Repository files navigation

Hi folks,

I'm Sybren, one of the original authors and the maintainer of this project.Unfortunately I don't have the time and brain space left to properly maintainPython-RSA. As you can see from the lack of activity on the open issues, and thelack of commits, that has been the case for a while now.

As Python-RSA is included as a dependency in quite a few high-profile projects,I don't feel comfortable handing over the project to someone else. It's just toobig of a risk.

Thanks for having used this little library for so long, and in so many projects.I truely didn't expect that when I started working on it. Also big thanks to allthe people helping out and improving the project.

There are improvements that haven't made it into a new release. As I said, Idon't have the time and the brain space to really investigate and oversee thesecurity impact of all those changes. It's not a decision I've made lightly.

So that's it. If you want to keep the project alive, please fork it. Give it thelove it deserves, investigate those yet-unreleased improvements, and have aproject that's then already better than how I left this one.

Cheers,Sybren

Python-RSA is a pure-Python RSA implementation. It supportsencryption and decryption, signing and verifying signatures, and keygeneration according to PKCS#1 version 1.5. It can be used as a Pythonlibrary as well as on the commandline. The code was mostly written bySybren A. Stüvel.

Documentation can be found at thePython-RSA homepage. For all changes, checkthe changelog.

Download and install using:

pip install rsa

or download it from thePython Package Index.

The source code is maintained atGitHub and islicensed under theApache License, version 2.0

Because of how Python internally stores numbers, it is not possible to make a pure-Python program secure against timing attacks. This library is no exception, so use it with care. See#230 andhttps://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/ for more info.

For instructions on how to best report security issues, see ourSecurity Policy.

python3 -m venv .venv. ./.venv/bin/activatepip install poetrypoetry install

Since this project is considered critical on the Python Package Index,two-factor authentication is required. For uploading packages to PyPi, an APIkey is required; username+password will not work.

First, generate an API token athttps://pypi.org/manage/account/token/. Then,use this token when publishing instead of your username and password.

As username, use__token__.As password, use the token itself, including thepypi- prefix.

Seehttps://pypi.org/help/#apitoken for help using API tokens to publish. Thisis what I have in~/.pypirc:

[distutils]index-servers =    rsa# Use `twine upload -r rsa` to upload with this token.[rsa]  repository = https://upload.pypi.org/legacy/  username = __token__  password = pypi-token

. ./.venv/bin/activatepoetry buildtwine check dist/rsa-4.10-dev0.tar.gz dist/rsa-4.10-dev0-*.whltwine upload -r rsa dist/rsa-4.10-dev0.tar.gz dist/rsa-4.10-dev0-*.whl