diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-10-20 08:47:10 -0500 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-10-20 10:25:47 -0500 |
| commit | 1cd8e7ef3dc7538cc0a0a4d8f38eeb3fd24f1872 (patch) | |
| tree | 8d0293c09c3417cbba2c41ae539f75a45f17c4a2 | |
| parent | 08801cd1bacf08aa4d4a833ff235574f4da15a20 (diff) | |
| download | cryptography-1cd8e7ef3dc7538cc0a0a4d8f38eeb3fd24f1872.tar.gz cryptography-1cd8e7ef3dc7538cc0a0a4d8f38eeb3fd24f1872.tar.bz2 cryptography-1cd8e7ef3dc7538cc0a0a4d8f38eeb3fd24f1872.zip | |
add a little bit about ECDHE
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/ec.rst | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/docs/hazmat/primitives/asymmetric/ec.rst b/docs/hazmat/primitives/asymmetric/ec.rst index e4df9b10..2fac6d71 100644 --- a/docs/hazmat/primitives/asymmetric/ec.rst +++ b/docs/hazmat/primitives/asymmetric/ec.rst @@ -147,6 +147,10 @@ Elliptic Curve Key Exchange algorithm ... ).public_key() >>> shared_key = private_key.exchange(ec.ECDH(), peer_public_key) + ECDHE (or EECDH), the ephemeral form of this exchange, is **strongly + preferred** over simple ECDH and provides `forward secrecy`_ when used. + You must generate a new private key using :func:`generate_private_key` for + each ``exchange`` when performing an ECDHE key exchange. Elliptic Curves --------------- @@ -470,3 +474,4 @@ Key Interfaces .. _`SafeCurves`: http://safecurves.cr.yp.to/ .. _`ECDSA`: https://en.wikipedia.org/wiki/ECDSA .. _`EdDSA`: https://en.wikipedia.org/wiki/EdDSA +.. _`forward secrecy`: https://en.wikipedia.org/wiki/Forward_secrecy |