diff options
| author | Hynek Schlawack <hs@ox.cx> | 2015-10-21 17:41:39 +0200 |
|---|---|---|
| committer | Hynek Schlawack <hs@ox.cx> | 2015-10-21 17:41:39 +0200 |
| commit | 41cfb0d634fac246cd7634913c36598f5247b559 (patch) | |
| tree | fd8541bcc0d00cb474c7b91d9b73d8969ace2cb3 | |
| parent | d5022a85b1149d5d9ac05abe926af474bb346ff8 (diff) | |
| parent | 1cd8e7ef3dc7538cc0a0a4d8f38eeb3fd24f1872 (diff) | |
| download | cryptography-41cfb0d634fac246cd7634913c36598f5247b559.tar.gz cryptography-41cfb0d634fac246cd7634913c36598f5247b559.tar.bz2 cryptography-41cfb0d634fac246cd7634913c36598f5247b559.zip | |
Merge pull request #2437 from reaperhulk/ecdhe-docs
add a little bit to the docs about ECDHE
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/ec.rst | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/docs/hazmat/primitives/asymmetric/ec.rst b/docs/hazmat/primitives/asymmetric/ec.rst index e4df9b10..2fac6d71 100644 --- a/docs/hazmat/primitives/asymmetric/ec.rst +++ b/docs/hazmat/primitives/asymmetric/ec.rst @@ -147,6 +147,10 @@ Elliptic Curve Key Exchange algorithm ... ).public_key() >>> shared_key = private_key.exchange(ec.ECDH(), peer_public_key) + ECDHE (or EECDH), the ephemeral form of this exchange, is **strongly + preferred** over simple ECDH and provides `forward secrecy`_ when used. + You must generate a new private key using :func:`generate_private_key` for + each ``exchange`` when performing an ECDHE key exchange. Elliptic Curves --------------- @@ -470,3 +474,4 @@ Key Interfaces .. _`SafeCurves`: http://safecurves.cr.yp.to/ .. _`ECDSA`: https://en.wikipedia.org/wiki/ECDSA .. _`EdDSA`: https://en.wikipedia.org/wiki/EdDSA +.. _`forward secrecy`: https://en.wikipedia.org/wiki/Forward_secrecy |