From b32b491a9d976165a1b8ca8565a272ce46fc2730 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Thu, 23 Jan 2014 16:24:13 -0600
Subject: DOcument the primitives used in Fernet

---
 docs/fernet.rst | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'docs')

diff --git a/docs/fernet.rst b/docs/fernet.rst
index 13295c0c..b0215e32 100644
--- a/docs/fernet.rst
+++ b/docs/fernet.rst
@@ -72,5 +72,22 @@ symmetric (also known as "secret key") authenticated cryptography.
 
     See :meth:`Fernet.decrypt` for more information.
 
+Implementation
+--------------
+
+Fernet is built on top of a number of standard cryptographic primitives.
+Specifically it uses:
+
+* :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES` in
+  :class:`~cryptography.hazmat.primitives.ciphers.modes.CBC` mode with a
+  128-bit key for encryption; using
+  :class:`~cryptography.hazmat.primitives.ciphers.PKCS7` padding.
+* :class:`~cryptography.hazmat.primitives.hmac.HMAC` using
+  :class:`~cryptography.hazmat.primitives.hashes.SHA256` for authentication.
+* Initialization vectors are generated using ``os.urandom()``.
+
+For complete details consult the `specification`_.
+
 
 .. _`Fernet`: https://github.com/fernet/spec/
+.. _`specification`: https://github.com/fernet/spec/blob/master/Spec.md
-- 
cgit v1.2.3