Clone this repo:
  1. 63772a6 Merge pull request #207 from myheroyuki/multiprime by Hiroyuki Tanaka · 4 months ago main
  2. 14db374 Language correction by myheroyuki · 4 months ago
  3. ca0ee25 Merge branch 'main' of github.com:sybrenstuvel/python-rsa into multiprime by myheroyuki · 4 months ago
  4. 01c32e7 Updated .gitignore by myheroyuki · 4 months ago
  5. 18f5faf Strengthen warning about timing attacks on Python code by Sybren A. Stüvel · 7 months ago

Pure Python RSA implementation

PyPI Build Status Coverage Status Code Climate

Python-RSA is a pure-Python RSA implementation. It supports encryption and decryption, signing and verifying signatures, and key generation according to PKCS#1 version 1.5. It can be used as a Python library as well as on the commandline. The code was mostly written by Sybren A. Stüvel.

Documentation can be found at the Python-RSA homepage. For all changes, check the changelog.

Download and install using:

pip install rsa

or download it from the Python Package Index.

The source code is maintained at GitHub and is licensed under the Apache License, version 2.0

Security

Because of how Python internally stores numbers, it is not possible to make a pure-Python program secure against timing attacks. This library is no exception, so use it with care. See https://github.com/sybrenstuvel/python-rsa/issues/230 and https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/ for more info.

For instructions on how to best report security issues, see our Security Policy.

Setup of Development Environment

python3 -m venv .venv
. ./.venv/bin/activate
pip install poetry
poetry install

Publishing a New Release

Since this project is considered critical on the Python Package Index, two-factor authentication is required. For uploading packages to PyPi, an API key is required; username+password will not work.

First, generate an API token at https://pypi.org/manage/account/token/. Then, use this token when publishing instead of your username and password.

As username, use __token__. As password, use the token itself, including the pypi- prefix.

See https://pypi.org/help/#apitoken for help using API tokens to publish. This is what I have in ~/.pypirc:

[distutils]
index-servers =
    rsa

# Use `twine upload -r rsa` to upload with this token.
[rsa]
  repository = https://upload.pypi.org/legacy/
  username = __token__
  password = pypi-token
. ./.venv/bin/activate

poetry build
twine check dist/rsa-4.10-dev0.tar.gz dist/rsa-4.10-dev0-*.whl
twine upload -r rsa dist/rsa-4.10-dev0.tar.gz dist/rsa-4.10-dev0-*.whl