Bouncy Castle Cryptography Library 1.85

org.bouncycastle.crypto.signers
Class RSABlindSignatureServer

java.lang.Object
  extended byorg.bouncycastle.crypto.signers.RSABlindSignatureServer

public class RSABlindSignatureServer
extends java.lang.Object

Server side of the RSA Blind Signature Scheme with Appendix (RSABSSA) defined in RFC 9474. Implements the step (sec. 4.3): given a blinded message produced by RSABlindSignatureClient.blind(byte[]), compute and return it, after a self-consistency check () that catches CRT faults before the value leaves the server.

The private-key operation is driven through RSABlindedEngine so the modular exponentiation is itself blinded against timing side-channels — orthogonal to the RFC 9474 client/server blinding, which only hides the message.

The variant choice (PSS vs PSSZERO, randomised vs deterministic) is opaque to the server — only the client cares — so this class is variant-agnostic.


Constructor Summary
RSABlindSignatureServer(RSAKeyParameters privateKey)
           
 
Method Summary
 byte[] blindSign(byte[] blindedMsg)
          RFC 9474 sec. 4.3 .
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

RSABlindSignatureServer

public RSABlindSignatureServer(RSAKeyParameters privateKey)
Parameters:
privateKey - the server's RSA private key. CRT-form (RSAPrivateCrtKeyParameters) is strongly recommended; the public exponent must be available for the RSAVP1 self-check (RFC 9474 sec. 4.3 step 3).
Method Detail

blindSign

public byte[] blindSign(byte[] blindedMsg)
                 throws CryptoException
RFC 9474 sec. 4.3 . Verifies as an integer in of the modulus length, applies RSASP1, and checks that RSAVP1 round-trips back to the input before returning.

Parameters:
blindedMsg - the blinded message received from the client; must be exactly bytes.
Returns:
the blinded signature, bytes.
Throws:
CryptoException - if the input is the wrong length, out of range, or the RSASP1/RSAVP1 round-trip fails (CRT fault).

Bouncy Castle Cryptography Library 1.85