aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.travis.yml2
-rw-r--r--docs/fernet.rst18
-rw-r--r--docs/hazmat/primitives/aead.rst6
-rw-r--r--docs/hazmat/primitives/asymmetric/ec.rst4
-rw-r--r--docs/hazmat/primitives/asymmetric/rsa.rst6
-rw-r--r--docs/hazmat/primitives/cryptographic-hashes.rst2
-rw-r--r--docs/hazmat/primitives/mac/cmac.rst2
-rw-r--r--docs/hazmat/primitives/mac/hmac.rst2
-rw-r--r--docs/hazmat/primitives/padding.rst16
-rw-r--r--docs/hazmat/primitives/symmetric-encryption.rst12
-rw-r--r--docs/spelling_wordlist.txt1
-rw-r--r--docs/x509/reference.rst26
-rw-r--r--tox.ini2
13 files changed, 50 insertions, 49 deletions
diff --git a/.travis.yml b/.travis.yml
index 87673d7e..ef51e7ba 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -37,7 +37,7 @@ matrix:
env: TOXENV=py27 OPENSSL=1.1.0h
- python: 3.5
env: TOXENV=py35 OPENSSL=1.1.0h
- - python: 2.7
+ - python: 3.6
env: TOXENV=docs OPENSSL=1.1.0h
addons:
apt:
diff --git a/docs/fernet.rst b/docs/fernet.rst
index 2d7d2281..9b95621e 100644
--- a/docs/fernet.rst
+++ b/docs/fernet.rst
@@ -19,9 +19,9 @@ has support for implementing key rotation via :class:`MultiFernet`.
>>> f = Fernet(key)
>>> token = f.encrypt(b"my deep dark secret")
>>> token
- '...'
+ b'...'
>>> f.decrypt(token)
- 'my deep dark secret'
+ b'my deep dark secret'
:param bytes key: A URL-safe base64-encoded 32-byte key. This **must** be
kept secret. Anyone with this key is able to create and
@@ -113,9 +113,9 @@ has support for implementing key rotation via :class:`MultiFernet`.
>>> f = MultiFernet([key1, key2])
>>> token = f.encrypt(b"Secret message!")
>>> token
- '...'
+ b'...'
>>> f.decrypt(token)
- 'Secret message!'
+ b'Secret message!'
MultiFernet performs all encryption options using the *first* key in the
``list`` provided. MultiFernet attempts to decrypt tokens with each key in
@@ -152,14 +152,14 @@ has support for implementing key rotation via :class:`MultiFernet`.
>>> f = MultiFernet([key1, key2])
>>> token = f.encrypt(b"Secret message!")
>>> token
- '...'
+ b'...'
>>> f.decrypt(token)
- 'Secret message!'
+ b'Secret message!'
>>> key3 = Fernet(Fernet.generate_key())
>>> f2 = MultiFernet([key3, key1, key2])
>>> rotated = f2.rotate(token)
>>> f2.decrypt(rotated)
- 'Secret message!'
+ b'Secret message!'
:param bytes msg: The token to re-encrypt.
:returns bytes: A secure message that cannot be read or altered without
@@ -205,9 +205,9 @@ password through a key derivation function such as
>>> f = Fernet(key)
>>> token = f.encrypt(b"Secret message!")
>>> token
- '...'
+ b'...'
>>> f.decrypt(token)
- 'Secret message!'
+ b'Secret message!'
In this scheme, the salt has to be stored in a retrievable location in order
to derive the same key from the password in the future.
diff --git a/docs/hazmat/primitives/aead.rst b/docs/hazmat/primitives/aead.rst
index 7b01f745..ee4214a1 100644
--- a/docs/hazmat/primitives/aead.rst
+++ b/docs/hazmat/primitives/aead.rst
@@ -34,7 +34,7 @@ also support providing integrity for associated data which is not encrypted.
>>> nonce = os.urandom(12)
>>> ct = chacha.encrypt(nonce, data, aad)
>>> chacha.decrypt(nonce, ct, aad)
- 'a secret message'
+ b'a secret message'
.. classmethod:: generate_key()
@@ -99,7 +99,7 @@ also support providing integrity for associated data which is not encrypted.
>>> nonce = os.urandom(12)
>>> ct = aesgcm.encrypt(nonce, data, aad)
>>> aesgcm.decrypt(nonce, ct, aad)
- 'a secret message'
+ b'a secret message'
.. classmethod:: generate_key(bit_length)
@@ -181,7 +181,7 @@ also support providing integrity for associated data which is not encrypted.
