This patch does a few things to simplify the public key classes
(RSA, DSA and ElGamal):
* It removes the Crypto.PublicKey.pubkey module. The 3 classes
do not have an ancestor anymore.
* Methods sign(), verify(), encrypt(), and decrypt() are removed.
* Methods blind() and unblind() are removed.
* Methods can_sign() and can_encrypt() are removed.
* The 3 classes cannot be pickled anymore.
Until now, the verify() method of a Crypto.Signature object returns
False if a signature is not authentic.
With this change set, verify() now raises a ValueError exception.
The return value of verify() must not be checked anymore.
NOTE: this change sets breaks compatibility with PyCrypto
This patch implements the variant of DSA
described in http://tools.ietf.org/html/draft-pornin-deterministic-dsa-02.
The nonce k is not taken from the RNG: instead, it is derived from
the message and the key.
DSA is still secure even on platforms where the RNG is not reliable
(e.g. in VMs).
This patch introduces a new module (Crypto.Signature.DSS)
with a less error prone API for performing DSA signatures.
Similarly to Crypto.Signature.PKCS1_PSS, the module
creates a signer object that only works with hash objects,
not directly with messages.
Additionally, the caller does not need to provide any RNG.
The module will use the default one and will correctly pick
the critical nonce K.
Example of API usage:
>>> from Crypto.Signature.DSS
>>> from Crypto.Hash import SHA256
>>> from Crypto.PublicKey import DSA
>>>
>>> message = b'I give my permission to order #4355'
>>> key = DSA.importKey(open('privkey.der').read())
>>> h = SHA256.new(message)
>>> signer = DSS.new(key)
>>> signature = signer.sign(h)
