Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / fe2e3c2827f2776e8e4116b3aec50d4409476cd9^! / . / docs / hazmat / primitives / symmetric-encryption.rst
commitfe2e3c2827f2776e8e4116b3aec50d4409476cd9[log] [tgz]
authorPaul Kehrer <paul.l.kehrer@gmail.com>Tue Jan 07 20:55:20 2014 -0600
committerPaul Kehrer <paul.l.kehrer@gmail.com>Tue Jan 07 20:55:20 2014 -0600
tree1da50f3a4d6a207a779304b69acf0f4b218e7848
parent43cf688e885668198bc966b1cf3a4a425a60f1a6 [diff] [blame]
add padding info to docs

diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
index 2233d52..8316569 100644
--- a/docs/hazmat/primitives/symmetric-encryption.rst
+++ b/docs/hazmat/primitives/symmetric-encryption.rst

@@ -169,6 +169,8 @@
     CBC (Cipher block chaining) is a mode of operation for block ciphers. It is
     considered cryptographically strong.
 
+    **Padding is required when using this mode.**
+
     :param bytes initialization_vector: Must be random bytes. They do not need
                                         to be kept secret (they can be included
                                         in a transmitted message). Must be the
@@ -211,6 +213,8 @@
     cryptographically strong. It transforms a block cipher into a stream
     cipher.
 
+    **This mode does not require padding.**
+
     :param bytes nonce: Should be random bytes. It is critical to never reuse a
                         ``nonce`` with a given key.  Any reuse of a nonce
                         with the same key compromises the security of every
@@ -224,6 +228,8 @@
     OFB (Output Feedback) is a mode of operation for block ciphers. It
     transforms a block cipher into a stream cipher.
 
+    **This mode does not require padding.**
+
     :param bytes initialization_vector: Must be random bytes. They do not need
                                         to be kept secret (they can be included
                                         in a transmitted message). Must be the
@@ -237,6 +243,8 @@
     CFB (Cipher Feedback) is a mode of operation for block ciphers. It
     transforms a block cipher into a stream cipher.
 
+    **This mode does not require padding.**
+
     :param bytes initialization_vector: Must be random bytes. They do not need
                                         to be kept secret (they can be included
                                         in a transmitted message). Must be the
@@ -261,6 +269,8 @@
     Additional means of verifying integrity (like
     :doc:`HMAC </hazmat/primitives/hmac>`) are not necessary.
 
+    **This mode does not require padding.**
+
     :param bytes initialization_vector: Must be random bytes. They do not need
                                         to be kept secret (they can be included
                                         in a transmitted message). NIST
@@ -365,6 +375,8 @@
     identical plaintext blocks will always result in identical ciphertext
     blocks, and thus result in information leakage
 
+    **Padding is required when using this mode.**
+
 Interfaces
 ----------
 
@@ -377,8 +389,8 @@
     finish the operation and obtain the remainder of the data.
 
     Block ciphers require that plaintext or ciphertext always be a multiple of
-    their block size, because of that **padding** is often required to make a
-    message the correct size. ``CipherContext`` will not automatically apply
+    their block size, because of that **padding** is sometimes required to make
+    a message the correct size. ``CipherContext`` will not automatically apply
     any padding; you'll need to add your own. For block ciphers the recommended
     padding is :class:`cryptography.hazmat.primitives.padding.PKCS7`. If you
     are using a stream cipher mode (such as