Google Git
Sign in
android / platform / external / python / rsa / b7be4df622ff5b8902da876cc39a379e569406ef
commitb7be4df622ff5b8902da876cc39a379e569406ef[log] [tgz]
authorPreston Cody <[email protected]>Mon Jun 30 09:43:21 2025 -0700
committerPreston Cody <[email protected]>Thu Jul 17 11:24:26 2025 -0700
tree224c19d9f47f064b3bb0a7d3ef68303605bec3ef
parent1c494433b25cdbe945718dbc73ed45ad4263b0da [diff]
[cpesuggest] Add CPE security tag for python-rsa.

I have manually checked the CPE tag is correct by checking the vendor
and product name match on the NVD site (version # does not need to
match).
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.2&keyword=cpe:/a:python-rsa_project:python-rsa&status=FINAL%2CDEPRECATED

Adding CPE security tags to a METADATA file is necessary to
enable automated vulnerability monitoring.
Bug: 396670837

Change-Id: I03ff2b1ff7ba5048c2f052c2fe68c7f9ebc64b4b
1 file changed
tree: 224c19d9f47f064b3bb0a7d3ef68303605bec3ef
  1. doc/
  2. rsa/
  3. tests/
  4. .codeclimate.yml
  5. .coveragerc
  6. .gitignore
  7. .travis.yml
  8. Android.bp
  9. CHANGELOG.md
  10. create_timing_table.py
  11. LICENSE
  12. MANIFEST.in
  13. METADATA
  14. MODULE_LICENSE_APACHE2
  15. OWNERS
  16. Pipfile
  17. Pipfile.lock
  18. README.md
  19. setup.cfg
  20. setup.py
  21. speed.sh
  22. tox.ini
  23. update_version.sh
README.md

Pure Python RSA implementation

PyPI Build Status Coverage Status Code Climate

Python-RSA is a pure-Python RSA implementation. It supports encryption and decryption, signing and verifying signatures, and key generation according to PKCS#1 version 1.5. It can be used as a Python library as well as on the commandline. The code was mostly written by Sybren A. Stüvel.

Documentation can be found at the Python-RSA homepage. For all changes, check the changelog.

Download and install using:

pip install rsa

or download it from the Python Package Index.

The source code is maintained at GitHub and is licensed under the Apache License, version 2.0

Security

Because of how Python internally stores numbers, it is very hard (if not impossible) to make a pure-Python program secure against timing attacks. This library is no exception, so use it with care. See https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/ for more info.

Major changes in 4.1

Version 4.0 was the last version to support Python 2 and 3.4. Version 4.1 is compatible with Python 3.5+ only.

Major changes in 4.0

Version 3.4 was the last version in the 3.x range. Version 4.0 drops the following modules, as they are insecure:

  • rsa._version133
  • rsa._version200
  • rsa.bigfile
  • rsa.varblock

Those modules were marked as deprecated in version 3.4.

Furthermore, in 4.0 the I/O functions is streamlined to always work with bytes on all supported versions of Python.

Version 4.0 drops support for Python 2.6 and 3.3.