diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-07-11 08:09:07 -0500 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-07-11 08:09:07 -0500 |
| commit | 0456925526aad57e4717ec9f7cda5bb013c1b72b (patch) | |
| tree | 102946db001b9ac8c476ae3e12806ae0e0cf454a | |
| parent | 3be364eb24dc31c0a90019f71edc72f9babebb98 (diff) | |
| parent | 192f1f714d2b35b9b38916aebf6132ad58e076da (diff) | |
| download | cryptography-0456925526aad57e4717ec9f7cda5bb013c1b72b.tar.gz cryptography-0456925526aad57e4717ec9f7cda5bb013c1b72b.tar.bz2 cryptography-0456925526aad57e4717ec9f7cda5bb013c1b72b.zip | |
Merge pull request #1251 from alex/document-header
Document what the PEM headers look like in more cases
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/serialization.rst | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index 0525ed74..739bfb88 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -28,9 +28,11 @@ methods. PKCS #8 Format ~~~~~~~~~~~~~~ -PKCS #8 is a serialization format originally standardized by RSA and -currently maintained by the IETF in :rfc:`5208`. It supports password based -encryption and additional key metadata attributes. +PKCS #8 is a serialization format originally standardized by RSA and currently +maintained by the IETF in :rfc:`5208` and :rfc:`5958`. It supports password +based encryption and additional key metadata attributes. These keys are +recognizable because they all begin with ``-----BEGIN PRIVATE KEY-----`` or +with ``-----BEGIN ENCRYPTED PRIVATE KEY-----`` if they have a password. .. function:: load_pkcs8_private_key(data, password, backend) @@ -44,6 +46,7 @@ encryption and additional key metadata attributes. :param bytes password: The password to use to decrypt the data. Should be ``None`` if the private key is not encrypted. + :param backend: A :class:`~cryptography.hazmat.backends.interfaces.PKCS8SerializationBackend` provider. @@ -65,11 +68,11 @@ encryption and additional key metadata attributes. Traditional OpenSSL Format ~~~~~~~~~~~~~~~~~~~~~~~~~~ -The "traditional" PKCS #1 based serialization format used by OpenSSL. -It supports password based symmetric key encryption. Commonly found in -OpenSSL based TLS applications. It is usually found in PEM format with a -header that mentions the type of the serialized key. e.g. -``-----BEGIN RSA PRIVATE KEY-----``. +The "traditional" PKCS #1 based serialization format used by OpenSSL. It +supports password based symmetric key encryption. Commonly found in OpenSSL +based TLS applications. It is usually found in PEM format with a header that +mentions the type of the serialized key. e.g. ``-----BEGIN RSA PRIVATE +KEY-----`` or ``-----BEGIN DSA PRIVATE KEY-----``. .. function:: load_pem_traditional_openssl_private_key(data, password, backend) @@ -82,6 +85,7 @@ header that mentions the type of the serialized key. e.g. :param bytes password: The password to use to decrypt the data. Should be ``None`` if the private key is not encrypted. + :param backend: A :class:`~cryptography.hazmat.backends.interfaces.TraditionalOpenSSLSerializationBackend` provider. |