diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-12-10 07:18:09 +0800 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-12-09 18:18:09 -0500 |
| commit | c2d16370f00e42fae13e492c0b1c7b3a83a5e495 (patch) | |
| tree | e890f2815a1e8066107ff8a8e7ec7f72145df61c /docs/hazmat | |
| parent | 31af768dc250b598e0ad5b8b01d18054f3438d7f (diff) | |
| download | cryptography-c2d16370f00e42fae13e492c0b1c7b3a83a5e495.tar.gz cryptography-c2d16370f00e42fae13e492c0b1c7b3a83a5e495.tar.bz2 cryptography-c2d16370f00e42fae13e492c0b1c7b3a83a5e495.zip | |
make the same doc changes to DH as we did for ECDH (#4631)
Diffstat (limited to 'docs/hazmat')
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/dh.rst | 56 |
1 files changed, 50 insertions, 6 deletions
diff --git a/docs/hazmat/primitives/asymmetric/dh.rst b/docs/hazmat/primitives/asymmetric/dh.rst index 04da3e40..edfe6143 100644 --- a/docs/hazmat/primitives/asymmetric/dh.rst +++ b/docs/hazmat/primitives/asymmetric/dh.rst @@ -23,6 +23,56 @@ derivation function. This allows mixing of additional information into the key, derivation of multiple keys, and destroys any structure that may be present. +.. warning:: + + This example does not give `forward secrecy`_ and is only provided as a + demonstration of the basic Diffie-Hellman construction. For real world + applications always use the ephemeral form described after this example. + +.. code-block:: pycon + + >>> from cryptography.hazmat.backends import default_backend + >>> from cryptography.hazmat.primitives import hashes + >>> from cryptography.hazmat.primitives.asymmetric import dh + >>> from cryptography.hazmat.primitives.kdf.hkdf import HKDF + >>> # Generate some parameters. These can be reused. + >>> parameters = dh.generate_parameters(generator=2, key_size=2048, + ... backend=default_backend()) + >>> # Generate a private key for use in the exchange. + >>> server_private_key = parameters.generate_private_key() + >>> # In a real handshake the peer is a remote client. For this + >>> # example we'll generate another local private key though. Note that in + >>> # a DH handshake both peers must agree on a common set of parameters. + >>> peer_private_key = parameters.generate_private_key() + >>> shared_key = server_private_key.exchange(peer_private_key.public_key()) + >>> # Perform key derivation. + >>> derived_key = HKDF( + ... algorithm=hashes.SHA256(), + ... length=32, + ... salt=None, + ... info=b'handshake data', + ... backend=default_backend() + ... ).derive(shared_key) + >>> # And now we can demonstrate that the handshake performed in the + >>> # opposite direction gives the same final value + >>> same_shared_key = peer_private_key.exchange( + ... server_private_key.public_key() + ... ) + >>> same_derived_key = HKDF( + ... algorithm=hashes.SHA256(), + ... length=32, + ... salt=None, + ... info=b'handshake data', + ... backend=default_backend() + ... ).derive(same_shared_key) + >>> derived_key == same_derived_key + +DHE (or EDH), the ephemeral form of this exchange, is **strongly +preferred** over simple DH and provides `forward secrecy`_ when used. You must +generate a new private key using :func:`~DHParameters.generate_private_key` for +each :meth:`~DHPrivateKey.exchange` when performing an DHE key exchange. An +example of the ephemeral form: + .. code-block:: pycon >>> from cryptography.hazmat.backends import default_backend @@ -61,12 +111,6 @@ present. ... backend=default_backend() ... ).derive(shared_key_2) -DHE (or EDH), the ephemeral form of this exchange, is **strongly -preferred** over simple DH and provides `forward secrecy`_ when used. You must -generate a new private key using :func:`~DHParameters.generate_private_key` for -each :meth:`~DHPrivateKey.exchange` when performing an DHE key exchange. This -is demonstrated in the previous example. - To assemble a :class:`~DHParameters` and a :class:`~DHPublicKey` from primitive integers, you must first create the :class:`~DHParameterNumbers` and :class:`~DHPublicNumbers` objects. For |