diff options
Diffstat (limited to 'docs/primitives')
| -rw-r--r-- | docs/primitives/symmetric-encryption.rst | 35 |
1 files changed, 17 insertions, 18 deletions
diff --git a/docs/primitives/symmetric-encryption.rst b/docs/primitives/symmetric-encryption.rst index 39a5a630..d056290e 100644 --- a/docs/primitives/symmetric-encryption.rst +++ b/docs/primitives/symmetric-encryption.rst @@ -4,29 +4,28 @@ Symmetric Encryption Symmetric encryption is a way to encrypt (hide the plaintext value) material where the encrypter and decrypter both use the same key. -Block ciphers -------------- +.. class:: cryptography.primitives.block.BlockCipher(cipher, mode) -Block ciphers work by encrypting content in chunks, often 64- or 128-bits. They -combine an underlying algorithm (such as AES), with a mode (such as CBC, CTR, -or GCM). A simple example of encrypting content with AES is: + Block ciphers work by encrypting content in chunks, often 64- or 128-bits. + Theycombine an underlying algorithm (such as AES), with a mode (such as CBC, + CTR, or GCM). A simple example of encrypting content with AES is: -.. code-block:: pycon + .. code-block:: pycon - >>> from cryptography.primitives.block import BlockCipher, cipher, mode - >>> cipher = BlockCipher(cipher.AES(key), mode.CBC(iv)) - >>> cipher.encrypt("my secret message") + cipher.finalize() - # The ciphertext - [...] + >>> from cryptography.primitives.block import BlockCipher, cipher, mode + >>> cipher = BlockCipher(cipher.AES(key), mode.CBC(iv)) + >>> cipher.encrypt("my secret message") + cipher.finalize() + # The ciphertext + [...] -Here ``key`` is the encryption key (which must be kept secret), and ``iv`` is -the initialization vector (which must be random). Exactly what form these -values should take is described for each of the ciphers and modes. + Here ``key`` is the encryption key (which must be kept secret), and ``iv`` + is the initialization vector (which must be random). Exactly what form + these values should take is described for each of the ciphers and modes. -``encrypt()`` should be called repeatedly with additional plaintext, and it -will return the encrypted bytes, if there isn't enough data, it will buffer it -internally. ``finalize()`` should be called at the end, and will return -whatever data is left. + ``encrypt()`` should be called repeatedly with additional plaintext, and it + will return the encrypted bytes, if there isn't enough data, it will buffer + it internally. ``finalize()`` should be called at the end, and will return + whatever data is left. Ciphers ~~~~~~~ |