public class RSABlindSignatureServer
extends java.lang.Object
BlindSign step (sec. 4.3): given a blinded
message produced by RSABlindSignatureClient.blind(byte[]), compute
s = m^d mod n and return it, after a self-consistency check
(s^e == m mod n) that catches CRT faults before the value leaves
the server.
The private-key operation is driven through
RSABlindedEngine so the modular
exponentiation is itself blinded against timing side-channels — orthogonal to
the RFC 9474 client/server blinding, which only hides the message.
The variant choice (PSS vs PSSZERO, randomised vs deterministic) is opaque to the server — only the client cares — so this class is variant-agnostic.
| Constructor and Description |
|---|
RSABlindSignatureServer(RSAKeyParameters privateKey) |
| Modifier and Type | Method and Description |
|---|---|
byte[] |
blindSign(byte[] blindedMsg)
RFC 9474 sec. 4.3
BlindSign. |
public RSABlindSignatureServer(RSAKeyParameters privateKey)
privateKey - the server's RSA private key. CRT-form
(RSAPrivateCrtKeyParameters) is strongly
recommended; the public exponent must be available
for the RSAVP1 self-check (RFC 9474 sec. 4.3 step 3).public byte[] blindSign(byte[] blindedMsg)
throws CryptoException
BlindSign. Verifies blindedMsg as an
integer in [0, n) of the modulus length, applies RSASP1, and
checks that RSAVP1 round-trips back to the input before returning.blindedMsg - the blinded message received from the client; must be
exactly modulus_len bytes.modulus_len bytes.CryptoException - if the input is the wrong length, out of range,
or the RSASP1/RSAVP1 round-trip fails (CRT fault).