Skip to content

[DRAFT] fix: remove deprecated rsa dependency #1930

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
daniel-sanche wants to merge 5 commits into
base: add_cryptography_dependency
Choose a base branch
from
+9 −4
Draft

[DRAFT] fix: remove deprecated rsa dependency #1930

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
9a8043f
import rsa only when needed
daniel-sanche Jan 13, 2026
4edfd72
updated dependencies
daniel-sanche Jan 13, 2026
6efed1d
Update google/auth/crypt/rsa.py
daniel-sanche Jan 16, 2026
e6e9c26
Merge branch 'add_cryptography_dependency' into remove_rsa_3
daniel-sanche Jan 16, 2026
d3ab2e7
fixed lint
daniel-sanche Jan 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion google/auth/crypt/rsa.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@

from google.auth import _helpers
from google.auth.crypt import _cryptography_rsa
from google.auth.crypt import _python_rsa
from google.auth.crypt import base

RSA_KEY_MODULE_PREFIX = "rsa.key"
Expand All @@ -37,6 +36,7 @@ class RSAVerifier(base.Verifier):
public_key (Union["rsa.key.PublicKey", cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey]):
The public key used to verify signatures.
Raises:
ImportError: if called with an rsa.key.PublicKey, when the rsa library is not installed
ValueError: if an unrecognized public key is provided
"""

Expand All @@ -45,6 +45,8 @@ def __init__(self, public_key):
if isinstance(public_key, RSAPublicKey):
impl_lib = _cryptography_rsa
elif module_str.startswith(RSA_KEY_MODULE_PREFIX):
from google.auth.crypt import _python_rsa

impl_lib = _python_rsa
else:
raise ValueError(f"unrecognized public key type: {type(public_key)}")
Expand Down Expand Up @@ -85,6 +87,7 @@ class RSASigner(base.Signer, base.FromServiceAccountMixin):
public key or certificate.

Raises:
ImportError: if called with an rsa.key.PrivateKey, when the rsa library is not installed
ValueError: if an unrecognized public key is provided
"""

Expand All @@ -93,6 +96,8 @@ def __init__(self, private_key, key_id=None):
if isinstance(private_key, RSAPrivateKey):
impl_lib = _cryptography_rsa
elif module_str.startswith(RSA_KEY_MODULE_PREFIX):
from google.auth.crypt import _python_rsa

impl_lib = _python_rsa
else:
raise ValueError(f"unrecognized private key type: {type(private_key)}")
Expand Down
6 changes: 3 additions & 3 deletions setup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,9 +25,6 @@
DEPENDENCIES = (
"pyasn1-modules>=0.2.1",
cryptography_base_require,
# TODO: remove rsa from dependencies in next release (replaced with cryptography)i
# https://github.com/googleapis/google-auth-library-python/issues/1810
"rsa>=3.1.4,<5",
)

requests_extra_require = ["requests >= 2.20.0, < 3.0.0"]
Expand Down Expand Up @@ -73,6 +70,9 @@
# TODO(https://github.com/googleapis/google-auth-library-python/issues/1722): `test_aiohttp_requests` depend on
# aiohttp < 3.10.0 which is a bug. Investigate and remove the pinned aiohttp version.
"aiohttp < 3.10.0",
# rsa library was removed as a dependency, but we still have some code paths that support it
# TODO: remove dependency when google.auth.crypt._python_rsa is removed
"rsa>=3.1.4,<5",
]

extras = {
Expand Down