From 136b3242148abc1059661284196c772471ff9ca5 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Wed, 24 May 2017 19:24:54 -0700
Subject: add some explicit instructions on determining key type in a cert
 (#3596)

* add some explicit instructions on determining key type in a cert

* can't call it a CSR
---
 docs/x509/tutorial.rst | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'docs/x509/tutorial.rst')

diff --git a/docs/x509/tutorial.rst b/docs/x509/tutorial.rst
index 372d78a4..d34b3504 100644
--- a/docs/x509/tutorial.rst
+++ b/docs/x509/tutorial.rst
@@ -152,3 +152,20 @@ Then we generate the certificate itself:
 
 And now we have a private key and certificate that can be used for local
 testing.
+
+Determining Certificate or Certificate Signing Request Key Type
+---------------------------------------------------------------
+
+Certificates and certificate signing requests can be issued with multiple
+key types. You can determine what the key type is by using ``isinstance``
+checks:
+
+.. code-block:: pycon
+
+    >>> public_key = cert.public_key()
+    >>> if isinstance(public_key, rsa.RSAPublicKey):
+    ...     # Do something RSA specific
+    ... elif isinstance(public_key, ec.EllipticCurvePublicKey):
+    ...     # Do something EC specific
+    ... else:
+    ...     # Remember to handle this case
-- 
cgit v1.2.3