Merge branch 'master' into static-linking-osx

1 files changed, 24 insertions, 22 deletions

diff --git a/docs/fernet.rst b/docs/fernet.rst
index a066ae63..a2bab32a 100644
--- a/docs/fernet.rst
+++ b/docs/fernet.rst
@@ -115,28 +115,30 @@ password through a key derivation function such as
 :class:`~cryptography.hazmat.primitives.kdf.pbkdf2.PBKDF2HMAC`, bcrypt or
 scrypt.
 
-.. code-block:: python
-
-    import base64
-    import os
-
-    from cryptography.fernet import Fernet
-    from cryptography.hazmat.backends import default_backend
-    from cryptography.hazmat.primitives import hashes
-    from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
-
-    password = b"password"
-    salt = os.urandom(16)
-
-    kdf = PBKDF2HMAC(
-        algorithm=hashes.SHA256(),
-        length=32,
-        salt=salt,
-        iterations=100000,
-        backend=default_backend
-    )
-    key = base64.urlsafe_b64encode(kdf.derive(password))
-    f = Fernet(key)
+.. doctest::
+
+    >>> import base64
+    >>> import os
+    >>> from cryptography.fernet import Fernet
+    >>> from cryptography.hazmat.backends import default_backend
+    >>> from cryptography.hazmat.primitives import hashes
+    >>> from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
+    >>> password = b"password"
+    >>> salt = os.urandom(16)
+    >>> kdf = PBKDF2HMAC(
+    ...     algorithm=hashes.SHA256(),
+    ...     length=32,
+    ...     salt=salt,
+    ...     iterations=100000,
+    ...     backend=default_backend()
+    ... )
+    >>> key = base64.urlsafe_b64encode(kdf.derive(password))
+    >>> f = Fernet(key)
+    >>> token = f.encrypt(b"Secret message!")
+    >>> token
+    '...'
+    >>> f.decrypt(token)
+    'Secret message!'
 
 In this scheme, the salt has to be stored in a retrievable location in order
 to derive the same key from the password in the future.