Google Git
Sign in
chromium / external / github.com / sybrenstuvel / python-rsa / 7d2c6b2d2294eef2714fb1650895933d799ae07f
commit7d2c6b2d2294eef2714fb1650895933d799ae07f[log] [tgz]
authorSybren A. Stüvel <[email protected]>Wed Jul 20 10:25:33 2022
committerSybren A. Stüvel <[email protected]>Wed Jul 20 10:25:33 2022
treef490ea0854a8e98aa4f2049a13f2deeecbdab3ad
parent42a9b2fdc3a812cbd210594a3c020e7174fd2a1c [diff]
Mark 4.9 as released today
1 file changed
tree: f490ea0854a8e98aa4f2049a13f2deeecbdab3ad
  1. doc/
  2. rsa/
  3. tests/
  4. .codeclimate.yml
  5. .coveragerc
  6. .gitignore
  7. .travis.yml
  8. CHANGELOG.md
  9. create_timing_table.py
  10. LICENSE
  11. MANIFEST.in
  12. poetry.lock
  13. pyproject.toml
  14. README.md
  15. setup.cfg
  16. tox.ini
  17. update_version.sh
README.md

Pure Python RSA implementation

PyPI Build Status Coverage Status Code Climate

Python-RSA is a pure-Python RSA implementation. It supports encryption and decryption, signing and verifying signatures, and key generation according to PKCS#1 version 1.5. It can be used as a Python library as well as on the commandline. The code was mostly written by Sybren A. Stüvel.

Documentation can be found at the Python-RSA homepage. For all changes, check the changelog.

Download and install using:

pip install rsa

or download it from the Python Package Index.

The source code is maintained at GitHub and is licensed under the Apache License, version 2.0

Security

Because of how Python internally stores numbers, it is very hard (if not impossible) to make a pure-Python program secure against timing attacks. This library is no exception, so use it with care. See https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/ for more info.

Setup of Development Environment

python3 -m venv .venv
. ./.venv/bin/activate
pip install poetry
poetry install

Publishing a New Release

Since this project is considered critical on the Python Package Index, two-factor authentication is required. For uploading packages to PyPi, an API key is required; username+password will not work.

First, generate an API token at https://pypi.org/manage/account/token/. Then, use this token when publishing instead of your username and password.

As username, use __token__. As password, use the token itself, including the pypi- prefix.

See https://pypi.org/help/#apitoken for help using API tokens to publish. This is what I have in ~/.pypirc:

[distutils]
index-servers =
    rsa

# Use `twine upload -r rsa` to upload with this token.
[rsa]
  username = __token__
  password = pypi-token

. ./.venv/bin/activate
pip install twine

poetry build
twine check dist/rsa-4.9.tar.gz dist/rsa-4.9-*.whl
twine upload -r rsa dist/rsa-4.9.tar.gz dist/rsa-4.9-*.whl

The pip install twine is necessary as Python-RSA requires Python >= 3.6, and Twine requires at least version 3.7. This means Poetry refuses to add it as dependency.