Python-RSA is a pure-Python RSA implementation that supports encryption and decryption, signing and verifying signatures, and key generation (PKCS#1 v1.5). It can be used as a Python library or via the command line, and is distributed via pip as the `rsa` package. The project has been archived, and the maintainer notes it should be used with care due to limitations around timing attacks.
Project status
- Upstream appears not actively maintained, the repository is marked as archived, and the most recent tagged changes in the provided history stop at version 4.9 (2022-07-20), even though there was an upstream push on 2025-04-16 (no evidence of new tagged version cadence in the excerpts).
- Update cadence, based on tags shown, is low and intermittent (clusters around 2020 to 2022), with long gaps and no updates after 4.9 in the provided list.
AI summary generated 2 weeks ago
Recent updates
version-4.9
7/20/2022Version 4.9 focuses on cleanup and packaging/documentation adjustments, including removing debug logging and tightening `__slots__` for key classes. It also updates the build tooling dependencies (Sphinx and related doc packages) and changes packaging behavior for what gets included in distributions.
version-4.8
11/24/2021Version 4.8 (in development) focuses on build and release tooling changes (switching from Pipenv to Poetry), adding Python 3.10 support, and improving decryption performance by using the Chinese Remainder Theorem (CRT) for private-key decrypt operations. The changelog also mentions exception chaining and adding PEP 561 typing support via a marker file.
Featuresversion-4.7.2
2/24/2021Release version-4.7.2 was published on 2021-02-24, but no release notes were provided, so the changes cannot be reviewed for developer impact. To assess upgrade risk, you will need to compare this tag against the previous version in the repository (diff/commit history) and check for any API, behavior, or dependency changes.
version-4.7.1
2/15/2021Release 4.7.1 (2021-02-15) updates version metadata and modifies RSA key blinding logic. The primary functional change is in the public API of blinding and unblinding methods, likely to address a threading issue introduced in 4.7.
version-4.7
1/10/2021No publisher release notes were provided for version 4.7. The CHANGELOG and code diff indicate security fixes for PKCS#1 v1.5 decryption (timing oracle style issue and stricter padding validation), plus Python 3.9 support and performance improvements around RSA blinding.
SecurityFeaturesversion-4.6
6/12/2020No release notes were provided for version 4.6. The diff from version 4.5 to 4.6 shows mostly repository/tooling and configuration changes, plus some code cleanup in internal compatibility code and a dependency bump in the lockfile.
version-4.5
6/12/2020The 4.5 release primarily retags/rolls forward prior versions while making Python compatibility changes explicit and backporting security fixes. The code changes harden PKCS#1 decrypt and verify paths against manipulated inputs by rejecting modified ciphertext/signatures (notably those with prepended zeros).
BreakingSecurityversion-4.4.1
6/12/2020Release version-4.4.1 updates the package version metadata and adjusts the packaging configuration. The code diff is limited to two files, mainly around setup.py metadata and the rsa package __version__ value.
Breakingversion-4.4
6/12/2020The 4.4 release appears to be largely maintenance-focused, with repository/CI configuration updates and internal refactors. The provided release notes are missing, and the only “documentation” of what changed is inferred from files updated in the diff (notably CHANGELOG.md), which claims no functional changes versus 4.2.
version-4.3
6/12/2020The publisher did not provide release notes for version 4.3, so there is no documented information about new functionality, fixes, or changes. No developer-impacting details can be extracted from the release description alone.