Comment 3 for bug 1193521

Yes, you are correct. The RSA keypair was generated by a smartcard, and apparently due to optimization the card uses negative modulus values. Somehow this was fubar'ed on the client side, triggering the above behavior. I've leftpadded the modulus with zero now, in order to always get a positive number and it seems to have fixed the problem.

Good job on the latest pycrypto activities btw! :-)