NAME
Crypt::RSA::Blind - Blind RSA signatures
VERSION
$Revision: 1.012 $
$Date: Sun Jun 16 18:22:22 EST 2024 $
SYNOPSIS
use Crypt::RSA::Blind;
use Try::Tiny;
my $rsab = new Crypt::RSA::Blind;
my ($pubkey, $seckey) = $rsab->keygen(Size => 4096);
my $msg = "Hello, world!";
# RSABSSA-PSS interface (RFC 9747)
my $slen = 48; # Salt length (in bytes). 0 for no salt.
my ($blinded_msg, $blinding) = $rsab->ssa_blind (PublicKey => $pubkey,
Message => $msg,
sLen => $slen);
my $blind_sig = $rsab->ssa_blind_sign(SecretKey => $seckey,
BlindedMessage => $blinded_msg);
my $sig = $rsab->ssa_finalize(PublicKey => $pubkey,
BlindSig => $blind_sig,
Blinding => $blinding,
Message => $msg,
sLen => $slen);
print "OK\n" if try { $rsab->pss_verify(PublicKey => $pubkey,
Signature => $sig,
Message => $msg,
sLen => $slen) };
# Deprecated old interface
my $init = $rsab->init;
my $req = $rsab->request( Key => $pubkey,
Init => $init,
Message => $msg );
my $blindsig = $rsab->sign( Key => $seckey, Plaintext => $req );
my $sig = $rsab->unblind( Key => $pubkey, Init => $init,
Signature => $blindsig );
print "OK\n" if $rsab->verify( Key => $pubkey, Message => $msg,
Signature => $sig );
METHODS
new
Creates and returns a new Crypt::RSA::Blind object.
keygen
Generates and returns an RSA key-pair of specified bitsize. This is a synonym for Crypt::RSA::Key::generate(). Parameters and return values are described in the Crypt::RSA::Key(3) manpage.
init
Generates and returns an initialization vector.
The RSA blind signature protocol doesn't require the use of initialization vectors. However, this module can use them to keep track of the blinding factor for different signing requests, so it is convenient to use initialization vectors when creating multiple interlaved signing requests.
When using initialization vectors, the vector should be passed as the 'Init' named parameter to the ssa_blind() and ssa_finalize() methods (in the old deprecated interface, to the req(), and unblind() methods).
Alternately, you can keep track of the blinding factor for each request in your own code. In this case, you can supply the blinding factor as the 'Blinding' named parameter to the ssa_finalize() method, instead of providing an initialization vector as the 'Init' parameter to ssa_blind() and ssa_finalize().
Initialization vectors are not persistent across different invocations of a script, so if you need to call ssa_blind() and ssa_finalize() in different processes, you will need to record and persist the blinding factor yourself.
ssa_blind
Generates and returns a blinded message for signing, and the blinding factor used. The following named parameters are required:
PublicKey - The public key of the signer
Message - The message to be blind signed
sLen - The length (in bytes) of the salt to be used in the RSABSSA-PSS protocol. This can be 0 for no salt.
The following optional named parameters can be provided:
Init - An initialization vector from init()
R_inv - The r_inv value as an integer, for test vector verification.
Salt - A salt as a hex string without a leading '0x', for test vector verification.
Returns a list of two binary strings. The first is a the blinded message for signing, the second is the blinding factor used. Raises an exception on error.
ssa_blind_sign
Generates and returns a blind signature. The following named parameters are required:
SecretKey - The private key of the signer
BlindedMessage - The blinded message from ssa_blind()
Returns the blind signature as a binary string. Raises an exception on error.
ssa_finalize
Unblinds a blind signature and returns an RSASSA-PSS compatible signature. The following named parameters are required:
PublicKey - The public key of the signer
BlindSig - The blind signature from ssa_blindsign()
Message - The message that was provided to ssa_blind()
sLen - The lengh in bytes of the salt. 0 for no salt.
In addition, one of the following parameters is required:
Init - The initialization vector that was provided to ssa_blind()
Blinding - The blinding factor that was returned by ssa_blind()
Returns the blind signature as a binary string. Raises an exception on error.
pss_verify
Verify an RSABSSA-PSS signature. The following named parameters are required:
PublicKey - The public key of the signer
Signature - The blind signature
Message - The message that was signed
sLen - The lengh in bytes of the salt. 0 for no salt.
Returns a true value if the signature verifies successfully. Raises an exception on error.
ssa_randomize
Takes a single required parameter, the message to be signed, and returns a prepared message with a random prefix.
errstr
Returns the error message from the last failed method call. See ERROR HANDLING below for more details.
DEPRECATED METHODS
The methods below are deprecated and maintained for backwards compatibility only. All new code should use the methods listed above.
request
Generates and returns a blind-signing request. The following named parameters are required:
NOTE: This method is deprecated. Use the new ssa_blind method instead.
Init - The initialization vector from init()
Key - The public key of the signer
Message - The message to be blind signed
sign
Generates and returns a blind signature. The following named parameters are required:
NOTE: This method is deprecated. Use the new ssa_blind_sign method instead.
Key - The private key of the signer
Plaintext - The blind-signing request
unblind
Unblinds a blind signature and returns a verifiable signature. The following named parameters are required:
NOTE: This method is deprecated. Use the new ssa_finalize method instead.
Init - The initialization vector from init()
Key - The public key of the signer
Signature - The blind signature
verify
Verify a signature. The following named parameters are required:
NOTE: This method is deprecated. Use the new pss_verify method instead.
Key - The public key of the signer
Signature - The blind signature
Message - The message that was signed
ACCESSORS
Accessors can be called with no arguments to query the value of an object property, or with a single argument, to set the property to a specific value (unless it is read-only).
hashalg
The name of the hashing algorithm to be used. Only SHA variants are supported. The default is 'SHA384'.
mgfhalg
The name of the hashing algorithm to be used in the MGF1 function. Only SHA variants are supported. The default is 'SHA384'.
initsize
The bitsize of the init vector. Default is 128.
hashsize
The bitsize of the full-domain hash that will be generated from the message to be blind-signed. Default is 768. This property is only relevant to the old deprecated methods.
blindsize
The bitsize of the blinding factor. Default is 512. This property is only relevant to the old deprecated methods.
ERROR HANDLING
Crypt::RSA::Blind relies on Crypt::RSA, which uses an error handling method implemented in Crypt::RSA::Errorhandler. When a method fails it returns undef and saves the error message. This error message is available to the caller through the errstr() method. For more details see the Crypt::RSA::Errorhandler(3) manpage.
Other than keygen(), all Crypt::RSA::Blind methods that report errors this way are deprecated.
The ssa_* methods and pss_verify() do not use the above error reporting method. They raise an exception on error.
AUTHOR
Ashish Gulhati, <crypt-rsab at hash.neo.email>
BUGS
Please report any bugs or feature requests to bug-crypt-rsa-blind at rt.cpan.org
, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=Crypt-RSA-Blind. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.
SUPPORT
You can find documentation for this module with the perldoc command.
perldoc Crypt::RSA::Blind
You can also look for information at:
RT: CPAN's request tracker
AnnoCPAN: Annotated CPAN documentation
CPAN Ratings
Search CPAN
LICENSE AND COPYRIGHT
Copyright (c) Ashish Gulhati.
This software package is Open Software; you can use, redistribute, and/or modify it under the terms of the Open Artistic License 2.0.
Please see http://www.opensoftware.ca/oal20.txt for the full license terms, and ensure that the license grant applies to you before using or modifying this software. By using or modifying this software, you indicate your agreement with the license terms.