1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
Metadata-Version: 2.3
Name: rsa
Version: 4.9.1
Summary: Pure-Python RSA implementation
License: Apache-2.0
Author: Sybren A. Stüvel
Author-email: sybren@stuvel.eu
Requires-Python: >=3.6,<4
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Education
Classifier: Intended Audience :: Information Technology
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Programming Language :: Python :: Implementation :: PyPy
Classifier: Topic :: Security :: Cryptography
Requires-Dist: pyasn1 (>=0.1.3)
Project-URL: Homepage, https://stuvel.eu/rsa
Project-URL: Repository, https://github.com/sybrenstuvel/python-rsa
Description-Content-Type: text/markdown
# Python-RSA has been archived
Hi folks,
I'm Sybren, one of the original authors and the maintainer of this project.
Unfortunately I don't have the time and brain space left to properly maintain
Python-RSA. As you can see from the lack of activity on the open issues, and the
lack of commits, that has been the case for a while now.
As Python-RSA is included as a dependency in quite a few high-profile projects,
I don't feel comfortable handing over the project to someone else. It's just too
big of a risk.
Thanks for having used this little library for so long, and in so many projects.
I truely didn't expect that when I started working on it. Also big thanks to all
the people helping out and improving the project.
There are improvements that haven't made it into a new release. As I said, I
don't have the time and the brain space to really investigate and oversee the
security impact of all those changes. It's not a decision I've made lightly.
So that's it. If you want to keep the project alive, please fork it. Give it the
love it deserves, investigate those yet-unreleased improvements, and have a
project that's then already better than how I left this one.
Cheers,
Sybren
---------------------------------------------
# Pure Python RSA implementation
[](https://pypi.org/project/rsa/)
[](https://travis-ci.org/sybrenstuvel/python-rsa)
[](https://coveralls.io/github/sybrenstuvel/python-rsa?branch=master)
[](https://codeclimate.com/github/codeclimate/codeclimate/maintainability)
[Python-RSA](https://stuvel.eu/rsa) is a pure-Python RSA implementation. It supports
encryption and decryption, signing and verifying signatures, and key
generation according to PKCS#1 version 1.5. It can be used as a Python
library as well as on the commandline. The code was mostly written by
Sybren A. Stüvel.
Documentation can be found at the [Python-RSA homepage](https://stuvel.eu/rsa). For all changes, check [the changelog](https://github.com/sybrenstuvel/python-rsa/blob/master/CHANGELOG.md).
Download and install using:
pip install rsa
or download it from the [Python Package Index](https://pypi.org/project/rsa/).
The source code is maintained at [GitHub](https://github.com/sybrenstuvel/python-rsa/) and is
licensed under the [Apache License, version 2.0](https://www.apache.org/licenses/LICENSE-2.0)
## Security
Because of how Python internally stores numbers, it is very hard (if not impossible) to make a pure-Python program secure against timing attacks. This library is no exception, so use it with care. See https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/ for more info.
## Setup of Development Environment
```
python3 -m venv .venv
. ./.venv/bin/activate
pip install poetry
poetry install
```
## Publishing a New Release
Since this project is considered critical on the Python Package Index,
two-factor authentication is required. For uploading packages to PyPi, an API
key is required; username+password will not work.
First, generate an API token at https://pypi.org/manage/account/token/. Then,
use this token when publishing instead of your username and password.
As username, use `__token__`.
As password, use the token itself, including the `pypi-` prefix.
See https://pypi.org/help/#apitoken for help using API tokens to publish. This
is what I have in `~/.pypirc`:
```
[distutils]
index-servers =
rsa
# Use `twine upload -r rsa` to upload with this token.
[rsa]
repository = https://upload.pypi.org/legacy/
username = __token__
password = pypi-token
```
```
. ./.venv/bin/activate
pip install twine
poetry build
twine check dist/rsa-4.9.1.tar.gz dist/rsa-4.9.1-*.whl
twine upload -r rsa dist/rsa-4.9.1.tar.gz dist/rsa-4.9.1-*.whl
```
The `pip install twine` is necessary as Python-RSA requires Python >= 3.6, and
Twine requires at least version 3.7. This means Poetry refuses to add it as
dependency.
|
