This patch does a few things to simplify the public key classes
(RSA, DSA and ElGamal):
* It removes the Crypto.PublicKey.pubkey module. The 3 classes
do not have an ancestor anymore.
* Methods sign(), verify(), encrypt(), and decrypt() are removed.
* Methods blind() and unblind() are removed.
* Methods can_sign() and can_encrypt() are removed.
* The 3 classes cannot be pickled anymore.
Until now, the verify() method of a Crypto.Signature object returns
False if a signature is not authentic.
With this change set, verify() now raises a ValueError exception.
The return value of verify() must not be checked anymore.
NOTE: this change sets breaks compatibility with PyCrypto
The digest AlgorithmIdentifier has optional (NULL) parameters; the
verification function should not reject a signature if they are omitted.
With this fix, either case is acceptable (parameters present with value NULL
or not present).
As an exception, signatures based on old MD2/MD5 must always have NULL
parameters.
See Appendix B.1 of RFC 3447 and Section 2.1 of RFC 4055.
Closes: https://bugs.launchpad.net/pycrypto/+bug/1119552
[dlitz: Rebased and updated to use refactored asn1 API, text OIDs, & to fix Python 2.1.]
The patch contains the following changes:
- Private RSA keys can be imported/exported in encrypted form,
protected according to PKCS#8 and:
* PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC.
* PBKDF2WithHMAC-SHA1AndAES128-CBC
* PBKDF2WithHMAC-SHA1AndAES192-CBC
* PBKDF2WithHMAC-SHA1AndAES256-CBC
In addition to that, it is possible to import keys i the
following weak formats:
* pbeWithMD5AndDES-CBC
* pbeWithSHA1AndRC2-CBC
* pbeWithMD5AndRC2-CBC
* pbeWithSHA1AndDES-CBC
- The following new module (and 1 new package) are added:
* Crypto.Util.Padding for simple padding/unpadding logic
* Crypto.IO._PBES for PBE-related PKCS#5 logic
* Crypto.IO.PEM for PEM wrapping/unwrapping
* Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping
- All Object ID (OIDs) are now in dotted form to increase
readability.
- Add AES support to PEM format (decode only).
The PEM module can decrypt messages protected with AES-CBC.
- Update RSA import test cases.
- Updated to PKCS8 test cases
In PyCrypto v2.5, the "oid" attribute was added to hash objects. In
retrospect, this was not a good idea, since the OID is not really a
property of the hash algorithm, it's a protocol-specific identifer for
the hash functions. PKCS#1 v1.5 uses it, but other protocols (e.g.
OpenPGP, DNSSEC, SSH, etc.) use different identifiers, and it doesn't make
sense to add these to Crypto.Hash.* every time a new algorithm is added.
This also has the benefit of being compatible with the Python standard
library's "hashlib" objects, which also have a name attribute.
Objects used by PKCS#1 modules were treated as private,
and therefore ignored by epydoc.
Replaced SHA module with None as PBKDF1 default parameter value, because it was
not displayed nicely by epydoc. Default value is assigned in the body.
