Python-RSA is a pure-Python RSA implementation. It supportsencryption and decryption, signing and verifying signatures, and keygeneration according to PKCS#1 version 1.5. It can be used as a Pythonlibrary as well as on the commandline. The code was mostly written bySybren A. Stüvel.
Documentation can be found at the Python-RSA homepage. For all changes, check the changelog.
Download and install using:
pip install rsa
or download it from the Python Package Index.
The source code is maintained at GitHub and islicensed under the Apache License, version 2.0
Security
Because of how Python internally stores numbers, it is very hard (if not impossible) to make a pure-Python program secure against timing attacks. This library is no exception, so use it with care. See https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/ for more info.
Setup of Development Environment
python3 -m venv .venv. ./.venv/bin/activatepip install poetrypoetry install
Publishing a New Release
Since this project is considered critical on the Python Package Index,two-factor authentication is required. For uploading packages to PyPi, an APIkey is required; username+password will not work.
First, generate an API token at https://pypi.org/manage/account/token/. Then,use this token when publishing instead of your username and password.
As username, use __token__
.As password, use the token itself, including the pypi-
prefix.
See https://pypi.org/help/#apitoken for help using API tokens to publish. Thisis what I have in ~/.pypirc
:
[distutils]index-servers = rsa# Use `twine upload -r rsa` to upload with this token.[rsa] repository = https://upload.pypi.org/legacy/ username = __token__ password = pypi-token
. ./.venv/bin/activatepip install twinepoetry buildtwine check dist/rsa-4.9.tar.gz dist/rsa-4.9-*.whltwine upload -r rsa dist/rsa-4.9.tar.gz dist/rsa-4.9-*.whl
The pip install twine
is necessary as Python-RSA requires Python >= 3.6, andTwine requires at least version 3.7. This means Poetry refuses to add it asdependency.