Clone this repo:
  1. 6f59ff0 Add URL with more info to timing security issues by Sybren A. Stüvel · 5 days ago master
  2. da6fc2c Added security note to README.md by Sybren A. Stüvel · 5 days ago
  3. 4beb68d Adds mention of 4.5 version in the headers. by tvalentyn · 5 months ago
  4. e8fc5d2 Don't build universal wheels by Wyatt Anderson · 5 months ago
  5. a87a564 Fix exception cause in common.py by Ram Rachum · 5 months ago

Pure Python RSA implementation

PyPI Build Status Coverage Status Code Climate

Python-RSA is a pure-Python RSA implementation. It supports encryption and decryption, signing and verifying signatures, and key generation according to PKCS#1 version 1.5. It can be used as a Python library as well as on the commandline. The code was mostly written by Sybren A. Stüvel.

Documentation can be found at the Python-RSA homepage. For all changes, check the changelog.

Download and install using:

pip install rsa

or download it from the Python Package Index.

The source code is maintained at GitHub and is licensed under the Apache License, version 2.0

Security

Because of how Python internally stores numbers, it is very hard (if not impossible) to make a pure-Python program secure against timing attacks. This library is no exception, so use it with care. See https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/ for more info.

Major changes in 4.1

Version 4.0 was the last version to support Python 2 and 3.4. Version 4.1 is compatible with Python 3.5+ only.

Major changes in 4.0

Version 3.4 was the last version in the 3.x range. Version 4.0 drops the following modules, as they are insecure:

  • rsa._version133
  • rsa._version200
  • rsa.bigfile
  • rsa.varblock

Those modules were marked as deprecated in version 3.4.

Furthermore, in 4.0 the I/O functions is streamlined to always work with bytes on all supported versions of Python.

Version 4.0 drops support for Python 2.6 and 3.3.