Dr. Dobb's Journal December 1998
Suppose that A wants B to sign her message but does not want to reveal the message's contents to B. Assume that both parties have agreed on RSA as their public key cryptography system, and PKB=(e,n) and SKB=(d,n) are B's public and secret keys, respectively.
1. A generates a random number R that is relatively prime to modulus n, that is, gcd(n,R)=1. Using PKB, A generates M' as M'= ReM modulus n and sends it to B.
2. On receiving M', B exponentiates M' using his decryption key d. B generates S=M'd=(Rem)d modulus n and sends it to A.
3. A can now factor out the randomness by multiplying S with R-1. Hence, S'=(S)R-1 modulus n. B has signed S' without knowing the contents of M.
-- T.A.