diff options
| -rw-r--r-- | .travis.yml | 2 | ||||
| -rw-r--r-- | docs/fernet.rst | 18 | ||||
| -rw-r--r-- | docs/hazmat/primitives/aead.rst | 6 | ||||
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/ec.rst | 4 | ||||
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/rsa.rst | 6 | ||||
| -rw-r--r-- | docs/hazmat/primitives/cryptographic-hashes.rst | 2 | ||||
| -rw-r--r-- | docs/hazmat/primitives/mac/cmac.rst | 2 | ||||
| -rw-r--r-- | docs/hazmat/primitives/mac/hmac.rst | 2 | ||||
| -rw-r--r-- | docs/hazmat/primitives/padding.rst | 16 | ||||
| -rw-r--r-- | docs/hazmat/primitives/symmetric-encryption.rst | 12 | ||||
| -rw-r--r-- | docs/spelling_wordlist.txt | 1 | ||||
| -rw-r--r-- | docs/x509/reference.rst | 26 | ||||
| -rw-r--r-- | tox.ini | 2 |
13 files changed, 50 insertions, 49 deletions
diff --git a/.travis.yml b/.travis.yml index 87673d7e..ef51e7ba 100644 --- a/.travis.yml +++ b/.travis.yml @@ -37,7 +37,7 @@ matrix: env: TOXENV=py27 OPENSSL=1.1.0h - python: 3.5 env: TOXENV=py35 OPENSSL=1.1.0h - - python: 2.7 + - python: 3.6 env: TOXENV=docs OPENSSL=1.1.0h addons: apt: diff --git a/docs/fernet.rst b/docs/fernet.rst index 2d7d2281..9b95621e 100644 --- a/docs/fernet.rst +++ b/docs/fernet.rst @@ -19,9 +19,9 @@ has support for implementing key rotation via :class:`MultiFernet`. >>> f = Fernet(key) >>> token = f.encrypt(b"my deep dark secret") >>> token - '...' + b'...' >>> f.decrypt(token) - 'my deep dark secret' + b'my deep dark secret' :param bytes key: A URL-safe base64-encoded 32-byte key. This **must** be kept secret. Anyone with this key is able to create and @@ -113,9 +113,9 @@ has support for implementing key rotation via :class:`MultiFernet`. >>> f = MultiFernet([key1, key2]) >>> token = f.encrypt(b"Secret message!") >>> token - '...' + b'...' >>> f.decrypt(token) - 'Secret message!' + b'Secret message!' MultiFernet performs all encryption options using the *first* key in the ``list`` provided. MultiFernet attempts to decrypt tokens with each key in @@ -152,14 +152,14 @@ has support for implementing key rotation via :class:`MultiFernet`. >>> f = MultiFernet([key1, key2]) >>> token = f.encrypt(b"Secret message!") >>> token - '...' + b'...' >>> f.decrypt(token) - 'Secret message!' + b'Secret message!' >>> key3 = Fernet(Fernet.generate_key()) >>> f2 = MultiFernet([key3, key1, key2]) >>> rotated = f2.rotate(token) >>> f2.decrypt(rotated) - 'Secret message!' + b'Secret message!' :param bytes msg: The token to re-encrypt. :returns bytes: A secure message that cannot be read or altered without @@ -205,9 +205,9 @@ password through a key derivation function such as >>> f = Fernet(key) >>> token = f.encrypt(b"Secret message!") >>> token - '...' + b'...' >>> f.decrypt(token) - 'Secret message!' + b'Secret message!' In this scheme, the salt has to be stored in a retrievable location in order to derive the same key from the password in the future. diff --git a/docs/hazmat/primitives/aead.rst b/docs/hazmat/primitives/aead.rst index 7b01f745..ee4214a1 100644 --- a/docs/hazmat/primitives/aead.rst +++ b/docs/hazmat/primitives/aead.rst @@ -34,7 +34,7 @@ also support providing integrity for associated data which is not encrypted. >>> nonce = os.urandom(12) >>> ct = chacha.encrypt(nonce, data, aad) >>> chacha.decrypt(nonce, ct, aad) - 'a secret message' + b'a secret message' .. classmethod:: generate_key() @@ -99,7 +99,7 @@ also support providing integrity for associated data which is not encrypted. >>> nonce = os.urandom(12) >>> ct = aesgcm.encrypt(nonce, data, aad) >>> aesgcm.decrypt(nonce, ct, aad) - 