package main import ( "bytes" "crypto" "crypto/rand" "crypto/rsa" "crypto/sha1" "encoding/json" "fmt" "net/http" "os/exec" "time" "github.com/cryptoballot/fdh" "github.com/cryptoballot/rsablind" "github.com/fatih/color" ) func IDs() []Key { //read the keys stored in /keys directory keys := readKeys() return keys } func NewID() []Key { //generate RSA keys pair reader := rand.Reader k, err := rsa.GenerateKey(reader, keysize) check(err) id := hash(time.Now().String()) savePEMKey(keysDir+"/"+id+"private.pem", k) savePublicPEMKey(keysDir+"/"+id+"public.pem", k.PublicKey) var key Key key.ID = id key.PrivK = id + "private.pem" key.PubK = id + "public.pem" key.Date = time.Now() fmt.Println(key) keys := readKeys() keys = append(keys, key) saveKeys(keys) return keys } type AskBlindSign struct { M []byte `json:"m"` } type SignResponse struct { Sig []byte `json:"sig"` PubK rsa.PublicKey `json:"pubK"` } func BlindAndSendToSign(keyID string) []Key { //get the key key := getKeyByKeyID(keyID) //privK := openPEMKey(key.PrivK) pubK, err := openPublicPEMKey(keysDir + "/" + key.PubK) check(err) //pubK to string m, err := ExportRsaPublicKeyAsPemStr(pubK) check(err) mB := []byte(m) //get serverPubK var serverPubK *rsa.PublicKey res, err := http.Get(config.Server) check(err) decoder := json.NewDecoder(res.Body) err = decoder.Decode(&serverPubK) if err != nil { panic(err) } defer res.Body.Close() //blind the hashed message // We do a SHA256 full-domain-hash expanded to 1536 bits (3/4 the key size) hashed := fdh.Sum(crypto.SHA256, hashize, mB) blinded, unblinder, err := rsablind.Blind(serverPubK, hashed) if err != nil { panic(err) } var askBlindSign AskBlindSign askBlindSign.M = blinded //send blinded to serverIDsigner body := new(bytes.Buffer) json.NewEncoder(body).Encode(askBlindSign) res, err = http.Post(config.Server+"blindsign", "application/json", body) check(err) var signResponse SignResponse decoder = json.NewDecoder(res.Body) err = decoder.Decode(&signResponse) if err != nil { panic(err) } defer res.Body.Close() sig := signResponse.Sig //serverPubK := signResponse.PubK //unblind the signedblind unblindedSig := rsablind.Unblind(serverPubK, sig, unblinder) color.Green("unblindedSig") fmt.Println(unblindedSig) // Verify the original hashed message against the unblinded signature if err := rsablind.VerifyBlindSignature(serverPubK, hashed, unblindedSig); err != nil { fmt.Println(err) } else { color.Green("blind signature verified") key.Verified = true } key.UnblindedSig = unblindedSig key.Hashed = hashed key.ServerVerifier = serverPubK saveKey(key) keys := readKeys() return keys } func Verify(packPubK string) { return } func Delete(keyID string) []Key { originalKeys := readKeys() //remove key .pem files key := getKeyByKeyID(keyID) _, err := exec.Command("rm", keysDir+"/"+key.PrivK).CombinedOutput() check(err) _, err = exec.Command("rm", keysDir+"/"+key.PubK).CombinedOutput() check(err) //remove key from keys.json keys := removeKey(keyID, originalKeys) saveKeys(keys) return keys } func Encrypt(keyID string, encryptData EncryptData) EncryptData { key := getKeyByKeyID(keyID) pubK, err := openPublicPEMKey(keysDir + "/" + key.PubK) check(err) out, err := rsa.EncryptOAEP(sha1.New(), rand.Reader, &pubK, []byte(encryptData.M), []byte("orders")) check(err) fmt.Println(string(out)) encryptData.C = out return encryptData } func Decrypt(keyID string, encryptData EncryptData) EncryptData { key := getKeyByKeyID(keyID) privK, err := openPEMKey(keysDir + "/" + key.PrivK) check(err) out, err := rsa.DecryptOAEP(sha1.New(), rand.Reader, privK, []byte(encryptData.C), []byte("orders")) check(err) fmt.Println(string(out)) encryptData.M = string(out) return encryptData }