Generate blind message, sign it and check the signature with RSA.

• generate hash (SHA512) over initial file
• compute k (blind factor) as follows:
  k = U1 XOR U2 XOR ...XOR Un
  Where:
  
  • U1 = SHA512 [ passphrase || nonce]
  • U2 = SHA512 [passphrase || U1]
    ...
  • Un = SHA512 [passphrase || Un-1] where n and passphrase is given by the user
• blind the hash as follow:
  blind = hash * k ^ e mod n where n and e represents the modulus and the public exponent of a RSA public key
• sign the blind messge:
  sgn = blind ^ d mod n where d private RSA key coresponding to the Public Key used before
• "unblind" the signed message:
  unblind = sgn * k ^ -1 mod n where k^-1 represents the invers of k mod n
• check the signature:
  extracted_hash = unblind ^ e mod n where e the public exponent of RSA KEY pair
  compare extracted_hash with a calculated hash of the file