'a secret message' + b'a secret message' .. classmethod:: generate_key(bit_length) @@ -181,7 +181,7 @@ also support providing integrity for associated data which is not encrypted. >>> nonce = os.urandom(13) >>> ct = aesccm.encrypt(nonce, data, aad) >>> aesccm.decrypt(nonce, ct, aad) - 'a secret message' + b'a secret message' .. classmethod:: generate_key(bit_length) diff --git a/docs/hazmat/primitives/asymmetric/ec.rst b/docs/hazmat/primitives/asymmetric/ec.rst index edcfdfcb..bbab2246 100644 --- a/docs/hazmat/primitives/asymmetric/ec.rst +++ b/docs/hazmat/primitives/asymmetric/ec.rst @@ -669,7 +669,7 @@ This sample demonstrates how to generate a private key and serialize it. ... encryption_algorithm=serialization.BestAvailableEncryption(b'testpassword') ... ) >>> serialized_private.splitlines()[0] - '-----BEGIN ENCRYPTED PRIVATE KEY-----' + b'-----BEGIN ENCRYPTED PRIVATE KEY-----' You can also serialize the key without a password, by relying on :class:`~cryptography.hazmat.primitives.serialization.NoEncryption`. @@ -685,7 +685,7 @@ The public key is serialized as follows: ... format=serialization.PublicFormat.SubjectPublicKeyInfo ... ) >>> serialized_public.splitlines()[0] - '-----BEGIN PUBLIC KEY-----' + b'-----BEGIN PUBLIC KEY-----' This is the part that you would normally share with the rest of the world. diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst index 46cc30af..635a4626 100644 --- a/docs/hazmat/primitives/asymmetric/rsa.rst +++ b/docs/hazmat/primitives/asymmetric/rsa.rst @@ -100,7 +100,7 @@ to serialize the key. ... encryption_algorithm=serialization.BestAvailableEncryption(b'mypassword') ... ) >>> pem.splitlines()[0] - '-----BEGIN ENCRYPTED PRIVATE KEY-----' + b'-----BEGIN ENCRYPTED PRIVATE KEY-----' It is also possible to serialize without encryption using :class:`~cryptography.hazmat.primitives.serialization.NoEncryption`. @@ -113,7 +113,7 @@ It is also possible to serialize without encryption using ... encryption_algorithm=serialization.NoEncryption() ... ) >>> pem.splitlines()[0] - '-----BEGIN RSA PRIVATE KEY-----' + b'-----BEGIN RSA PRIVATE KEY-----' For public keys you can use :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey.public_bytes` @@ -128,7 +128,7 @@ to serialize the key. ... format=serialization.PublicFormat.SubjectPublicKeyInfo ... ) >>> pem.splitlines()[0] - '-----BEGIN PUBLIC KEY-----' + b'-----BEGIN PUBLIC KEY-----' Signing ~~~~~~~ diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst index 7e23ce9e..021e433d 100644 --- a/docs/hazmat/primitives/cryptographic-hashes.rst +++ b/docs/hazmat/primitives/cryptographic-hashes.rst @@ -26,7 +26,7 @@ Message digests (Hashing) >>> digest.update(b"abc") >>> digest.update(b"123") >>> digest.finalize() - 'l\xa1=R\xcap\xc8\x83\xe0\xf0\xbb\x10\x1eBZ\x89\xe8bM\xe5\x1d\xb2\xd29%\x93\xafj\x84\x11\x80\x90' + b'l\xa1=R\xcap\xc8\x83\xe0\xf0\xbb\x10\x1eBZ\x89\xe8bM\xe5\x1d\xb2\xd29%\x93\xafj\x84\x11\x80\x90' If the backend doesn't support the requested ``algorithm`` an :class:`~cryptography.exceptions.UnsupportedAlgorithm` exception will be diff --git a/docs/hazmat/primitives/mac/cmac.rst b/docs/hazmat/primitives/mac/cmac.rst index b316e4c3..a5b13caf 100644 --- a/docs/hazmat/primitives/mac/cmac.rst +++ b/docs/hazmat/primitives/mac/cmac.rst @@ -32,7 +32,7 @@ A subset of CMAC with the AES-128 algorithm is described in :rfc:`4493`. >>> c = cmac.CMAC(algorithms.AES(key), backend=default_backend()) >>> c.update(b"message to authenticate") >>> c.finalize() - 'CT\x1d\xc8\x0e\x15\xbe4e\xdb\xb6\x84\xca\xd9Xk' + b'CT\x1d\xc8\x0e\x15\xbe4e\xdb\xb6\x84\xca\xd9Xk' If