From 719907c863ba9a5b61a1a056366e23e1100516e8 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Wed, 12 Feb 2014 14:01:05 -0800 Subject: Be clear about HKDF's applicability for password storage --- docs/hazmat/primitives/key-derivation-functions.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'docs/hazmat/primitives') diff --git a/docs/hazmat/primitives/key-derivation-functions.rst b/docs/hazmat/primitives/key-derivation-functions.rst index 1937c2ec..da47ccd3 100644 --- a/docs/hazmat/primitives/key-derivation-functions.rst +++ b/docs/hazmat/primitives/key-derivation-functions.rst @@ -128,6 +128,7 @@ Different KDFs are suitable for different tasks such as: `HKDF`_ (HMAC-based Extract-and-Expand Key Derivation Function) is suitable for deriving keys of a fixed size used for other cryptographic operations. + **HKDF should not be used for password storage.** .. doctest:: -- cgit v1.2.3 From c43bb7579b4cdb7b0c9306e5444ad94563f081e5 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Wed, 12 Feb 2014 16:42:11 -0800 Subject: Switch this to a warning block --- docs/hazmat/primitives/key-derivation-functions.rst | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'docs/hazmat/primitives') diff --git a/docs/hazmat/primitives/key-derivation-functions.rst b/docs/hazmat/primitives/key-derivation-functions.rst index da47ccd3..d8a0e241 100644 --- a/docs/hazmat/primitives/key-derivation-functions.rst +++ b/docs/hazmat/primitives/key-derivation-functions.rst @@ -128,7 +128,10 @@ Different KDFs are suitable for different tasks such as: `HKDF`_ (HMAC-based Extract-and-Expand Key Derivation Function) is suitable for deriving keys of a fixed size used for other cryptographic operations. - **HKDF should not be used for password storage.** + + .. warning:: + + HKDF should not be used for password storage. .. doctest:: -- cgit v1.2.3 From bab0e1a4c6301b2a9d23840ae55af92730519edb Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 9 Feb 2014 10:51:59 -0600 Subject: add cast5 docs --- docs/hazmat/primitives/symmetric-encryption.rst | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'docs/hazmat/primitives') diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 85d8e8e3..d9c0cefa 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -116,6 +116,16 @@ Algorithms ``56`` bits long), they can simply be concatenated to produce the full key. This must be kept secret. +.. class:: CAST5(key) + + CAST5 (also known as CAST-128) is a block cipher approved for use in the + Canadian government by the `Communications Security Establishment`_. It is + a variable key length cipher and supports keys from 40-128 bits in length. + + :param bytes key: The secret key, 40-128 bits in length (in increments of + 8). This must be kept secret. + + Weak Ciphers ------------ @@ -469,3 +479,4 @@ Interfaces .. _`described by Colin Percival`: http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html .. _`recommends 96-bit IV length`: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf .. _`NIST SP-800-38D`: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf +.. _`Communications Security Establishment`: http://www.cse-cst.gc.ca -- cgit v1.2.3 From 70c90e965750da365e18d737faa6e08a1baf0f60 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 12 Feb 2014 18:58:31 -0600 Subject: remove some extra linebreaks --- docs/hazmat/primitives/symmetric-encryption.rst | 2 -- 1 file changed, 2 deletions(-) (limited to 'docs/hazmat/primitives') diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index d9c0cefa..210e6567 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -99,7 +99,6 @@ Algorithms :param bytes key: The secret key, either ``128``, ``192``, or ``256`` bits. This must be kept secret. - .. class:: TripleDES(key) Triple DES (Data Encryption Standard), sometimes referred to as 3DES, is a @@ -125,7 +124,6 @@ Algorithms :param bytes key: The secret key, 40-128 bits in length (in increments of 8). This must be kept secret. - Weak Ciphers ------------ -- cgit v1.2.3 From a5011ec2863d1a698780153a5f2498bd69add56f Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 13 Feb 2014 12:33:34 -0600 Subject: add versionadded to cast5 --- docs/hazmat/primitives/symmetric-encryption.