/ 
Crypt-RSA-Blind-1.035
River stage one • 1 direct dependent • 2 total dependents
/ Crypt::RSA::Blind

NAME

Crypt::RSA::Blind - Blind RSA signatures

VERSION

$Revision: 1.035 $
$Date: Wed Jun 11 13:34:13 EST 2025 $

SYNOPSIS

use Crypt::RSA::Blind;
use Try::Tiny;

my $rsab = new Crypt::RSA::Blind;

my ($pubkey, $seckey) = $rsab->keygen(Size => 4096);

my $msg = "Hello, world!";

# RSABSSA-PSS methods (RFC 9474)

my $slen = 48; # Salt length (in bytes). 0 for no salt.

my ($blinded_msg, $blinding) = $rsab->blind ( { PublicKey => $pubkey,
                                                Message => $msg,
                                                sLen => $slen } );

my $blind_sig = $rsab->blind_sign( { SecretKey => $seckey,
                                     PublicKey => $pubkey,
                                     BlindedMessage => $blinded_msg } );

my $sig = $rsab->finalize( { PublicKey => $pubkey,
                             BlindSig => $blind_sig,
                             Blinding => $blinding,
                             Message => $msg,
                             sLen => $slen } );

print "OK\n" if try { $rsab->pss_verify( { PublicKey => $pubkey,
                                           Signature => $sig,
                                           Message => $msg,
                                           sLen => $slen } ) };

# Use old API methods as wrappers for RSABSSA-PSS methods

$rsab->set_oldapi(1);     # Enable old API wrappers (default)

# Alternately, use old API methods as originally implemented

$rsab->set_oldapi(0);     # Disable old API wrappers (deprecated)

# Old interface

my $init = $rsab->init;

my $req = $rsab->request( Key => $pubkey,
                          Init => $init,
                          Message => $msg );

my $blindsig = $rsab->sign( Key => $seckey,
                            PublicKey => $pubkey,
                            Message => $req );

my $sig = $rsab->unblind( Key => $pubkey,
                          Init => $init,
                          Signature => $blindsig );

print "OK\n" if $rsab->verify( Key => $pubkey,
                               Message => $msg,
                               Signature => $sig );

METHODS

new

Creates and returns a new Crypt::RSA::Blind object.

keygen

Generates and returns an RSA key-pair of specified bitsize. This is a synonym for Crypt::RSA::Key::generate. Arguments and return values are described in the Crypt::RSA::Key manpage.

init

Generates and returns an initialization vector.

The RSA blind signature protocol doesn't require the use of initialization vectors. However, this module can use them to keep track of the blinding factor for different signing requests, so it is convenient to use initialization vectors when creating multiple interlaved signing requests.

When using initialization vectors, the vector should be passed as the Init named argument to the blind and finalize methods (in the old deprecated interface, to the request and unblind methods).

Alternately, you can keep track of the blinding factor for each request in your own code. In this case, you can supply the blinding factor as the Blinding named argument to the finalize method, instead of providing an initialization vector as the Init argument to blind and finalize.

Initialization vectors are not persistent across different invocations of a script, so if you need to call blind and finalize in different processes, you will need to record and persist the blinding factor yourself.

blind

Generate a blinding factor and a blinded message for signing.

Returns a list of two binary strings. The first is a the blinded message for signing, the second is the blinding factor used. Raises an exception on error.

Expects a hashref containing named arguments. The following arguments are required:

    PublicKey - The public key of the signer

    Message - The message to be blind signed

    sLen - The length (in bytes) of the salt to be used in the RSABSSA-PSS protocol. This can be 0 for no salt.

The following optional arguments can be provided:

    Init - An initialization vector from init()

    R_inv - The r_inv value as an integer, for test vector verification.

    Salt - A salt as a hex string without a leading '0x', for test vector verification.

blind_sign

Generate a blind signature.

Returns the blind signature as a binary string. Raises an exception on error.

Expects a hashref containing named arguments. The following arguments are required:

    SecretKey - The private key of the signer

    BlindedMessage - The blinded message from blind()

The following optional arguments can be provided:

    PublicKey - The public key of the signer. If this is provided, the blind signature will be verified as an implementation safeguard. This is required by RFC9474.

finalize

Unblind a blind signature and generate an RSASSA-PSS compatible signature.

Returns the signature as a binary string. Raises an exception on error.

Expects a hashref containing named arguments. The following arguments are required:

    PublicKey - The public key of the signer

    BlindSig - The blind signature from blind_sign()

    Message - The message that was provided to blind()

    sLen - The lengh in bytes of the salt. 0 for no salt.

In addition, one of the following arguments is required:

    Init - The initialization vector that was provided to blind()

    Blinding - The blinding factor that was returned by blind()

pss_verify

Verify an RSABSSA-PSS signature.

