Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 9883e4e970cd8ed3bcdb58ee4679fb166fb0c391^! / .
commit9883e4e970cd8ed3bcdb58ee4679fb166fb0c391[log] [tgz]
authorAlex Gaynor <alex.gaynor@gmail.com>Thu Jul 10 12:53:00 2014 -0700
committerAlex Gaynor <alex.gaynor@gmail.com>Thu Jul 10 12:53:00 2014 -0700
tree52a79147489f9e0ce346bcf5d72963223b58dcb1
parent32989282ff36de4d000afe71484c5711c9619faa [diff]
Document what the PEM headers look like in more cases

diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst
index 0525ed7..2a70146 100644
--- a/docs/hazmat/primitives/asymmetric/serialization.rst
+++ b/docs/hazmat/primitives/asymmetric/serialization.rst

@@ -28,9 +28,11 @@
 PKCS #8 Format
 ~~~~~~~~~~~~~~
 
-PKCS #8 is a serialization format originally standardized by RSA and
-currently maintained by the IETF in :rfc:`5208`. It supports password based
-encryption and additional key metadata attributes.
+PKCS #8 is a serialization format originally standardized by RSA and currently
+maintained by the IETF in :rfc:`5208`. It supports password based encryption
+and additional key metadata attributes. These keys are recognizable because
+they all begin with ``-----BEGIN PRIVATE KEY-----`` or with ``-----BEGIN
+ENCRYPTED PRIVATE KEY-----`` if they have a password.
 
 
 .. function:: load_pkcs8_private_key(data, password, backend)
@@ -44,6 +46,7 @@
 
     :param bytes password: The password to use to decrypt the data. Should
         be ``None`` if the private key is not encrypted.
+
     :param backend: A
         :class:`~cryptography.hazmat.backends.interfaces.PKCS8SerializationBackend`
         provider.
@@ -65,11 +68,11 @@
 Traditional OpenSSL Format
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-The "traditional" PKCS #1 based serialization format used by OpenSSL.
-It supports password based symmetric key encryption. Commonly found in
-OpenSSL based TLS applications. It is usually found in PEM format with a
-header that mentions the type of the serialized key. e.g.
-``-----BEGIN RSA PRIVATE KEY-----``.
+The "traditional" PKCS #1 based serialization format used by OpenSSL. It
+supports password based symmetric key encryption. Commonly found in OpenSSL
+based TLS applications. It is usually found in PEM format with a header that
+mentions the type of the serialized key. e.g. ``-----BEGIN RSA PRIVATE
+KEY-----`` or ``-----BEGIN DSA PRIVATE KEY-----``.
 
 .. function:: load_pem_traditional_openssl_private_key(data, password, backend)
 
@@ -82,6 +85,7 @@
 
     :param bytes password: The password to use to decrypt the data. Should
         be ``None`` if the private key is not encrypted.
+
     :param backend: A
         :class:`~cryptography.hazmat.backends.interfaces.TraditionalOpenSSLSerializationBackend`
         provider.