From eb9ec00ff857e2788938baa50beb9c92e2b693db Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sat, 8 Aug 2015 10:03:02 -0500
Subject: add more prose about how the digest is generated

---
 docs/x509/reference.rst | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'docs/x509')

diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index 61f73e9d..e83a4ace 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst
@@ -1125,7 +1125,9 @@ X.509 Extensions
 
         Creates a new SubjectKeyIdentifier instance using the public key
         provided to generate the appropriate digest. This should be the public
-        key that is in the certificate.
+        key that is in the certificate. The generated digest is the SHA1 hash
+        of the ``subjectPublicKey`` ASN.1 bit string. This is the first
+        recommendation in :rfc:`5280` section 4.2.1.2.
 
         :param public_key: One of
             :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`
-- 
cgit v1.2.3