小贝子编程

Chaum盲签名,在JavaScript中进行盲签名,并在Java中进行验证



我正在试验Chaum的盲签名,我想做的是在JavaScript中进行盲和非盲,并在Java中签名和验证(使用弹性城堡(。对于Java方面,我的来源是这个,而对于JavaScript,我发现了盲签名。我为Java方面创建了两个小代码:

package crypto;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.engines.RSAEngine;
import org.bouncycastle.crypto.generators.RSAKeyPairGenerator;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.RSAKeyGenerationParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.signers.PSSSigner;
import org.bouncycastle.crypto.util.PrivateKeyInfoFactory;
import org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.util.io.pem.PemObject;
import java.io.IOException;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.Scanner;
public class RsaConcealedMessageTest {
public static void main(String[] args) {
AsymmetricCipherKeyPair rsaKeyPair = generateKeyPair();
Scanner userInput = new Scanner(System.in);
try {
printKeyPairPems(rsaKeyPair);
// Producing signature on concealed message
System.out.print("Concealed message (in base64)?");
String concealedMessageBase64 = userInput.nextLine();
byte[] concealedMessageBytes = Base64.getDecoder().decode(concealedMessageBase64);
byte[] signatureOnConcealedMessage = signConcealedMessage(concealedMessageBytes, rsaKeyPair.getPrivate());
System.out.println("Signature on concealed message (base64): " + Base64.getEncoder().encodeToString(signatureOnConcealedMessage));

// Verifying revealed signature on revealed message
System.out.print("Revealed message (in base64)?");
String revealedMessageBase64 = userInput.nextLine();
System.out.print("Revealed signature (in base64)?");
String revealedSignatureBase64 = userInput.nextLine();
byte[] revealedMessageBytes = Base64.getDecoder().decode(revealedMessageBase64);
System.out.println("Revealed message is: " + new String(revealedMessageBytes));
byte[] revealedSignatureBytes = Base64.getDecoder().decode(revealedSignatureBase64);
PSSSigner signer = new PSSSigner(new RSAEngine(), new SHA256Digest(), 0);
signer.init(false, rsaKeyPair.getPublic());
signer.update(revealedMessageBytes, 0, revealedMessageBytes.length);
boolean isVerified = signer.verifySignature(revealedSignatureBytes);
System.out.println("Revealed signature is verified on revealed message: " + isVerified);
} catch (IOException e) {
e.printStackTrace();
}
}
private static AsymmetricCipherKeyPair generateKeyPair() {
RSAKeyPairGenerator generator = new RSAKeyPairGenerator();
BigInteger publicExponent = new BigInteger("10001", 16);
SecureRandom random = new SecureRandom();
RSAKeyGenerationParameters keyGenParams = new RSAKeyGenerationParameters(
publicExponent, random, 4096, 80
);
generator.init(keyGenParams);
return generator.generateKeyPair();
}
private static void printKeyPairPems(AsymmetricCipherKeyPair keyPair) throws IOException {
RSAKeyParameters publicKey = (RSAKeyParameters) keyPair.getPublic();
byte[] publicKeyBytes = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(publicKey).getEncoded();
printKeyPem("PUBLIC KEY", publicKeyBytes);
RSAKeyParameters privateKey = (RSAKeyParameters) keyPair.getPrivate();
byte[] privateKeyBytes = PrivateKeyInfoFactory.createPrivateKeyInfo(privateKey).getEncoded();
printKeyPem("PRIVATE KEY", privateKeyBytes);
}
private static void printKeyPem(String keyType, byte[] keyBytes) throws IOException {
PemObject pemObject = new PemObject(keyType, keyBytes);
StringWriter keyStringWriter = new StringWriter();
JcaPEMWriter pemWriter = new JcaPEMWriter(keyStringWriter);
pemWriter.writeObject(pemObject);
pemWriter.close();
System.out.println(keyType + ": " + keyStringWriter.toString().replace("n", ""));
}
private static byte[] signConcealedMessage(byte[] concealedMessage, AsymmetricKeyParameter privateKey) {
RSAEngine engine = new RSAEngine();
engine.init(true, privateKey);
return engine.processBlock(concealedMessage, 0, concealedMessage.length);
}
}

