Generate blind message, sign it and check the signature with RSA.
- generate hash (SHA512) over initial file
- compute k (blind factor) as follows:
k = U1 XOR U2 XOR ...XOR Un
Where:
- U1 = SHA512 [ passphrase || nonce]
- U2 = SHA512 [passphrase || U1]
... - Un = SHA512 [passphrase || Un-1] where n and passphrase is given by the user
- blind the hash as follow:
blind = hash * k ^ e mod n where n and e represents the modulus and the public exponent of a RSA public key - sign the blind messge:
sgn = blind ^ d mod n where d private RSA key coresponding to the Public Key used before - "unblind" the signed message:
unblind = sgn * k ^ -1 mod n where k^-1 represents the invers of k mod n - check the signature:
extracted_hash = unblind ^ e mod n where e the public exponent of RSA KEY pair
compare extracted_hash with a calculated hash of the file