSA_SHA384_PSSZERO_RANDOMIZED

public static final RSABlindSignatureParameters RSABSSA_SHA384_PSSZERO_RANDOMIZED
RSABSSA-SHA384-PSSZERO-Randomized — SHA-384, empty salt, 32-byte random prefix. RECOMMENDED by RFC 9474 sec. 5; the empty salt makes the signature deterministic given a fixed prepared message, while the prefix preserves blindness.


RSABSSA_SHA384_PSS_DETERMINISTIC

public static final RSABlindSignatureParameters RSABSSA_SHA384_PSS_DETERMINISTIC
RSABSSA-SHA384-PSS-Deterministic — SHA-384, 48-byte salt, identity preparation. Use only when the caller has another source of message unlinkability; see RFC 9474 sec. 7.3.


RSABSSA_SHA384_PSSZERO_DETERMINISTIC

public static final RSABlindSignatureParameters RSABSSA_SHA384_PSSZERO_DETERMINISTIC
RSABSSA-SHA384-PSSZERO-Deterministic — SHA-384, empty salt, identity preparation. RFC 9474 sec. 5 warns this combination yields fully deterministic signatures; use only when the caller actively wants that.

Method Detail

getName

public java.lang.String getName()
Return the RFC 9474 sec. 5 variant name (e.g. ).


getSaltLength

public int getSaltLength()
Return the EMSA-PSS salt length, in bytes.


isRandomized

public boolean isRandomized()
Return true if the step prepends a fresh 32-byte random prefix (RFC 9474 sec. 4.1 — PrepareRandomize); false if is the identity (RFC 9474 sec. 4.1 — PrepareIdentity).


createDigest

public Digest createDigest()
Return a fresh Digest instance for the variant's content hash (SHA-384 for every variant defined in RFC 9474 sec. 5).


Bouncy Castle Cryptography Library 1.85