the backend doesn't support the requested ``algorithm`` an :class:`~cryptography.exceptions.UnsupportedAlgorithm` exception will be diff --git a/docs/hazmat/primitives/mac/hmac.rst b/docs/hazmat/primitives/mac/hmac.rst index a0e2014d..c605e58c 100644 --- a/docs/hazmat/primitives/mac/hmac.rst +++ b/docs/hazmat/primitives/mac/hmac.rst @@ -32,7 +32,7 @@ of a message. >>> h = hmac.HMAC(key, hashes.SHA256(), backend=default_backend()) >>> h.update(b"message to hash") >>> h.finalize() - '#F\xdaI\x8b"e\xc4\xf1\xbb\x9a\x8fc\xff\xf5\xdex.\xbc\xcd/+\x8a\x86\x1d\x84\'\xc3\xa6\x1d\xd8J' + b'#F\xdaI\x8b"e\xc4\xf1\xbb\x9a\x8fc\xff\xf5\xdex.\xbc\xcd/+\x8a\x86\x1d\x84\'\xc3\xa6\x1d\xd8J' If the backend doesn't support the requested ``algorithm`` an :class:`~cryptography.exceptions.UnsupportedAlgorithm` exception will be diff --git a/docs/hazmat/primitives/padding.rst b/docs/hazmat/primitives/padding.rst index e49fc494..245b5547 100644 --- a/docs/hazmat/primitives/padding.rst +++ b/docs/hazmat/primitives/padding.rst @@ -25,16 +25,16 @@ multiple of the block size. >>> padder = padding.PKCS7(128).padder() >>> padded_data = padder.update(b"11111111111111112222222222") >>> padded_data - '1111111111111111' + b'1111111111111111' >>> padded_data += padder.finalize() >>> padded_data - '11111111111111112222222222\x06\x06\x06\x06\x06\x06' + b'11111111111111112222222222\x06\x06\x06\x06\x06\x06' >>> unpadder = padding.PKCS7(128).unpadder() >>> data = unpadder.update(padded_data) >>> data - '1111111111111111' + b'1111111111111111' >>> data + unpadder.finalize() - '11111111111111112222222222' + b'11111111111111112222222222' :param block_size: The size of the block in :term:`bits` that the data is being padded to. @@ -68,16 +68,16 @@ multiple of the block size. >>> padder = padding.ANSIX923(128).padder() >>> padded_data = padder.update(b"11111111111111112222222222") >>> padded_data - '1111111111111111' + b'1111111111111111' >>> padded_data += padder.finalize() >>> padded_data - '11111111111111112222222222\x00\x00\x00\x00\x00\x06' + b'11111111111111112222222222\x00\x00\x00\x00\x00\x06' >>> unpadder = padding.ANSIX923(128).unpadder() >>> data = unpadder.update(padded_data) >>> data - '1111111111111111' + b'1111111111111111' >>> data + unpadder.finalize() - '11111111111111112222222222' + b'11111111111111112222222222' :param block_size: The size of the block in :term:`bits` that the data is being padded to. diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 126a9184..593b880b 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -42,7 +42,7 @@ it fits your needs before implementing anything using this module.** >>> ct = encryptor.update(b"a secret message") + encryptor.finalize() >>> decryptor = cipher.decryptor() >>> decryptor.update(ct) + decryptor.finalize() - 'a secret message' + b'a secret message' :param algorithms: A :class:`~cryptography.hazmat.primitives.ciphers.CipherAlgorithm` @@ -151,7 +151,7 @@ Algorithms >>> ct = encryptor.update(b"a secret message") >>> decryptor = cipher.decryptor() >>> decryptor.update(ct) - 'a secret message' + b'a secret message' .. class:: TripleDES(key) @@ -229,7 +229,7 @@ Weak ciphers >>> ct = encryptor.update(b"a secret message") >>> decryptor = cipher.decryptor() >>> decryptor.update(ct) - 'a secret message' + b'a secret message' .. class:: IDEA(key) @@ -278,7 +278,7 @@ Modes .. doctest:: >>> from cryptography.hazmat.primitives.ciphers.modes import CBC - >>> iv = "a" * 16 + >>> iv = b"a" * 16 >>> mode = CBC(iv) @@ -471,7 +471,7 @@ Modes .. testoutput:: - a