diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-04-03 10:31:54 -0500 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-04-03 10:31:54 -0500 |
commit | cdf3d3be6f9a8a017fb44a646cab51fbd2c6bd23 (patch) | |
tree | 1801b08abc8c437e68967e24643b4edbcb649334 /docs | |
parent | bf2fb811d547558bb5abcd7f1cb524790e25b5b8 (diff) | |
parent | eab0d191269e71af67bf9bb67e5b25999801356f (diff) | |
download | cryptography-cdf3d3be6f9a8a017fb44a646cab51fbd2c6bd23.tar.gz cryptography-cdf3d3be6f9a8a017fb44a646cab51fbd2c6bd23.tar.bz2 cryptography-cdf3d3be6f9a8a017fb44a646cab51fbd2c6bd23.zip |
Merge pull request #1816 from Ayrx/fernet-docs
Attempt to explain MultiFernet better.
Diffstat (limited to 'docs')
-rw-r--r-- | docs/fernet.rst | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/docs/fernet.rst b/docs/fernet.rst index f1a4c748..6ca20db9 100644 --- a/docs/fernet.rst +++ b/docs/fernet.rst @@ -92,8 +92,10 @@ has support for implementing key rotation via :class:`MultiFernet`. >>> f.decrypt(token) 'Secret message!' - Fernet performs all encryption options using the *first* key in the - ``list`` provided. Decryption supports using *any* of constituent keys. + MultiFernet performs all encryption options using the *first* key in the + ``list`` provided. MultiFernet attempts to decrypt tokens with each key in + turn . A :class:`cryptography.fernet.InvalidToken` exception is raised if + the correct key is not found in the ``list`` provided. Key rotation makes it easy to replace old keys. You can add your new key at the front of the list to start encrypting new messages, and remove old keys |