>>> nonce = os.urandom(13)
>>> ct = aesccm.encrypt(nonce, data, aad)
>>> aesccm.decrypt(nonce, ct, aad)
- 'a secret message'
+ b'a secret message'
.. classmethod:: generate_key(bit_length)
diff --git a/docs/hazmat/primitives/asymmetric/ec.rst b/docs/hazmat/primitives/asymmetric/ec.rst
index edcfdfcb..bbab2246 100644
--- a/docs/hazmat/primitives/asymmetric/ec.rst
+++ b/docs/hazmat/primitives/asymmetric/ec.rst
@@ -669,7 +669,7 @@ This sample demonstrates how to generate a private key and serialize it.
... encryption_algorithm=serialization.BestAvailableEncryption(b'testpassword')
... )
>>> serialized_private.splitlines()[0]
- '-----BEGIN ENCRYPTED PRIVATE KEY-----'
+ b'-----BEGIN ENCRYPTED PRIVATE KEY-----'
You can also serialize the key without a password, by relying on
:class:`~cryptography.hazmat.primitives.serialization.NoEncryption`.
@@ -685,7 +685,7 @@ The public key is serialized as follows:
... format=serialization.PublicFormat.SubjectPublicKeyInfo
... )
>>> serialized_public.splitlines()[0]
- '-----BEGIN PUBLIC KEY-----'
+ b'-----BEGIN PUBLIC KEY-----'
This is the part that you would normally share with the rest of the world.
diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst
index 46cc30af..635a4626 100644
--- a/docs/hazmat/primitives/asymmetric/rsa.rst
+++ b/docs/hazmat/primitives/asymmetric/rsa.rst
@@ -100,7 +100,7 @@ to serialize the key.
... encryption_algorithm=serialization.BestAvailableEncryption(b'mypassword')
... )
>>> pem.splitlines()[0]
- '-----BEGIN ENCRYPTED PRIVATE KEY-----'
+ b'-----BEGIN ENCRYPTED PRIVATE KEY-----'
It is also possible to serialize without encryption using
:class:`~cryptography.hazmat.primitives.serialization.NoEncryption`.
@@ -113,7 +113,7 @@ It is also possible to serialize without encryption using
... encryption_algorithm=serialization.NoEncryption()
... )
>>> pem.splitlines()[0]
- '-----BEGIN RSA PRIVATE KEY-----'
+ b'-----BEGIN RSA PRIVATE KEY-----'
For public keys you can use
:meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey.public_bytes`
@@ -128,7 +128,7 @@ to serialize the key.
... format=serialization.PublicFormat.SubjectPublicKeyInfo
... )
>>> pem.splitlines()[0]
- '-----BEGIN PUBLIC KEY-----'
+ b'-----BEGIN PUBLIC KEY-----'
Signing
~~~~~~~
diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst
index 7e23ce9e..021e433d 100644
--- a/docs/hazmat/primitives/cryptographic-hashes.rst
+++ b/docs/hazmat/primitives/cryptographic-hashes.rst
@@ -26,7 +26,7 @@ Message digests (Hashing)
>>> digest.update(b"abc")
>>> digest.update(b"123")
>>> digest.finalize()
- 'l\xa1=R\xcap\xc8\x83\xe0\xf0\xbb\x10\x1eBZ\x89\xe8bM\xe5\x1d\xb2\xd29%\x93\xafj\x84\x11\x80\x90'
+ b'l\xa1=R\xcap\xc8\x83\xe0\xf0\xbb\x10\x1eBZ\x89\xe8bM\xe5\x1d\xb2\xd29%\x93\xafj\x84\x11\x80\x90'
If the backend doesn't support the requested ``algorithm`` an
:class:`~cryptography.exceptions.UnsupportedAlgorithm` exception will be
diff --git a/docs/hazmat/primitives/mac/cmac.rst b/docs/hazmat/primitives/mac/cmac.rst
index b316e4c3..a5b13caf 100644
--- a/docs/hazmat/primitives/mac/cmac.rst
+++ b/docs/hazmat/primitives/mac/cmac.rst
@@ -32,7 +32,7 @@ A subset of CMAC with the AES-128 algorithm is described in :rfc:`4493`.