secret message! + b'a secret message!' .. class:: XTS(tweak) @@ -594,7 +594,7 @@ Interfaces >>> len_decrypted = decryptor.update_into(ct, buf) >>> # get the plaintext from the buffer reading only the bytes written (len_decrypted) >>> bytes(buf[:len_decrypted]) + decryptor.finalize() - 'a secret message' + b'a secret message' .. method:: finalize() diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt index fb07fd0f..160971d9 100644 --- a/docs/spelling_wordlist.txt +++ b/docs/spelling_wordlist.txt @@ -96,6 +96,7 @@ timestamp tunable Ubuntu unencrypted +unicode unpadded unpadding verifier diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst index 014d1f47..279c4c74 100644 --- a/docs/x509/reference.rst +++ b/docs/x509/reference.rst @@ -271,7 +271,7 @@ X.509 Certificate Object >>> from cryptography.hazmat.primitives import hashes >>> cert.fingerprint(hashes.SHA256()) - '\x86\xd2\x187Gc\xfc\xe7}[+E9\x8d\xb4\x8f\x10\xe5S\xda\x18u\xbe}a\x03\x08[\xac\xa04?' + b'\x86\xd2\x187Gc\xfc\xe7}[+E9\x8d\xb4\x8f\x10\xe5S\xda\x18u\xbe}a\x03\x08[\xac\xa04?' .. attribute:: serial_number @@ -389,8 +389,8 @@ X.509 Certificate Object >>> for ext in cert.extensions: ... print(ext) - <Extension(oid=<ObjectIdentifier(oid=2.5.29.35, name=authorityKeyIdentifier)>, critical=False, value=<AuthorityKeyIdentifier(key_identifier='\xe4}_\xd1\\\x95\x86\x08,\x05\xae\xbeu\xb6e\xa7\xd9]\xa8f', authority_cert_issuer=None, authority_cert_serial_number=None)>)> - <Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectKeyIdentifier)>, critical=False, value=<SubjectKeyIdentifier(digest='X\x01\x84$\x1b\xbc+R\x94J=\xa5\x10r\x14Q\xf5\xaf:\xc9')>)> + <Extension(oid=<ObjectIdentifier(oid=2.5.29.35, name=authorityKeyIdentifier)>, critical=False, value=<AuthorityKeyIdentifier(key_identifier=b'\xe4}_\xd1\\\x95\x86\x08,\x05\xae\xbeu\xb6e\xa7\xd9]\xa8f', authority_cert_issuer=None, authority_cert_serial_number=None)>)> + <Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectKeyIdentifier)>, critical=False, value=<SubjectKeyIdentifier(digest=b'X\x01\x84$\x1b\xbc+R\x94J=\xa5\x10r\x14Q\xf5\xaf:\xc9')>)> <Extension(oid=<ObjectIdentifier(oid=2.5.29.15, name=keyUsage)>, critical=True, value=<KeyUsage(digital_signature=False, content_commitment=False, key_encipherment=False, data_encipherment=False, key_agreement=False, key_cert_sign=True, crl_sign=True, encipher_only=None, decipher_only=None)>)> <Extension(oid=<ObjectIdentifier(oid=2.5.29.32, name=certificatePolicies)>, critical=False, value=<CertificatePolicies([<PolicyInformation(policy_identifier=<ObjectIdentifier(oid=2.16.840.1.101.3.2.1.48.1, name=Unknown OID)>, policy_qualifiers=None)>])>)> <Extension(oid=<ObjectIdentifier(oid=2.5.29.19, name=basicConstraints)>, critical=True, value=<BasicConstraints(ca=True, path_length=None)>)> @@ -461,7 +461,7 @@ X.509 CRL (Certificate Revocation List) Object >>> from cryptography.hazmat.primitives import hashes >>> crl.fingerprint(hashes.SHA256()) - 'e\xcf.\xc4:\x83?1\xdc\xf3\xfc\x95\xd7\xb3\x87\xb3\x8e\xf8\xb93!\x87\x07\x9d\x1b\xb4!\xb9\xe4W\xf4\x1f' + b'e\xcf.\xc4:\x83?1\xdc\xf3\xfc\x95\xd7\xb3\x87\xb3\x8e\xf8\xb93!\x87\x07\x9d\x1b\xb4!