diff --git a/kolla_ansible/cmd/genpwd.py b/kolla_ansible/cmd/genpwd.py
index 76b4e6dd9f..00c571611b 100755
--- a/kolla_ansible/cmd/genpwd.py
+++ b/kolla_ansible/cmd/genpwd.py
@@ -19,7 +19,9 @@ import random
 import string
 import sys
 
-from Crypto.PublicKey import RSA
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.primitives import serialization
 from hashlib import md5
 from hashlib import sha256
 from oslo_utils import uuidutils
@@ -35,9 +37,20 @@ if PROJECT_ROOT not in sys.path:
 
 
 def generate_RSA(bits=4096):
-    new_key = RSA.generate(bits, os.urandom)
-    private_key = new_key.exportKey("PEM")
-    public_key = new_key.publickey().exportKey("OpenSSH")
+    new_key = rsa.generate_private_key(
+        public_exponent=65537,
+        key_size=bits,
+        backend=default_backend()
+    )
+    private_key = new_key.private_bytes(
+        encoding=serialization.Encoding.PEM,
+        format=serialization.PrivateFormat.PKCS8,
+        encryption_algorithm=serialization.NoEncryption()
+    )
+    public_key = new_key.public_key().public_bytes(
+        encoding=serialization.Encoding.OpenSSH,
+        format=serialization.PublicFormat.OpenSSH
+    )
     return private_key, public_key
 
 
diff --git a/requirements.txt b/requirements.txt
index 6cc3bca90e..596e54fde0 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -10,3 +10,4 @@ oslo.utils>=3.20.0 # Apache-2.0
 setuptools!=24.0.0,!=34.0.0,!=34.0.1,!=34.0.2,!=34.0.3,!=34.1.0,!=34.1.1,!=34.2.0,!=34.3.0,!=34.3.1,!=34.3.2,>=16.0 # PSF/ZPL
 PyYAML>=3.10.0 # MIT
 netaddr!=0.7.16,>=0.7.13 # BSD
+cryptography>=1.6 # BSD/Apache-2.0