>>> c = cmac.CMAC(algorithms.AES(key), backend=default_backend())
>>> c.update(b"message to authenticate")
>>> c.finalize()
- 'CT\x1d\xc8\x0e\x15\xbe4e\xdb\xb6\x84\xca\xd9Xk'
+ b'CT\x1d\xc8\x0e\x15\xbe4e\xdb\xb6\x84\xca\xd9Xk'
If the backend doesn't support the requested ``algorithm`` an
:class:`~cryptography.exceptions.UnsupportedAlgorithm` exception will be
diff --git a/docs/hazmat/primitives/mac/hmac.rst b/docs/hazmat/primitives/mac/hmac.rst
index a0e2014d..c605e58c 100644
--- a/docs/hazmat/primitives/mac/hmac.rst
+++ b/docs/hazmat/primitives/mac/hmac.rst
@@ -32,7 +32,7 @@ of a message.
>>> h = hmac.HMAC(key, hashes.SHA256(), backend=default_backend())
>>> h.update(b"message to hash")
>>> h.finalize()
- '#F\xdaI\x8b"e\xc4\xf1\xbb\x9a\x8fc\xff\xf5\xdex.\xbc\xcd/+\x8a\x86\x1d\x84\'\xc3\xa6\x1d\xd8J'
+ b'#F\xdaI\x8b"e\xc4\xf1\xbb\x9a\x8fc\xff\xf5\xdex.\xbc\xcd/+\x8a\x86\x1d\x84\'\xc3\xa6\x1d\xd8J'
If the backend doesn't support the requested ``algorithm`` an
:class:`~cryptography.exceptions.UnsupportedAlgorithm` exception will be
diff --git a/docs/hazmat/primitives/padding.rst b/docs/hazmat/primitives/padding.rst
index e49fc494..245b5547 100644
--- a/docs/hazmat/primitives/padding.rst
+++ b/docs/hazmat/primitives/padding.rst
@@ -25,16 +25,16 @@ multiple of the block size.
>>> padder = padding.PKCS7(128).padder()
>>> padded_data = padder.update(b"11111111111111112222222222")
>>> padded_data
- '1111111111111111'
+ b'1111111111111111'
>>> padded_data += padder.finalize()
>>> padded_data
- '11111111111111112222222222\x06\x06\x06\x06\x06\x06'
+ b'11111111111111112222222222\x06\x06\x06\x06\x06\x06'
>>> unpadder = padding.PKCS7(128).unpadder()
>>> data = unpadder.update(padded_data)
>>> data
- '1111111111111111'
+ b'1111111111111111'
>>> data + unpadder.finalize()
- '11111111111111112222222222'
+ b'11111111111111112222222222'
:param block_size: The size of the block in :term:`bits` that the data is
being padded to.
@@ -68,16 +68,16 @@ multiple of the block size.
>>> padder = padding.ANSIX923(128).padder()
>>> padded_data = padder.update(b"11111111111111112222222222")
>>> padded_data
- '1111111111111111'
+ b'1111111111111111'
>>> padded_data += padder.finalize()
>>> padded_data
- '11111111111111112222222222\x00\x00\x00\x00\x00\x06'
+ b'11111111111111112222222222\x00\x00\x00\x00\x00\x06'
>>> unpadder = padding.ANSIX923(128).unpadder()
>>> data = unpadder.update(padded_data)
>>> data
- '1111111111111111'
+ b'1111111111111111'
>>> data + unpadder.finalize()
- '11111111111111112222222222'
+ b'11111111111111112222222222'
:param block_size: The size of the block in :term:`bits` that the data is
being padded to.
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
index 126a9184..593b880b 100644
--- a/docs/hazmat/primitives/symmetric-encryption.rst
+++ b/docs/hazmat/primitives/symmetric-encryption.rst
@@ -42,7 +42,7 @@ it fits your needs before implementing anything using this module.**
>>> ct = encryptor.update(b"a secret message") + encryptor.finalize()
>>> decryptor = cipher.decryptor()
>>> decryptor.update(ct) + decryptor.finalize()
- 'a secret message'
+ b'a secret message'
:param algorithms: A
:class:`~cryptography.hazmat.primitives.ciphers.CipherAlgorithm`
@@ -151,7 +151,7 @@ Algorithms
>>> ct = encryptor.update(b"a secret message")
>>> decryptor = cipher.decryptor()
>>> decryptor.update(ct)
- 'a secret message'
+ b'a secret message'
.. class:: TripleDES(key)
@@ -229,7 +229,7 @@ Weak ciphers
>>> ct = encryptor.update(b"a secret message")
>>> decryptor = cipher.decryptor()
>>> decryptor.update(ct)
- 'a secret message'
+ b'a secret message'
.. class:: IDEA(key)
@@ -278,7 +278,7 @@ Modes
.. doctest::
>>> from cryptography.hazmat.primitives.ciphers.modes import CBC
- >>> iv = "a" * 16
+ >>> iv = b"a" * 16
>>> mode = CBC(iv)
@@ -471,7 +471,7 @@ Modes
.. testoutput::
- a secret message!