\xb9\xe4W\xf4\x1f' .. attribute:: signature_hash_algorithm @@ -501,7 +501,7 @@ X.509 CRL (Certificate Revocation List) Object .. doctest:: >>> crl.issuer - <Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.6, name=countryName)>, value=u'US')>, <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value=u'cryptography.io')>])> + <Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.6, name=countryName)>, value='US')>, <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value='cryptography.io')>])> .. attribute:: next_update @@ -1132,9 +1132,9 @@ X.509 CSR (Certificate Signing Request) Builder Object 3 >>> for attribute in cert.subject: ... print(attribute) - <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.6, name=countryName)>, value=u'US')> - <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.10, name=organizationName)>, value=u'Test Certificates 2011')> - <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value=u'Good CA')> + <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.6, name=countryName)>, value='US')> + <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.10, name=organizationName)>, value='Test Certificates 2011')> + <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value='Good CA')> .. attribute:: rdns @@ -1152,7 +1152,7 @@ X.509 CSR (Certificate Signing Request) Builder Object .. doctest:: >>> cert.subject.get_attributes_for_oid(NameOID.COMMON_NAME) - [<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value=u'Good CA')>] + [<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value='Good CA')>] .. method:: public_bytes(backend) @@ -1759,7 +1759,7 @@ X.509 Extensions >>> from cryptography.hazmat.backends import default_backend >>> issuer_cert = x509.load_pem_x509_certificate(pem_data, default_backend()) >>> x509.AuthorityKeyIdentifier.from_issuer_public_key(issuer_cert.public_key()) - <AuthorityKeyIdentifier(key_identifier='X\x01\x84$\x1b\xbc+R\x94J=\xa5\x10r\x14Q\xf5\xaf:\xc9', authority_cert_issuer=None, authority_cert_serial_number=None)> + <AuthorityKeyIdentifier(key_identifier=b'X\x01\x84$\x1b\xbc+R\x94J=\xa5\x10r\x14Q\xf5\xaf:\xc9', authority_cert_issuer=None, authority_cert_serial_number=None)> .. classmethod:: from_issuer_subject_key_identifier(ski) @@ -1790,7 +1790,7 @@ X.509 Extensions >>> issuer_cert = x509.load_pem_x509_certificate(pem_data, default_backend()) >>> ski = issuer_cert.extensions.get_extension_for_class(x509.SubjectKeyIdentifier) >>> x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(ski) - <AuthorityKeyIdentifier(key_identifier='X\x01\x84$\x1b\xbc+R\x94J=\xa5\x10r\x14Q\xf5\xaf:\xc9', authority_cert_issuer=None, authority_cert_serial_number=None)> + <AuthorityKeyIdentifier(key_identifier=b'X\x01\x84$\x1b\xbc+R\x94J=\xa5\x10r\x14Q\xf5\xaf:\xc9', authority_cert_issuer=None, authority_cert_serial_number=None)> .. class:: SubjectKeyIdentifier(digest) @@ -1837,7 +1837,7 @@ X.509 Extensions >>> from cryptography.hazmat.backends import default_backend >>> csr = x509.load_pem_x509_csr(pem_req_data, default_backend()) >>> x509.SubjectKeyIdentifier.from_public_key(csr.public_key()) - <SubjectKeyIdentifier(digest='\xdb\xaa\xf0\x06\x11\xdbD\xfe\xbf\x93\x03\x8av\x88WP7\xa6\x91\xf7')> + <SubjectKeyIdentifier(digest=b'\xdb\xaa\xf0\x06\x11\xdbD\xfe\xbf\x93\x03\x8av\x88WP7\xa6\x91\xf7')> .. class:: SubjectAlternativeName(general_names) @@ -1877,7 +1877,7 @@ X.509 Extensions >>> ext = cert.extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME) >>> # Get the dNSName entries from the SAN extension >>> ext.value.get_values_for_type(x509.DNSName) - [u'www.cryptography.io', u'cryptography.io'] + ['www.cryptography.io', 'cryptography.io'] .. class:: IssuerAlternativeName(general_names) @@ -39,7 +39,7 @@ commands = extras = docs docstest -basepython = python2.7 +basepython = python3 commands = sphinx-build -j4 -T -W -b html -d {envtmpdir}/doctrees docs docs/_build/html sphinx-build -j4 -T -W -b latex -d {envtmpdir}/doctrees docs docs/_build/latex |