aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--cryptography/hazmat/primitives/kdf/pbkdf2.py2
-rw-r--r--docs/hazmat/backends/interfaces.rst3
-rw-r--r--docs/hazmat/primitives/index.rst1
-rw-r--r--docs/hazmat/primitives/key-derivation-functions.rst40
4 files changed, 43 insertions, 3 deletions
diff --git a/cryptography/hazmat/primitives/kdf/pbkdf2.py b/cryptography/hazmat/primitives/kdf/pbkdf2.py
index cc01246f..014529b0 100644
--- a/cryptography/hazmat/primitives/kdf/pbkdf2.py
+++ b/cryptography/hazmat/primitives/kdf/pbkdf2.py
@@ -43,4 +43,4 @@ class PBKDF2(object):
def verify(self, key_material, expected_key):
if not constant_time.bytes_eq(key_material, expected_key):
- raise InvalidKey("Signature did not match digest.")
+ raise InvalidKey("Keys do not match.")
diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst
index fa4f800c..14ca6880 100644
--- a/docs/hazmat/backends/interfaces.rst
+++ b/docs/hazmat/backends/interfaces.rst
@@ -159,7 +159,7 @@ A specific ``backend`` may provide one or more of these interfaces.
:param int length: The desired length of the derived key. Maximum is
2\ :sup:`31` - 1.
- :param bytes salt: A salt. `RFC 2898`_ recommends 64-bits or longer.
+ :param bytes salt: A salt.
:param int iterations: The number of iterations to perform of the hash
function.
@@ -169,4 +169,3 @@ A specific ``backend`` may provide one or more of these interfaces.
:return bytes: Derived key.
-.. _`RFC 2898`: https://www.ietf.org/rfc/rfc2898.txt
diff --git a/docs/hazmat/primitives/index.rst b/docs/hazmat/primitives/index.rst
index b115fdbc..2a29bd8f 100644
--- a/docs/hazmat/primitives/index.rst
+++ b/docs/hazmat/primitives/index.rst
@@ -9,6 +9,7 @@ Primitives
cryptographic-hashes
hmac
symmetric-encryption
+ key-derivation-functions
padding
constant-time
interfaces
diff --git a/docs/hazmat/primitives/key-derivation-functions.rst b/docs/hazmat/primitives/key-derivation-functions.rst
new file mode 100644
index 00000000..af2d910f
--- /dev/null
+++ b/docs/hazmat/primitives/key-derivation-functions.rst
@@ -0,0 +1,40 @@
+.. hazmat::
+
+Key Derivation Functions
+========================
+
+.. currentmodule:: cryptography.hazmat.primitives.kdf
+
+Key derivation functions derive key material from information such as passwords
+using a pseudo-random function (PRF).
+
+.. class:: PBKDF2(algorithm, length, salt, iterations, backend):
+
+ .. doctest::
+
+ >>> from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2
+ >>> from cryptography.hazmat.backends import default_backend
+ >>> backend = default_backend()
+ >>> salt = os.urandom(16)
+ >>> # derive
+ >>> kdf = PBKDF2(hashes.SHA1(), 20, salt, 10000, backend)
+ >>> key = kdf.derive(b"my great password")
+ >>> # verify
+ >>> kdf = PBKDF2(hashes.SHA1(), 20, salt, 10000, backend)
+ >>> kdf.verify(b"my great password", key)
+ None
+
+ :param algorithm: An instance of a
+ :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
+ provider.
+
+ :param int length: The desired length of the derived key. Maximum is
+ 2\ :sup:`31` - 1.
+
+ :param bytes salt: A salt. `NIST SP 800-132`_ recommends 128-bits or
+ longer.
+
+ :param int iterations: The number of iterations to perform of the hash
+ function.
+
+.. _`NIST SP 800-132`: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-05 03:55:10 +0000