diff --git a/lang/python/python-rsa/Makefile b/lang/python/python-rsa/Makefile
index 92b4052454..0fc39a821d 100644
--- a/lang/python/python-rsa/Makefile
+++ b/lang/python/python-rsa/Makefile
@@ -1,11 +1,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=python-rsa
-PKG_VERSION:=4.9
+PKG_VERSION:=4.9.1
 PKG_RELEASE:=1
 
 PYPI_NAME:=rsa
-PKG_HASH:=e38464a49c6c85d7f1351b0126661487a7e0a14a50f1675ec50eb34d4f20ef21
+PKG_HASH:=e7bdbfdb5497da4c07dfd35530e1a902659db6ff241e39d9953cad06ebd0ae75
 
 PKG_MAINTAINER:=Daniel Danzberger <daniel@dd-wrt.com>
 PKG_LICENSE:=Apache-2.0
diff --git a/lang/python/python-rsa/test.sh b/lang/python/python-rsa/test.sh
new file mode 100755
index 0000000000..95dec0e9b0
--- /dev/null
+++ b/lang/python/python-rsa/test.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+[ "$1" = python3-rsa ] || exit 0
+
+python3 - << 'EOF'
+
+import rsa
+
+# Generate keys
+(pub, priv) = rsa.newkeys(512)
+
+# Sign and verify
+message = b"Hello OpenWrt"
+signature = rsa.sign(message, priv, "SHA-256")
+verified = rsa.verify(message, signature, pub)
+assert verified == "SHA-256", f"expected SHA-256, got {verified}"
+
+# Encrypt and decrypt
+encrypted = rsa.encrypt(message, pub)
+decrypted = rsa.decrypt(encrypted, priv)
+assert decrypted == message, f"decryption failed"
+
+EOF