Cipher suites#

We define cipher suites that implementations need to support.


This suite uses RSA for the crypto operations. SHA256 is used as a hashing algorithm, and PSS for padding in certificate signatures.

CHAUM82 is used for the blinding, e.g. raw RSA signatures.

The signing process is initialized following the cryptography.io example:

from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding

private_key = rsa.generate_private_key(65537, 512)
signature = private_key.sign(
    "The json dump",

See the example rsa suite in rsa_suite.py


When preparing blanks we need to decide which values to use. The overall goal is to get the wallet into a state where the next transaction can be made without having to fetch “change” first. E.g. if we have a sum of 200 in the wallet, we want to be able to pay 137 without having fetch change first.

This makes live more comfortable, but more important it helps privacy, because the issuer can’t link actions around an awkward price.

We have a sample implementation for this. It contains one line of old black magic though. But at least we have tests for it.

Also see RequestRenew Message.