|
Bouncy Castle Cryptography Library 1.85 | |||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Objectorg.bouncycastle.crypto.signers.RSABlindSignatureClient
Client side of the RSA Blind Signature Scheme with Appendix (RSABSSA) defined
in RFC 9474. A single blind(byte[]) call performs both
(sec. 4.1) and (sec. 4.2); #finalize(Blinded, byte[])
performs (sec. 4.4). The server step lives
in RSABlindSignatureServer and the variant choices in
RSABlindSignatureParameters.
The client side is therefore two calls — then —
with the server's in between:
The SecureRandom used for the prepare prefix, the EMSA-PSS salt, and
the blinding factor is supplied at construction; the
convenience constructor uses the
CryptoServicesRegistrar default.
is expressed on the existing BC RSA blinding toolkit —
RSABlindingFactorGenerator, RSABlindingParameters and
PSSSigner driven by an RSABlindingEngine — the same
composition uses for Chaum RSA-PSS blind signing.
Each request's state is carried by the returned RSABlindSignatureClient.Blinded (the blinded
message, the prepared message, and the secret unblinding value), so a single
instance is reusable across requests.
For randomised variants the resulting signature is over a prepared message
that prepends a fresh 32-byte prefix to (RFC 9474 sec. 4.1); that
prepared message — RSABlindSignatureClient.Blinded.getPreparedMessage() — is what downstream
verifiers check the signature against, not the original .
| Nested Class Summary | |
static class |
RSABlindSignatureClient.Blinded
Output of blind(byte[]).
|
| Constructor Summary | |
RSABlindSignatureClient(RSABlindSignatureParameters parameters,
RSAKeyParameters publicKey)
Equivalent to RSABlindSignatureClient(RSABlindSignatureParameters, RSAKeyParameters, SecureRandom)
with a SecureRandom obtained from CryptoServicesRegistrar. |
|
RSABlindSignatureClient(RSABlindSignatureParameters parameters,
RSAKeyParameters publicKey,
java.security.SecureRandom random)
|
|
| Method Summary | |
RSABlindSignatureClient.Blinded |
blind(byte[] msg)
RFC 9474 (sec. 4.1) followed by (sec. 4.2): prepare (prepend a fresh 32-byte prefix for randomised variants, identity otherwise), EMSA-PSS encode it, draw an invertible blinding factor , and blind the encoding to . |
byte[] |
finalize(RSABlindSignatureClient.Blinded blinded,
byte[] blindSig)
RFC 9474 (sec. 4.4): unblind the server's signature for the supplied RSABlindSignatureClient.Blinded request and verify it as a standard
RSASSA-PSS signature over the prepared message.
|
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
public RSABlindSignatureClient(RSABlindSignatureParameters parameters,
RSAKeyParameters publicKey)
RSABlindSignatureClient(RSABlindSignatureParameters, RSAKeyParameters, SecureRandom)
with a SecureRandom obtained from CryptoServicesRegistrar.
parameters - the RFC 9474 sec. 5 variant.publicKey - the server's RSA public key.
public RSABlindSignatureClient(RSABlindSignatureParameters parameters,
RSAKeyParameters publicKey,
java.security.SecureRandom random)
parameters - the RFC 9474 sec. 5 variant.publicKey - the server's RSA public key.random - source of randomness for the prepare prefix (randomised
variants), the EMSA-PSS salt, and the blinding factor;
must not be — use
RSABlindSignatureClient(RSABlindSignatureParameters, RSAKeyParameters)
for the CryptoServicesRegistrar default.| Method Detail |
public RSABlindSignatureClient.Blinded blind(byte[] msg)
throws CryptoException
RSABlindSignatureClient.Blinded carries
the prepared message, the to send to the server, and
the secret unblinding value for #finalize(Blinded, byte[]).
msg - the application message to be signed.
CryptoException - if EMSA-PSS encoding fails (e.g. the modulus is too
small for the variant's hash/salt lengths) or the
encoded message is not coprime with the modulus.
public byte[] finalize(RSABlindSignatureClient.Blinded blinded,
byte[] blindSig)
throws CryptoException
RSABlindSignatureClient.Blinded request and verify it as a standard
RSASSA-PSS signature over the prepared message.
The method name follows the RFC 9474 sec. 4.4 step; it is
an overload of Object.finalize() (distinct signature), not an override.
blinded - the value returned by blind(byte[]) for this request.blindSig - the returned by the server.
CryptoException - if has the wrong length or the
unblinded signature fails RSASSA-PSS verification.
|
Bouncy Castle Cryptography Library 1.85 | |||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||