+ b'a secret message!'
.. class:: XTS(tweak)
@@ -594,7 +594,7 @@ Interfaces
>>> len_decrypted = decryptor.update_into(ct, buf)
>>> # get the plaintext from the buffer reading only the bytes written (len_decrypted)
>>> bytes(buf[:len_decrypted]) + decryptor.finalize()
- 'a secret message'
+ b'a secret message'
.. method:: finalize()
diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt
index fb07fd0f..160971d9 100644
--- a/docs/spelling_wordlist.txt
+++ b/docs/spelling_wordlist.txt
@@ -96,6 +96,7 @@ timestamp
tunable
Ubuntu
unencrypted
+unicode
unpadded
unpadding
verifier
diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index 014d1f47..279c4c74 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst
@@ -271,7 +271,7 @@ X.509 Certificate Object
>>> from cryptography.hazmat.primitives import hashes
>>> cert.fingerprint(hashes.SHA256())
- '\x86\xd2\x187Gc\xfc\xe7}[+E9\x8d\xb4\x8f\x10\xe5S\xda\x18u\xbe}a\x03\x08[\xac\xa04?'
+ b'\x86\xd2\x187Gc\xfc\xe7}[+E9\x8d\xb4\x8f\x10\xe5S\xda\x18u\xbe}a\x03\x08[\xac\xa04?'
.. attribute:: serial_number
@@ -389,8 +389,8 @@ X.509 Certificate Object
>>> for ext in cert.extensions:
... print(ext)
- <Extension(oid=<ObjectIdentifier(oid=2.5.29.35, name=authorityKeyIdentifier)>, critical=False, value=<AuthorityKeyIdentifier(key_identifier='\xe4}_\xd1\\\x95\x86\x08,\x05\xae\xbeu\xb6e\xa7\xd9]\xa8f', authority_cert_issuer=None, authority_cert_serial_number=None)>)>
- <Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectKeyIdentifier)>, critical=False, value=<SubjectKeyIdentifier(digest='X\x01\x84$\x1b\xbc+R\x94J=\xa5\x10r\x14Q\xf5\xaf:\xc9')>)>
+ <Extension(oid=<ObjectIdentifier(oid=2.5.29.35, name=authorityKeyIdentifier)>, critical=False, value=<AuthorityKeyIdentifier(key_identifier=b'\xe4}_\xd1\\\x95\x86\x08,\x05\xae\xbeu\xb6e\xa7\xd9]\xa8f', authority_cert_issuer=None, authority_cert_serial_number=None)>)>
+ <Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectKeyIdentifier)>, critical=False, value=<SubjectKeyIdentifier(digest=b'X\x01\x84$\x1b\xbc+R\x94J=\xa5\x10r\x14Q\xf5\xaf:\xc9')>)>
<Extension(oid=<ObjectIdentifier(oid=2.5.29.15, name=keyUsage)>, critical=True, value=<KeyUsage(digital_signature=False, content_commitment=False, key_encipherment=False, data_encipherment=False, key_agreement=False, key_cert_sign=True, crl_sign=True, encipher_only=None, decipher_only=None)>)>
<Extension(oid=<ObjectIdentifier(oid=2.5.29.32, name=certificatePolicies)>, critical=False, value=<CertificatePolicies([<PolicyInformation(policy_identifier=<ObjectIdentifier(oid=2.16.840.1.101.3.2.1.48.1, name=Unknown OID)>, policy_qualifiers=None)>])>)>
<Extension(oid=<ObjectIdentifier(oid=2.5.29.19, name=basicConstraints)>, critical=True, value=<BasicConstraints(ca=True, path_length=None)>)>
@@ -461,7 +461,7 @@ X.509 CRL (Certificate Revocation List) Object
>>> from cryptography.hazmat.primitives import hashes
>>> crl.fingerprint(hashes.SHA256())
- 'e\xcf.\xc4:\x83?1\xdc\xf3\xfc\x95\xd7\xb3\x87\xb3\x8e\xf8\xb93!\x87\x07\x9d\x1b\xb4!\xb9\xe4W\xf4\x1f'
+ b'e\xcf.\xc4:\x83?1\xdc\xf3\xfc\x95\xd7\xb3\x87\xb3\x8e\xf8\xb93!\x87\x07\x9d\x1b\xb4!\xb9\xe4W\xf4\x1f'
.. attribute:: signature_hash_algorithm
@@ -501,7 +501,7 @@ X.509 CRL (Certificate Revocation List) Object
.. doctest::
>>> crl.issuer
- <Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.6, name=countryName)>, value=u'US')>, <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value=u'cryptography.io')>])>
+ <Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.6, name=countryName)>, value='US')>, <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value='cryptography.io')>])>
.. attribute:: next_update
@@ -1132,9 +1132,9 @@ X.509 CSR (Certificate Signing Request) Builder Object
3
>>> for attribute in cert.subject:
... print(attribute)
- <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.6, name=countryName)>, value=u'US')>
- <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.10, name=organizationName)>, value=u'Test Certificates 2011')>
- <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value=u'Good CA')>
+ <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.6, name=countryName)>, value='US')>
+ <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.10, name=organizationName)>, value='Test Certificates 2011')>
+ <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value='Good CA')>
.. attribute:: rdns
@@ -1152,7 +1152,7 @@ X.509 CSR (Certificate Signing Request) Builder Object
.. doctest::
>>> cert.subject.get_attributes_for_oid(NameOID.COMMON_NAME)
- [<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value=u'Good CA')>]
+ [<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value='Good CA')>]
.. method:: public_bytes(backend)
@@ -1759,7 +1759,7 @@ X.509 Extensions
>>> from cryptography.hazmat.backends import default_backend
>>> issuer_cert = x509.load_pem_x509_certificate(pem_data, default_backend())
>>> x509.AuthorityKeyIdentifier.from_issuer_public_key(issuer_cert.public_key())
- <AuthorityKeyIdentifier(key_identifier='X\x01\x84$\x1b\xbc+R\x94J=\xa5\x10r\x14Q\xf5\xaf:\xc9', authority_cert_issuer=None, authority_cert_serial_number=None)>
+ <AuthorityKeyIdentifier(key_identifier=b'X\x01\x84$\x1b\xbc+R\x94J=\xa5\x10r\x14Q\xf5\xaf:\xc9', authority_cert_issuer=None, authority_cert_serial_number=None)>
.. classmethod:: from_issuer_subject_key_identifier(ski)
@@ -1790,7 +1790,7 @@ X.509 Extensions
>>> issuer_cert = x509.load_pem_x509_certificate(pem_data, default_backend())
>>> ski = issuer_cert.extensions.get_extension_for_class(x509.SubjectKeyIdentifier)
>>> x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(ski)
- <AuthorityKeyIdentifier(key_identifier='X\x01\x84$\x1b\xbc+R\x94J=\xa5\x10r\x14Q\xf5\xaf:\xc9', authority_cert_issuer=None, authority_cert_serial_number=None)>
+ <AuthorityKeyIdentifier(key_identifier=b'X\x01\x84$\x1b\xbc+R\x94J=\xa5\x10r\x14Q\xf5\xaf:\xc9', authority_cert_issuer=None, authority_cert_serial_number=None)>
.. class:: SubjectKeyIdentifier(digest)
@@ -1837,7 +1837,7 @@ X.509 Extensions
>>> from cryptography.hazmat.backends import default_backend
>>> csr = x509.load_pem_x509_csr(pem_req_data, default_backend())
>>> x509.SubjectKeyIdentifier.from_public_key(csr.public_key())
- <SubjectKeyIdentifier(digest='\xdb\xaa\xf0\x06\x11\xdbD\xfe\xbf\x93\x03\x8av\x88WP7\xa6\x91\xf7')>
+ <SubjectKeyIdentifier(digest=b'\xdb\xaa\xf0\x06\x11\xdbD\xfe\xbf\x93\x03\x8av\x88WP7\xa6\x91\xf7')>
.. class:: SubjectAlternativeName(general_names)
@@ -1877,7 +1877,7 @@ X.509 Extensions
>>> ext = cert.extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
>>> # Get the dNSName entries from the SAN extension
>>> ext.value.get_values_for_type(x509.DNSName)
- [u'www.cryptography.io', u'cryptography.io']
+ ['www.cryptography.io', 'cryptography.io']
.. class:: IssuerAlternativeName(general_names)
diff --git a/tox.ini b/tox.ini
index 6dfe1c72..a1e97c50 100644
--- a/tox.ini
+++ b/tox.ini
@@ -39,7 +39,7 @@ commands =
extras =
docs
docstest
-basepython = python2.7
+basepython = python3
commands =
sphinx-build -j4 -T -W -b html -d {envtmpdir}/doctrees docs docs/_build/html
sphinx-build -j4 -T -W -b latex -d {envtmpdir}/doctrees docs docs/_build/latex