Document what the PEM headers look like in more cases

author: Alex Gaynor <alex.gaynor@gmail.com> 2014-07-10 12:53:00 -0700
committer: Alex Gaynor <alex.gaynor@gmail.com> 2014-07-10 12:53:00 -0700
commit: 9883e4e970cd8ed3bcdb58ee4679fb166fb0c391 (patch)
tree: 52a79147489f9e0ce346bcf5d72963223b58dcb1 /docs/hazmat/primitives
parent: 32989282ff36de4d000afe71484c5711c9619faa (diff)
download: cryptography-9883e4e970cd8ed3bcdb58ee4679fb166fb0c391.tar.gz
cryptography-9883e4e970cd8ed3bcdb58ee4679fb166fb0c391.tar.bz2
cryptography-9883e4e970cd8ed3bcdb58ee4679fb166fb0c391.zip
1 files changed, 12 insertions, 8 deletions
diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst
index 0525ed74..2a70146f 100644
--- a/docs/hazmat/primitives/asymmetric/serialization.rst
+++ b/docs/hazmat/primitives/asymmetric/serialization.rst
@@ -28,9 +28,11 @@ methods.
 PKCS #8 Format
 ~~~~~~~~~~~~~~
 
-PKCS #8 is a serialization format originally standardized by RSA and
-currently maintained by the IETF in :rfc:`5208`. It supports password based
-encryption and additional key metadata attributes.
+PKCS #8 is a serialization format originally standardized by RSA and currently
+maintained by the IETF in :rfc:`5208`. It supports password based encryption
+and additional key metadata attributes. These keys are recognizable because
+they all begin with ``-----BEGIN PRIVATE KEY-----`` or with ``-----BEGIN
+ENCRYPTED PRIVATE KEY-----`` if they have a password.
 
 
 .. function:: load_pkcs8_private_key(data, password, backend)
@@ -44,6 +46,7 @@ encryption and additional key metadata attributes.
 
     :param bytes password: The password to use to decrypt the data. Should
         be ``None`` if the private key is not encrypted.
+
     :param backend: A
         :class:`~cryptography.hazmat.backends.interfaces.PKCS8SerializationBackend`
         provider.
@@ -65,11 +68,11 @@ encryption and additional key metadata attributes.
 Traditional OpenSSL Format
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-The "traditional" PKCS #1 based serialization format used by OpenSSL.
-It supports password based symmetric key encryption. Commonly found in
-OpenSSL based TLS applications. It is usually found in PEM format with a
-header that mentions the type of the serialized key. e.g.
-``-----BEGIN RSA PRIVATE KEY-----``.
+The "traditional" PKCS #1 based serialization format used by OpenSSL. It
+supports password based symmetric key encryption. Commonly found in OpenSSL
+based TLS applications. It is usually found in PEM format with a header that
+mentions the type of the serialized key. e.g. ``-----BEGIN RSA PRIVATE
+KEY-----`` or ``-----BEGIN DSA PRIVATE KEY-----``.
 
 .. function:: load_pem_traditional_openssl_private_key(data, password, backend)
 
@@ -82,6 +85,7 @@ header that mentions the type of the serialized key. e.g.
 
     :param bytes password: The password to use to decrypt the data. Should
         be ``None`` if the private key is not encrypted.
+
     :param backend: A
         :class:`~cryptography.hazmat.backends.interfaces.TraditionalOpenSSLSerializationBackend`
         provider.
author	Alex Gaynor <alex.gaynor@gmail.com>	2014-07-10 12:53:00 -0700
committer	Alex Gaynor <alex.gaynor@gmail.com>	2014-07-10 12:53:00 -0700
commit	9883e4e970cd8ed3bcdb58ee4679fb166fb0c391 (patch)
tree	52a79147489f9e0ce346bcf5d72963223b58dcb1 /docs/hazmat/primitives
parent	32989282ff36de4d000afe71484c5711c9619faa (diff)
download	cryptography-9883e4e970cd8ed3bcdb58ee4679fb166fb0c391.tar.gz cryptography-9883e4e970cd8ed3bcdb58ee4679fb166fb0c391.tar.bz2 cryptography-9883e4e970cd8ed3bcdb58ee4679fb166fb0c391.zip