Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
By Sarah Gooding - Feb 07, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
- Maintainers
- 1
Pure Python RSA implementation
Python-RSA is a pure-Python RSA implementation. It supports encryption and decryption, signing and verifying signatures, and key generation according to PKCS#1 version 1.5. It can be used as a Python library as well as on the commandline. The code was mostly written by Sybren A. Stüvel.
Documentation can be found at the Python-RSA homepage. For all changes, check the changelog.
Download and install using:
pip install rsa
or download it from the Python Package Index.
The source code is maintained at GitHub and is licensed under the Apache License, version 2.0
Security
Because of how Python internally stores numbers, it is very hard (if not impossible) to make a pure-Python program secure against timing attacks. This library is no exception, so use it with care. See https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/ for more info.
Setup of Development Environment
python3 -m venv .venv
. ./.venv/bin/activate
pip install poetry
poetry install
Publishing a New Release
Since this project is considered critical on the Python Package Index, two-factor authentication is required. For uploading packages to PyPi, an API key is required; username+password will not work.
First, generate an API token at https://pypi.org/manage/account/token/. Then, use this token when publishing instead of your username and password.
As username, use __token__.
As password, use the token itself, including the pypi- prefix.
See https://pypi.org/help/#apitoken for help using API tokens to publish. This
is what I have in ~/.pypirc:
[distutils]
index-servers =
rsa
# Use `twine upload -r rsa` to upload with this token.
[rsa]
repository = https://upload.pypi.org/legacy/
username = __token__
password = pypi-token
. ./.venv/bin/activate
pip install twine
poetry build
twine check dist/rsa-4.9.tar.gz dist/rsa-4.9-*.whl
twine upload -r rsa dist/rsa-4.9.tar.gz dist/rsa-4.9-*.whl
The pip install twine is necessary as Python-RSA requires Python >= 3.6, and
Twine requires at least version 3.7. This means Poetry refuses to add it as
dependency.
FAQs
Pure-Python RSA implementation
We found that rsa demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Linux Foundation Warns Open Source Developers: Compliance with Sanctions Is Not Optional
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
By Sarah Gooding - Feb 06, 2025
Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025