diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/hazmat/backends/openssl.rst | 6 | ||||
| -rw-r--r-- | docs/hazmat/primitives/padding.rst | 18 | ||||
| -rw-r--r-- | docs/hazmat/primitives/rsa.rst | 26 |
3 files changed, 37 insertions, 13 deletions
diff --git a/docs/hazmat/backends/openssl.rst b/docs/hazmat/backends/openssl.rst index e3880875..d6351c9c 100644 --- a/docs/hazmat/backends/openssl.rst +++ b/docs/hazmat/backends/openssl.rst @@ -62,7 +62,9 @@ OS Random Sources On OS X and FreeBSD ``/dev/urandom`` is an alias for ``/dev/random`` and utilizes the `Yarrow`_ algorithm. -On Windows ``CryptGenRandom`` is backed by `Fortuna`_. +On Windows the implementation of ``CryptGenRandom`` depends on which version of +the operation system you are using. See the `Microsoft documentation`_ for more +details. Linux uses its own PRNG design. ``/dev/urandom`` is a non-blocking source seeded from the same pool as ``/dev/random``. @@ -71,4 +73,4 @@ from the same pool as ``/dev/random``. .. _`OpenSSL`: https://www.openssl.org/ .. _`initializing the RNG`: http://en.wikipedia.org/wiki/OpenSSL#Vulnerability_in_the_Debian_implementation .. _`Yarrow`: http://en.wikipedia.org/wiki/Yarrow_algorithm -.. _`Fortuna`: http://en.wikipedia.org/wiki/Fortuna_(PRNG) +.. _`Microsoft documentation`: http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942(v=vs.85).aspx diff --git a/docs/hazmat/primitives/padding.rst b/docs/hazmat/primitives/padding.rst index da5a95dd..83154c0d 100644 --- a/docs/hazmat/primitives/padding.rst +++ b/docs/hazmat/primitives/padding.rst @@ -23,16 +23,18 @@ multiple of the block size. >>> from cryptography.hazmat.primitives import padding >>> padder = padding.PKCS7(128).padder() - >>> padder.update(b"1111111111") - '' - >>> padded_data = padder.finalize() + >>> padded_data = padder.update(b"11111111111111112222222222") >>> padded_data - '1111111111\x06\x06\x06\x06\x06\x06' + '1111111111111111' + >>> padded_data += padder.finalize() + >>> padded_data + '11111111111111112222222222\x06\x06\x06\x06\x06\x06' >>> unpadder = padding.PKCS7(128).unpadder() - >>> unpadder.update(padded_data) - '' - >>> unpadder.finalize() - '1111111111' + >>> data = unpadder.update(padded_data) + >>> data + '1111111111111111' + >>> data + unpadder.finalize() + '11111111111111112222222222' :param block_size: The size of the block in bits that the data is being padded to. diff --git a/docs/hazmat/primitives/rsa.rst b/docs/hazmat/primitives/rsa.rst index 7c6356c1..a19ada33 100644 --- a/docs/hazmat/primitives/rsa.rst +++ b/docs/hazmat/primitives/rsa.rst @@ -13,9 +13,10 @@ RSA An RSA private key is required for decryption and signing of messages. - Normally you do not need to directly construct private keys because you'll - be loading them from a file or generating them automatically. - + You should use + :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey.generate` + to generate new keys. + .. warning:: This method only checks a limited set of properties of its arguments. Using an RSA that you do not trust or with incorrect parameters may @@ -23,6 +24,7 @@ RSA recommend that you only ever load private keys that were generated with software you trust. + This class conforms to the :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey` interface. @@ -33,6 +35,22 @@ RSA `private_exponent`, `public_exponent` or `modulus` do not match the bounds specified in `RFC 3447`_. + .. classmethod:: generate(public_exponent, key_size, backend) + + Generate a new ``RSAPrivateKey`` instance using ``backend``. + + :param int public_exponent: The public exponent of the new key. + Usually one of the small Fermat primes 3, 5, 17, 257, 65537. If in + doubt you should `use 65537`_. + :param int key_size: The length of the modulus in bits. For keys + generated in 2014 this should be `at least 2048`_. (See page 41.) + Must be at least 512. Some backends may have additional + limitations. + :param backend: A + :class:`~cryptography.hazmat.backends.interfaces.RSABackend` + provider. + :return: A new instance of ``RSAPrivateKey``. + .. class:: RSAPublicKey(public_exponent, modulus) .. versionadded:: 0.2 @@ -56,3 +74,5 @@ RSA .. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem) .. _`public-key`: https://en.wikipedia.org/wiki/Public-key_cryptography .. _`RFC 3447`: https://tools.ietf.org/html/rfc3447 +.. _`use 65537`: http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html +.. _`at least 2048`: http://www.ecrypt.eu.org/documents/D.SPA.20.pdf |