以上操作将生成一个密钥对,将公共部分打印到stdout,并从stdin读取盲消息,然后读取非盲消息和签名。对于JavaScript(Node.js(端,我有这样的:

const BigInteger = require('jsbn').BigInteger;
const BlindSignature = require('blind-signatures');
const NodeRSA = require('node-rsa');
const prompt = require('prompt-sync')();
const publicKeyInput = prompt("Public key in PEM?");
const publicKey = new NodeRSA(publicKeyInput);
// Concealing message
const message = "The quick brown fox jumps over the lazy dog! Hello World!";
const concealingResult = BlindSignature.blind(
{
message: message,
N: publicKey.keyPair.n.toString(),
E: publicKey.keyPair.e.toString(),
}
);
const blindedHexStr = concealingResult.blinded.toString(16);
const blindedBuffer = Buffer.from(blindedHexStr, 'hex');
console.log(`nConcealed message (base64): ${blindedBuffer.toString('base64')}`);
console.log(`nr: ${concealingResult.r.toString(16)}`);
// Getting signature on concealed message and producing revealed signature
const signatureOnConcealedMessageBase64 = prompt("Signature on concealed message (base64)?");
const signatureOnConcealedMessageBuffer = Buffer.from(signatureOnConcealedMessageBase64, 'base64');
const signatureOnConcealedMessageHex = signatureOnConcealedMessageBuffer.toString('hex');
const signatureOnConcealedMessage = new BigInteger(signatureOnConcealedMessageHex, 16)
const signatureOnRevealedMessage = BlindSignature.unblind({
signed: signatureOnConcealedMessage,
N: publicKey.keyPair.n.toString(),
r: concealingResult.r,
});
const revealedMessageBuffer = Buffer.from(message, 'utf8');
const revealedMessageBase64 = revealedMessageBuffer.toString('base64');
console.log(`nRevealed message (base64): ${revealedMessageBase64}`);
const signatureOnRevealedMessageHex = signatureOnRevealedMessage.toString(16);
const signatureOnRevealedMessageBuffer = Buffer.from(signatureOnRevealedMessageHex, 'hex');
const signatureOnRevealedMessageBase64 = signatureOnRevealedMessageBuffer.toString('base64');
console.log(`nSignature on revealed message (base64): ${signatureOnRevealedMessageBase64}`);

这将读取公钥,生成盲消息,并执行取消盲操作。

Java代码的验证部分失败了,而且不知道为什么。有人知道吗?

NodeJS代码中用于盲签名的盲签名库实现了此处描述的过程:

  • BlindSignature.blind()生成消息的SHA256散列,并确定盲消息m'=m*remod N
  • CCD_ 2计算盲签名s’=(m’(dmod N
  • BlindSignature.unblind()确定解盲签名s=s’*r-1mod N
  • BlindSignature.verify()解密解盲签名(se(,并将结果与散列消息进行比较。如果两者相同,则验证成功

在此过程中不进行填充。

在Java代码中,在signConcealedMessage()中对盲消息进行签名的实现在功能上与BlindSignature.sign()相同
相反,Java代码中的验证与上述过程不兼容,因为Java代码在验证过程中使用PSS作为填充
例如,兼容的Java代码是:

RSAEngine engine = new RSAEngine();
engine.init(false, rsaKeyPair.getPublic());
byte[] signatureDecrypted = engine.processBlock(revealedSignatureBytes, 0, revealedSignatureBytes.length);  // calculates s^e          
byte[] messageHashed = MessageDigest.getInstance("SHA-256").digest(revealedMessageBytes);
System.out.println(Arrays.equals(messageHashed, signatureDecrypted)); // verification successfull, if s^e identical with the SHA256 hash of the message

通过此代码验证是成功的。

盲签名的管道中似乎有一个RFC,它确实使用了PSS的扩展,请参阅草案irtf cfg-rsa盲签名
BouncyCastle还提供了盲签名的实现,例如参见RSABlindingEngine,它由引用的Java库应用。

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium