diff options
Diffstat (limited to 'docs/hazmat/primitives')
-rw-r--r-- | docs/hazmat/primitives/key-derivation-functions.rst | 4 | ||||
-rw-r--r-- | docs/hazmat/primitives/rsa.rst | 22 | ||||
-rw-r--r-- | docs/hazmat/primitives/symmetric-encryption.rst | 13 |
3 files changed, 27 insertions, 12 deletions
diff --git a/docs/hazmat/primitives/key-derivation-functions.rst b/docs/hazmat/primitives/key-derivation-functions.rst index 1937c2ec..d8a0e241 100644 --- a/docs/hazmat/primitives/key-derivation-functions.rst +++ b/docs/hazmat/primitives/key-derivation-functions.rst @@ -129,6 +129,10 @@ Different KDFs are suitable for different tasks such as: `HKDF`_ (HMAC-based Extract-and-Expand Key Derivation Function) is suitable for deriving keys of a fixed size used for other cryptographic operations. + .. warning:: + + HKDF should not be used for password storage. + .. doctest:: >>> import os diff --git a/docs/hazmat/primitives/rsa.rst b/docs/hazmat/primitives/rsa.rst index 4925366a..e7ec4749 100644 --- a/docs/hazmat/primitives/rsa.rst +++ b/docs/hazmat/primitives/rsa.rst @@ -20,10 +20,10 @@ RSA .. warning:: This method only checks a limited set of properties of its arguments. - Using an RSA that you do not trust or with incorrect parameters may - lead to insecure operation, crashes, and other undefined behavior. We - recommend that you only ever load private keys that were generated with - software you trust. + Using an RSA private key that you do not trust or with incorrect + parameters may lead to insecure operation, crashes, and other undefined + behavior. We recommend that you only ever load private keys that were + generated with software you trust. This class conforms to the @@ -32,9 +32,10 @@ RSA :raises TypeError: This is raised when the arguments are not all integers. - :raises ValueError: This is raised when the values of `p`, `q`, - `private_exponent`, `public_exponent` or `modulus` do - not match the bounds specified in `RFC 3447`_. + :raises ValueError: This is raised when the values of ``p``, ``q``, + ``private_exponent``, ``public_exponent``, or + ``modulus`` do not match the bounds specified in + :rfc:`3447`. .. classmethod:: generate(public_exponent, key_size, backend) @@ -68,12 +69,11 @@ RSA :raises TypeError: This is raised when the arguments are not all integers. - :raises ValueError: This is raised when the values of `public_exponent` or - `modulus` do not match the bounds specified in - `RFC 3447`_. + :raises ValueError: This is raised when the values of ``public_exponent`` + or ``modulus`` do not match the bounds specified in + :rfc:`3447`. .. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem) .. _`public-key`: https://en.wikipedia.org/wiki/Public-key_cryptography -.. _`RFC 3447`: https://tools.ietf.org/html/rfc3447 .. _`use 65537`: http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html .. _`at least 2048`: http://www.ecrypt.eu.org/documents/D.SPA.20.pdf diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 85d8e8e3..d91dde9d 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -99,7 +99,6 @@ Algorithms :param bytes key: The secret key, either ``128``, ``192``, or ``256`` bits. This must be kept secret. - .. class:: TripleDES(key) Triple DES (Data Encryption Standard), sometimes referred to as 3DES, is a @@ -116,6 +115,17 @@ Algorithms ``56`` bits long), they can simply be concatenated to produce the full key. This must be kept secret. +.. class:: CAST5(key) + + .. versionadded:: 0.2 + + CAST5 (also known as CAST-128) is a block cipher approved for use in the + Canadian government by the `Communications Security Establishment`_. It is + a variable key length cipher and supports keys from 40-128 bits in length. + + :param bytes key: The secret key, 40-128 bits in length (in increments of + 8). This must be kept secret. + Weak Ciphers ------------ @@ -469,3 +479,4 @@ Interfaces .. _`described by Colin Percival`: http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html .. _`recommends 96-bit IV length`: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf .. _`NIST SP-800-38D`: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf +.. _`Communications Security Establishment`: http://www.cse-cst.gc.ca |