I am trying to perform blinding and unblinding on a hash.
I have:
messageHashed = md5.new('MyMessage').digest()
print 'Message MD5:%s' % messageHashed
blindSigned = loadedPublic.blind(messageHashed,123)
print 'Blinded: %s' % blindSigned
blindSigned = loadedPrivate.sign(blindSigned,loadedPrivate.n)
print 'Blinded Signed: %s' % str(blindSigned)
unblind = loadedPrivate.unblind(blindSigned,123)
print '-------------'
print 'Unblinded: %s' % unblind
verify = loadedPrivate.verify(unblind,(loadedPrivate.n,loadedPrivate.d))
print 'Verify: %s' % verify
(I have previously loaded the public and private key and thats working fine)
Now, my issue is, when it runs, I get this output:
M<ssage MD5:?.Z?3??f2??
Blinded: ?YL⽥p??j+Z<I?vxV??{5??
??>[??? ??r?"l
??d?ڸYC????k?U?Q?????C?0?D??*T8?}?P?9~$??'?p??ZR:2? sh͓l??kXvU??d]???$?c聻?b??@?
Blinded Signed: (122872721681409041185513323026772702402844983846953530757782619983060590754290923453963299094289086410649560247540686534912830758097386690290305557644701999751846538319065094741731992734124277081554060855405114566548615303949954231396930615801829673187895538075706631646002356108979884582511973944741160960028L,)
Traceback (most recent call last):
File "NewClient.py", line 103, in <module>
unblind = loadedPrivate.unblind(blindSigned,123)
File "build/bdist.macosx-10.8-intel/egg/Crypto/PublicKey/pubkey.py", line 165, in unblind
File "build/bdist.macosx-10.8-intel/egg/Crypto/PublicKey/RSA.py", line 247, in _unblind
object = RSAobj
File "build/bdist.macosx-10.8-intel/egg/Crypto/PublicKey/_slowmath.py", line 47, in _unblind
OverflowError: cannot fit 'long' into an index-sized integer
Even though the unblind function is documented as follows:
unblind(self, M, B)
unblind(M : string|long, B : string|long) : string|long
Unblind message M using blinding factor B.
It does not seem to accept it.
Can anybody point me in the right direction? I have been at this for hours.
Two things stand out as I'm trying to replicate your issue:
_RSAobj.blind() and _RSAobj.unblind() calls appear to enforce type (i.e. you're required to provide a long or string, ints don't work). A long constant is denoted by adding a L to the end of the numerical value (e.g. 9001L)._RSAobj.sign() function returns a tuple. The signature ends up in element 0 of the return value.So your code really looks like this:
messageHashed = md5.new('MyMessage').digest()
print 'Message MD5:%s' % messageHashed
blindSigned = loadedPublic.blind(messageHashed,123L)
print 'Blinded: %s' % blindSigned
blindSigned = loadedPrivate.sign(blindSigned,loadedPrivate.n)[0]
print 'Blinded Signed: %s' % str(blindSigned)
unblind = loadedPublic.unblind(blindSigned,123L)
print '-------------'
print 'Unblinded: %s' % unblind
verify = loadedPublic.verify(unblind,(loadedPrivate.n,loadedPrivate.d))
print 'Verify: %s' % verify
This code runs, but probably doesn't do what you really want it to do; in particular verify will always end up being False.
What you have after unblinding is the valid RSA signature of messageHashed using the p, and _RSAobj.verify(self, M, signature) is the correct function signature (with signature required to be a 2-tuple, the 0th element of which is the actual RSA signature). So if you have
verify = loadedPublic.verify(messageHashed, (unblind,))
that will work as advertised (i.e. verify should end up being True).