RSA Key Generator
Use these keys with RSA Encrypt and RSA Decrypt.
Generate a cryptographic RSA key pair instantly in your browser. Choose between 2048 and 4096-bit key sizes, select a hash algorithm, and pick whether the keys are for encryption/decryption or signing/verification. All key material is generated client-side using the browser's Web Crypto API — nothing is sent to any server.
How RSA Key Pairs Work
RSA (Rivest–Shamir–Adleman) is an asymmetric cryptographic algorithm. Unlike symmetric algorithms (AES, ChaCha20) that use a single shared secret, RSA uses a mathematically linked key pair: the public key can be shared freely, while the private key is kept secret by its owner.
- Encryption: Anyone with your public key can encrypt data; only you can decrypt it with your private key
- Digital signatures: You sign with your private key; anyone with your public key can verify the signature came from you
- Key exchange: RSA is used in TLS handshakes to securely exchange symmetric session keys
Key Size Comparison
- 2048 bits: Current industry standard — NIST-approved through 2030, used in most TLS certificates
- 4096 bits: Larger security margin — 4–8× slower private key operations, recommended when keys will be used beyond 2030
PEM Key Format
The generated keys use the PEM (Privacy-Enhanced Mail) format — the most widely supported standard. Public keys are in SPKI format (-----BEGIN PUBLIC KEY-----). Private keys are in PKCS#8 format (-----BEGIN PRIVATE KEY-----). These formats are compatible with OpenSSL, Node.js, Python, Java, and most cryptographic libraries.
Security Best Practices
- Never share your private key — it grants full access to decrypt your data and impersonate you
- Store private keys encrypted (password-protected) when at rest
- Use 2048-bit keys minimum; avoid 1024-bit (considered broken since 2010)
- RSA encrypts small amounts of data only — for large data, use RSA to encrypt an AES key (hybrid encryption)
- Rotate keys periodically, especially after suspected compromise
Frequently Asked Questions
What is an RSA key pair?
An RSA key pair consists of a public key and a private key. The public key can be shared with anyone and is used to encrypt data or verify signatures. The private key must be kept secret and is used to decrypt data or create digital signatures. The two keys are mathematically linked but the private key cannot be derived from the public key.
Is 2048 or 4096 bits better for RSA?
2048-bit RSA is currently considered secure and is the standard recommendation for most applications. NIST considers it secure through at least 2030. 4096-bit RSA provides a larger security margin but is roughly 4–8x slower for operations involving the private key. Use 4096-bit when you need long-term key security (10+ years) or when processing a small number of operations.
What hash algorithm should I choose?
SHA-256 is the standard choice and is suitable for virtually all use cases. SHA-384 and SHA-512 provide larger hash outputs and are used in high-security environments or when compliance standards require them. For most applications, SHA-256 with a 2048-bit RSA key provides strong security.
Are the keys generated securely?
Yes. Keys are generated entirely in your browser using the Web Crypto API, which uses the operating system's cryptographically secure random number generator (CSPRNG). No key material is ever transmitted to a server. Your keys exist only in your browser's memory during generation.
What is the difference between Encryption and Signing key pairs?
For encryption/decryption (RSA-OAEP), the sender encrypts with the recipient's public key, and only the recipient can decrypt with their private key. For signing/verification (RSASSA-PKCS#1 v1.5 or RSA-PSS), the signer signs with their private key and anyone with the public key can verify the signature. These use different mathematical padding schemes internally.
What format are the keys in?
Public keys are exported in SPKI (SubjectPublicKeyInfo) PEM format, wrapped as "-----BEGIN PUBLIC KEY-----". Private keys use PKCS#8 PEM format, wrapped as "-----BEGIN PRIVATE KEY-----". These are the most widely supported formats, compatible with OpenSSL, Node.js crypto, Python cryptography library, Java, and most TLS/SSL implementations.
What is PKCS#1 v1.5 vs RSA-PSS for signing?
RSASSA-PKCS1-v1_5 is the older, more widely compatible signing scheme. RSA-PSS (Probabilistic Signature Scheme) is the modern standard recommended by NIST, offering provable security under the random oracle model. RSA-PSS produces randomized signatures (different each time for the same input) and is required by some newer standards. Use PKCS#1 v1.5 for maximum compatibility; use RSA-PSS for new systems where security standards allow.