Merge pull request #833 from reaperhulk/rsa-pss-signing

RSA PSS Signing
author: Alex Gaynor <alex.gaynor@gmail.com> 2014-03-21 13:47:27 -0700
committer: Alex Gaynor <alex.gaynor@gmail.com> 2014-03-21 13:47:27 -0700
commit: 0476a96972f76b18651a1cbac3d4d9ee0235c2ab (patch)
tree: e7c667ceaf62be79ea3151c58ecd34f250fd1470 /docs
parent: 58467ce5e5a78bea2be15a5a96dc8c816d1733b8 (diff)
parent: b8666f76d91b42cd88eb5601ce40482c72d036e4 (diff)
download: cryptography-0476a96972f76b18651a1cbac3d4d9ee0235c2ab.tar.gz
cryptography-0476a96972f76b18651a1cbac3d4d9ee0235c2ab.tar.bz2
cryptography-0476a96972f76b18651a1cbac3d4d9ee0235c2ab.zip
1 files changed, 64 insertions, 3 deletions
diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst
index 03a7caed..57c8eec2 100644
--- a/docs/hazmat/primitives/asymmetric/rsa.rst
+++ b/docs/hazmat/primitives/asymmetric/rsa.rst
@@ -72,7 +72,12 @@ RSA
             ...     backend=default_backend()
             ... )
             >>> signer = private_key.signer(
-            ...     padding.PKCS1v15(),
+            ...     padding.PSS(
+            ...         mgf=padding.MGF1(
+            ...             algorithm=hashes.SHA256(),
+            ...             salt_length=padding.MGF1.MAX_LENGTH
+            ...         )
+            ...     ),
             ...     hashes.SHA256(),
             ...     default_backend()
             ... )
@@ -99,6 +104,25 @@ RSA
             the provided ``backend`` does not implement
             :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
 
+        :raises TypeError: This is raised when the padding is not an
+            :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
+            provider.
+
+        :raises ValueError: This is raised when the chosen hash algorithm is
+            too large for the key size.
+
+        :raises UnsupportedHash: This is raised when the backend does not
+            support the chosen hash algorithm. If the padding is
+            :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`
+            with the
+            :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1`
+            mask generation function it may also refer to the `MGF1` hash
+            algorithm.
+
+        :raises UnsupportedPadding: This is raised when the backend does not
+            support the chosen padding.
+
+
 .. class:: RSAPublicKey(public_exponent, modulus)
 
     .. versionadded:: 0.2
@@ -136,12 +160,31 @@ RSA
             ...     key_size=2048,
             ...     backend=default_backend()
             ... )
-            >>> signer = private_key.signer(padding.PKCS1v15(), hashes.SHA256(), default_backend())
+            >>> signer = private_key.signer(
+            ...     padding.PSS(
+            ...         mgf=padding.MGF1(
+            ...             algorithm=hashes.SHA256(),
+            ...             salt_length=padding.MGF1.MAX_LENGTH
+            ...         )
+            ...     ),
+            ...     hashes.SHA256(),
+            ...     default_backend()
+            ... )
             >>> data= b"this is some data I'd like to sign"
             >>> signer.update(data)
             >>> signature = signer.finalize()
             >>> public_key = private_key.public_key()
-            >>> verifier = public_key.verifier(signature, padding.PKCS1v15(), hashes.SHA256(), default_backend())
+            >>> verifier = public_key.verifier(
+            ...     signature,
+            ...     padding.PSS(
+            ...         mgf=padding.MGF1(
+            ...             algorithm=hashes.SHA256(),
+            ...             salt_length=padding.MGF1.MAX_LENGTH
+            ...         )
+            ...     ),
+            ...     hashes.SHA256(),
+            ...     default_backend()
+            ... )
             >>> verifier.update(data)
             >>> verifier.verify()
 
@@ -166,6 +209,24 @@ RSA
             the provided ``backend`` does not implement
             :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
 
+        :raises TypeError: This is raised when the padding is not an
+            :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
+            provider.
+
+        :raises ValueError: This is raised when the chosen hash algorithm is
+            too large for the key size.
+
+        :raises UnsupportedHash: This is raised when the backend does not
+            support the chosen hash algorithm. If the padding is
+            :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`
+            with the
+            :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1`
+            mask generation function it may also refer to the `MGF1` hash
+            algorithm.
+
+        :raises UnsupportedPadding: This is raised when the backend does not
+            support the chosen padding.
+
 .. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
 .. _`public-key`: https://en.wikipedia.org/wiki/Public-key_cryptography
 .. _`use 65537`: http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html
author	Alex Gaynor <alex.gaynor@gmail.com>	2014-03-21 13:47:27 -0700
committer	Alex Gaynor <alex.gaynor@gmail.com>	2014-03-21 13:47:27 -0700
commit	0476a96972f76b18651a1cbac3d4d9ee0235c2ab (patch)
tree	e7c667ceaf62be79ea3151c58ecd34f250fd1470 /docs
parent	58467ce5e5a78bea2be15a5a96dc8c816d1733b8 (diff)
parent	b8666f76d91b42cd88eb5601ce40482c72d036e4 (diff)
download	cryptography-0476a96972f76b18651a1cbac3d4d9ee0235c2ab.tar.gz cryptography-0476a96972f76b18651a1cbac3d4d9ee0235c2ab.tar.bz2 cryptography-0476a96972f76b18651a1cbac3d4d9ee0235c2ab.zip