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs/hazmat/primitives') diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 210e6567..d91dde9d 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -117,6 +117,8 @@ Algorithms .. class:: CAST5(key) + .. versionadded:: 0.2 + CAST5 (also known as CAST-128) is a block cipher approved for use in the Canadian government by the `Communications Security Establishment`_. It is a variable key length cipher and supports keys from 40-128 bits in length. -- cgit v1.2.3 From 14971b7c3a1a5d43363b76506e6a3d1881d7d51f Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 13 Feb 2014 12:56:14 -0800 Subject: Fixed a missing word in the RSA docs --- docs/hazmat/primitives/rsa.rst | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'docs/hazmat/primitives') diff --git a/docs/hazmat/primitives/rsa.rst b/docs/hazmat/primitives/rsa.rst index a19ada33..0c7be2c2 100644 --- a/docs/hazmat/primitives/rsa.rst +++ b/docs/hazmat/primitives/rsa.rst @@ -8,7 +8,7 @@ RSA `RSA`_ is a `public-key`_ algorithm for encrypting and signing messages. .. class:: RSAPrivateKey(p, q, private_exponent, public_exponent, modulus) - + .. versionadded:: 0.2 An RSA private key is required for decryption and signing of messages. @@ -16,23 +16,23 @@ RSA You should use :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey.generate` to generate new keys. - + .. warning:: This method only checks a limited set of properties of its arguments. - Using an RSA that you do not trust or with incorrect parameters may - lead to insecure operation, crashes, and other undefined behavior. We - recommend that you only ever load private keys that were generated with - software you trust. + Using an RSA private key that you do not trust or with incorrect + parameters may lead to insecure operation, crashes, and other undefined + behavior. We recommend that you only ever load private keys that were + generated with software you trust. This class conforms to the :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey` interface. - :raises TypeError: This is raised when the arguments are not all integers. + :raises TypeError: This is raised when the arguments are not all integers. :raises ValueError: This is raised when the values of `p`, `q`, - `private_exponent`, `public_exponent` or `modulus` do + `private_exponent`, `public_exponent` or `modulus` do not match the bounds specified in `RFC 3447`_. .. classmethod:: generate(public_exponent, key_size, backend) @@ -52,7 +52,7 @@ RSA :return: A new instance of ``RSAPrivateKey``. .. class:: RSAPublicKey(public_exponent, modulus) - + .. versionadded:: 0.2 An RSA public key is required for encryption and verification of messages. @@ -65,7 +65,7 @@ RSA :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` interface. - :raises TypeError: This is raised when the arguments are not all integers. + :raises TypeError: This is raised when the arguments are not all integers. :raises ValueError: This is raised when the values of `public_exponent` or `modulus` do not match the bounds specified in -- cgit v1.2.3 From a9d802a8364bff9f511db28b4c57bce3498b937d Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 13 Feb 2014 12:57:57 -0800 Subject: Also clean up this syntax --- docs/hazmat/primitives/rsa.rst | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'docs/hazmat/primitives') diff --git a/docs/hazmat/primitives/rsa.rst b/docs/hazmat/primitives/rsa.rst index 0c7be2c2..2875b209 100644 --- a/docs/hazmat/primitives/rsa.rst +++ b/docs/hazmat/primitives/rsa.rst @@ -31,9 +31,10 @@ RSA :raises TypeError: This is raised when the arguments are not all integers. - :raises ValueError: This is raised when the values of `p`, `q`, - `private_exponent`, `public_exponent` or `modulus` do - not match the bounds specified in `RFC 3447`_. + :raises ValueError: This is raised when the values of ``p``, ``q``, + ``private_exponent``, ``public_exponent``, or + ``modulus`` do not match the bounds specified in + :rfc:`3447`. .. classmethod:: generate(public_exponent, key_size, backend) @@ -67,12 +68,11 @@ RSA :raises TypeError: This is raised when the arguments are not all integers. - :raises ValueError: This is raised when the values of `public_exponent` or - `modulus` do not match the bounds specified in - `RFC 3447`_. + :raises ValueError: This is raised when the values of ``public_exponent`` + or ``modulus`` do not match the bounds specified in + :rfc:`3447`. .. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem) .. _`public-key`: https://en.wikipedia.org/wiki/Public-key_cryptography -.. _`RFC 3447`: https://tools.ietf.org/html/rfc3447 .. _`use 65537`: http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html .. _`at least 2048`: http://www.ecrypt.eu.org/documents/D.SPA.20.pdf -- cgit v1.2.3