Documentation
¶
Overview ¶
Package blindrsa implements the RSA Blind Signature Protocol as defined in [RFC9474].
The RSA Blind Signature protocol, and its variant RSABSSA (RSA Blind Signature with Appendix) is a two-party protocol between a Client and Server where they interact to compute
sig = Sign(sk, input_msg),
where `input_msg = Prepare(msg)` is a prepared version of a private message `msg` provided by the Client, and `sk` is the private signing key provided by the server.
Supported Variants ¶
This package is compliant with the RFC-9474 document and supports the following variants:
- NewVerifier implements RSABSSA-SHA384-PSS-Deterministic
- NewDeterministicVerifier implements RSABSSA-SHA384-PSSZERO-Deterministic
while these variants are not supported yet:
- RSABSSA-SHA384-PSS-Randomized
- RSABSSA-SHA384-PSSZERO-Randomized
Example (Blindrsa) ¶
// Setup (offline)
// Server: generate an RSA keypair.
sk, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
fmt.Fprintf(os.Stderr, "failed to generate RSA key: %v", err)
return
}
pk := &sk.PublicKey
server := NewSigner(sk)
// Client: stores Server's public key.
verifier := NewVerifier(pk, crypto.SHA384)
// Protocol (online)
// Client blinds a message.
msg := []byte("alice and bob")
blindedMsg, state, err := verifier.Blind(rand.Reader, msg)
if err != nil {
fmt.Fprintf(os.Stderr, "client failed to generate blinded message: %v", err)
return
}
// Server signs a blinded message, and produces a blinded signature.
blindedSignature, err := server.BlindSign(blindedMsg)
if err != nil {
fmt.Fprintf(os.Stderr, "server failed to sign: %v", err)
return
}
// Client builds a signature from the previous state and the blinded signature.
signature, err := state.Finalize(blindedSignature)
if err != nil {
fmt.Fprintf(os.Stderr, "client failed to obtain signature: %v", err)
return
}
// Client verifies the signature is valid.
ok := verifier.Verify(msg, signature)
fmt.Printf("Valid signature: %v", ok == nil)
Output: Valid signature: true
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrUnexpectedSize = common.ErrUnexpectedSize ErrInvalidMessageLength = common.ErrInvalidMessageLength ErrInvalidBlind = common.ErrInvalidBlind ErrInvalidRandomness = common.ErrInvalidRandomness ErrUnsupportedHashFunction = common.ErrUnsupportedHashFunction )
Functions ¶
This section is empty.
Types ¶
type Signer ¶
type Signer struct {
// contains filtered or unexported fields
}
An Signer represents the Signer in the blind RSA protocol. It carries the raw RSA private key used for signing blinded messages.
func NewSigner ¶
func NewSigner(sk *rsa.PrivateKey) Signer
NewSigner creates a new Signer for the blind RSA protocol using an RSA private key.
func (Signer) BlindSign ¶
BlindSign blindly computes the RSA operation using the Signer's private key on the blinded message input, if it's of valid length, and returns an error should the function fail.
See the specification for more details: https://www.rfc-editor.org/rfc/rfc9474.html#name-blindsign
type Verifier ¶
type Verifier interface {
// Blind initializes the blind RSA protocol using an input message and source of randomness. The
// signature is deterministic. This function fails if randomness was not provided.
Blind(random io.Reader, message []byte) ([]byte, VerifierState, error)
// FixedBlind runs the Blind function with fixed blind and salt inputs.
FixedBlind(message, blind, salt []byte) ([]byte, VerifierState, error)
// Verify verifies the input (message, signature) pair and produces an error upon failure.
Verify(message, signature []byte) error
// Hash returns the hash function associated with the Verifier.
Hash() hash.Hash
}
Verifier is a type that implements the client side of the blind RSA protocol, described in https://www.rfc-editor.org/rfc/rfc9474.html#name-rsabssa-variants
func NewDeterministicVerifier ¶
NewDeterministicVerifier creates a new DeterministicBRSAVerifier using the corresponding Signer parameters. This corresponds to the RSABSSA-SHA384-PSSZERO-Deterministic variant. See the specification for more details: https://www.rfc-editor.org/rfc/rfc9474.html#name-rsabssa-variants
func NewVerifier ¶
NewVerifier creates a new BRSAVerifier using the corresponding Signer parameters. This corresponds to the RSABSSA-SHA384-PSS-Deterministic variant. See the specification for more details: https://www.rfc-editor.org/rfc/rfc9474.html#name-rsabssa-variants
type VerifierState ¶
type VerifierState struct {
// contains filtered or unexported fields
}
An VerifierState carries state needed to complete the blind signature protocol as a verifier.
func (VerifierState) CopyBlind ¶
func (state VerifierState) CopyBlind() []byte
CopyBlind returns an encoding of the blind value used in the protocol.
func (VerifierState) CopySalt ¶
func (state VerifierState) CopySalt() []byte
CopySalt returns an encoding of the per-message salt used in the protocol.
func (VerifierState) Finalize ¶
func (state VerifierState) Finalize(data []byte) ([]byte, error)
Finalize computes and outputs the final signature, if it's valid. Otherwise, it returns an error.
See the specification for more details: https://www.rfc-editor.org/rfc/rfc9474.html#name-finalize
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
internal
|
|
|
Package partiallyblindrsa implements a partially blind RSA protocol.
|
Package partiallyblindrsa implements a partially blind RSA protocol. |