aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul Kehrer <paul.l.kehrer@gmail.com>2018-12-10 07:18:09 +0800
committerAlex Gaynor <alex.gaynor@gmail.com>2018-12-09 18:18:09 -0500
commitc2d16370f00e42fae13e492c0b1c7b3a83a5e495 (patch)
treee890f2815a1e8066107ff8a8e7ec7f72145df61c
parent31af768dc250b598e0ad5b8b01d18054f3438d7f (diff)
downloadcryptography-c2d16370f00e42fae13e492c0b1c7b3a83a5e495.tar.gz
cryptography-c2d16370f00e42fae13e492c0b1c7b3a83a5e495.tar.bz2
cryptography-c2d16370f00e42fae13e492c0b1c7b3a83a5e495.zip
make the same doc changes to DH as we did for ECDH (#4631)
Diffstat
-rw-r--r--docs/hazmat/primitives/asymmetric/dh.rst56
1 files changed, 50 insertions, 6 deletions
diff --git a/docs/hazmat/primitives/asymmetric/dh.rst b/docs/hazmat/primitives/asymmetric/dh.rst
index 04da3e40..edfe6143 100644
--- a/docs/hazmat/primitives/asymmetric/dh.rst
+++ b/docs/hazmat/primitives/asymmetric/dh.rst
@@ -23,6 +23,56 @@ derivation function. This allows mixing of additional information into the
key, derivation of multiple keys, and destroys any structure that may be
present.
+.. warning::
+
+ This example does not give `forward secrecy`_ and is only provided as a
+ demonstration of the basic Diffie-Hellman construction. For real world
+ applications always use the ephemeral form described after this example.
+
+.. code-block:: pycon
+
+ >>> from cryptography.hazmat.backends import default_backend
+ >>> from cryptography.hazmat.primitives import hashes
+ >>> from cryptography.hazmat.primitives.asymmetric import dh
+ >>> from cryptography.hazmat.primitives.kdf.hkdf import HKDF
+ >>> # Generate some parameters. These can be reused.
+ >>> parameters = dh.generate_parameters(generator=2, key_size=2048,
+ ... backend=default_backend())
+ >>> # Generate a private key for use in the exchange.
+ >>> server_private_key = parameters.generate_private_key()
+ >>> # In a real handshake the peer is a remote client. For this
+ >>> # example we'll generate another local private key though. Note that in
+ >>> # a DH handshake both peers must agree on a common set of parameters.
+ >>> peer_private_key = parameters.generate_private_key()
+ >>> shared_key = server_private_key.exchange(peer_private_key.public_key())
+ >>> # Perform key derivation.
+ >>> derived_key = HKDF(
+ ... algorithm=hashes.SHA256(),
+ ... length=32,
+ ... salt=None,
+ ... info=b'handshake data',
+ ... backend=default_backend()
+ ... ).derive(shared_key)
+ >>> # And now we can demonstrate that the handshake performed in the
+ >>> # opposite direction gives the same final value
+ >>> same_shared_key = peer_private_key.exchange(
+ ... server_private_key.public_key()
+ ... )
+ >>> same_derived_key = HKDF(
+ ... algorithm=hashes.SHA256(),
+ ... length=32,
+ ... salt=None,
+ ... info=b'handshake data',
+ ... backend=default_backend()
+ ... ).derive(same_shared_key)
+ >>> derived_key == same_derived_key
+
+DHE (or EDH), the ephemeral form of this exchange, is **strongly
+preferred** over simple DH and provides `forward secrecy`_ when used. You must
+generate a new private key using :func:`~DHParameters.generate_private_key` for
+each :meth:`~DHPrivateKey.exchange` when performing an DHE key exchange. An
+example of the ephemeral form:
+
.. code-block:: pycon
>>> from cryptography.hazmat.backends import default_backend
@@ -61,12 +111,6 @@ present.
... backend=default_backend()
... ).derive(shared_key_2)
-DHE (or EDH), the ephemeral form of this exchange, is **strongly
-preferred** over simple DH and provides `forward secrecy`_ when used. You must
-generate a new private key using :func:`~DHParameters.generate_private_key` for
-each :meth:`~DHPrivateKey.exchange` when performing an DHE key exchange. This
-is demonstrated in the previous example.
-
To assemble a :class:`~DHParameters` and a :class:`~DHPublicKey` from
primitive integers, you must first create the
:class:`~DHParameterNumbers` and :class:`~DHPublicNumbers` objects. For
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-05 12:16:28 +0000