Returns a true value if the signature verifies successfully. Raises an exception on error.

Expects a hashref containing named arguments. The following named arguments are required:

    PublicKey - The public key of the signer

    Signature - The blind signature

    Message - The message that was signed

    sLen - The lengh in bytes of the salt. 0 for no salt.

randomize

Takes a single required argument, the message to be signed (as a binary string), and returns a prepared message with a random prefix (also as a binary string).

errstr

Returns the error message from the last failed method call. See "ERROR HANDLING" below for more details.

OLD API MODES

The methods under "OLD API METHODS" below are the original interface for this module. They continue to be available in two modes for backwards compatibility.

The first, recommended, and default mode for these methods is "compatibility mode", which can be enabled with:

$rsab->set_oldapi(1);     # Enable old API wrappers

In this mode, the old methods are wrappers around the RSABSSA-PSS methods described above. Code written with the old methods should work in this mode, and will use the updated implementation.

In the second mode the old methods invoke their original implementation. This mode can be enabled with:

$rsab->set_oldapi(0);     # Disable old API wrappers

This mode is deprecated as the old implementation predates RFC 9474 and isn't compliant with it.

While these original methods continue to be available, versions 1.020 and higher of this module use different accessor names than previous versions. This change is incompatible with code that uses the old accessors. See "ACCESSORS" below.

OLD API METHODS

request

Generates and returns a blind-signing request. The following named arguments are required:

    Init - The initialization vector from init()

    Key - The public key of the signer

    Message - The message to be blind signed

sign

Generates and returns a blind signature. The following named arguments are required:

    Key - The private key of the signer

    Message - The blind-signing request

The following optional arguments can be provided:

    PublicKey - The public key of the signer. If this is provided, the blind signature will be verified as an implementation safeguard. This is required by RFC9474.

unblind

Unblinds a blind signature and returns a verifiable signature. The following named arguments are required:

    Init - The initialization vector from init()

    Key - The public key of the signer

    Signature - The blind signature

verify

Verify a signature. The following named arguments are required:

    Key - The public key of the signer

    Signature - The blind signature

    Message - The message that was signed

ACCESSORS

Accessors can be used to query or set the value of an object property. Readers are prefixed with "get_". Writers are prefixed with "set_" and take a single argument, to set the property to a specific value.

Version 1.012 and older of this module used different accessor names and didn't use the get_ and set_ prefixes. Code that uses the old accessors will need to be updated to use the new ones.

get_hash_algorithm / set_hash_algorithm

The name of the hashing algorithm to be used. Only SHA variants are supported. The default is 'SHA384'.

get_mgf_hash_algorithm / set_mgf_hash_algorithm

The name of the hashing algorithm to be used in the MGF1 function. Only SHA variants are supported. The default is 'SHA384'.

get_initsize / set_initsize

The bitsize of the init vector. Default is 128.

get_hashsize / set_hashsize

The bitsize of the full-domain hash that will be generated from the message to be blind-signed. Default is 768. This property is only relevant to the old deprecated implementation.

get_blindsize / set_blindsize

The bitsize of the blinding factor. Default is 512. This property is only relevant to the old deprecated implementation.

get_oldapi / set_oldapi

Enable / disable compatibility mode for the original Crypt::RSA::Blind API to wrap the RSABSSA-PSS methods. set_oldapi(1) enables wrapping RSABSSA-PSS in the old API methods. set_oldapi(0) disables wrapping and uses the original implementation for the original methods. This mode is deprecated.

ERROR HANDLING

Crypt::RSA::Blind relies on Crypt::RSA, which uses an error handling method implemented in Crypt::RSA::Errorhandler. When a method fails it returns undef and saves the error message. This error message is available to the caller through the errstr method. For more details see the Crypt::RSA::Errorhandler manpage.

Other than keygen, only the "old API" methods of Crypt::RSA::Blind report errors this way, when operating with their original implementation. See "OLD API MODES" above.

The blind, blind_sign, finalize and pss_verify methods do not use the above error reporting method. They raise an exception on error. As do the "old API" methods when operating in compatibility mode (see "OLD API MODES" above).

AUTHOR

Ashish Gulhati, <crypt-rsab at hash.neo.email>

BUGS

Please report any bugs or feature requests to bug-crypt-rsa-blind at rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=Crypt-RSA-Blind. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.

COPYRIGHT AND LICENSE

Copyright (c) Ashish Gulhati.

This software package is Open Software; you can use, redistribute, and/or modify it under the terms of the Open Artistic License 4.0.

Please see the LICENSE file included with this package, or visit http://www.opensoftware.ca/oal40.txt, for the full license terms, and ensure that the license grant applies to you before using or modifying this software. By using or modifying this software, you indicate your agreement with the license terms.