Merge pull request #1576 from alex/openssh-elliptic-curve

Fixes #1533 -- Initial work at parsing ECDSA public keys in OpenSSH format

1 files changed, 10 insertions, 7 deletions

diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst
index c184cdf2..1456b0dc 100644
--- a/docs/hazmat/primitives/asymmetric/serialization.rst
+++ b/docs/hazmat/primitives/asymmetric/serialization.rst
@@ -119,9 +119,6 @@ OpenSSH Public Key
 
 The format used by OpenSSH to store public keys, as specified in :rfc:`4253`.
 
-Currently, only RSA and DSA public keys are supported. Any other type of key
-will result in an exception being thrown.
-
 An example RSA key in OpenSSH format (line breaks added for formatting
 purposes)::
 
@@ -134,7 +131,8 @@ purposes)::
     2MzHvnbv testkey@localhost
 
 DSA keys look almost identical but begin with ``ssh-dss`` rather than
-``ssh-rsa``.
+``ssh-rsa``. ECDSA keys have a slightly different format, they begin with
+``ecdsa-sha2-{curve}``.
 
 .. function:: load_ssh_public_key(data, backend)
 
@@ -143,12 +141,17 @@ DSA keys look almost identical but begin with ``ssh-dss`` rather than
     Deserialize a public key from OpenSSH (:rfc:`4253`) encoded data to an
     instance of the public key type for the specified backend.
 
+    .. note::
+
+        Currently Ed25519 keys are not supported.
+
     :param bytes data: The OpenSSH encoded key data.
 
     :param backend: A backend providing
-        :class:`~cryptography.hazmat.backends.interfaces.RSABackend` or
-        :class:`~cryptography.hazmat.backends.interfaces.DSABackend` depending
-        on key type.
+        :class:`~cryptography.hazmat.backends.interfaces.RSABackend`,
+        :class:`~cryptography.hazmat.backends.interfaces.DSABackend`, or
+        :class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend`
+        depending on the key's type.
 
     :returns: A new instance of a public key type.