Features

Generate 2048-bit RSA keys

Generate 4096-bit RSA keys

PEM format output

Public and private key pairs

Download keys separately

Copy to clipboard

100% client-side generation

No server communication

Cryptographically secure

Works offline

What is RSA Encryption?

RSA (Rivest-Shamir-Adleman) is a public-key cryptosystem widely used for secure data transmission. It uses a pair of keys: a public key for encryption and a private key for decryption. The public key can be shared freely, while the private key must be kept secret. RSA is fundamental to modern internet security, used in SSL/TLS, SSH, email encryption, and digital signatures.

RSA key pairs consist of two mathematically related keys. Data encrypted with the public key can only be decrypted with the corresponding private key, and vice versa. This asymmetric encryption enables secure communication without sharing secret keys beforehand.

RSA Key Components

Private Key: Secret key used for decryption and signing
Public Key: Shared key used for encryption and verification
Key Size: Length in bits (2048 or 4096 recommended)
PEM Format: Base64 encoded with headers/footers
Modulus: Large number that's product of two primes
Exponent: Public exponent (usually 65537)

RSA Key Structure:

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA... (Base64 encoded data)
-----END RSA PRIVATE KEY-----

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA...
-----END PUBLIC KEY-----

How to Use the RSA Key Generator

Step 1: Choose Key Size

Select 2048-bit for standard security (recommended for most uses) or 4096-bit for enhanced security. Larger keys are more secure but slower to generate and use. 2048-bit keys are currently considered secure for most applications.

Step 2: Generate Keys

Click "Generate RSA Keys" to create a new key pair. Generation happens entirely in your browser using cryptographically secure random number generation. No keys are transmitted to any server.

Step 3: Save Keys Securely

Download both keys immediately. Store the private key in a secure location with restricted access. The public key can be shared freely. Never commit private keys to version control or share them via insecure channels.

Step 4: Use Your Keys

Use the public key for encryption or signature verification. Use the private key for decryption or signing. Common uses include SSH authentication, SSL/TLS certificates, and encrypted communication.

Common Use Cases

1. SSH Authentication

Use RSA keys for passwordless SSH login to servers. Add your public key to ~/.ssh/authorized_keys on the server. Use the private key to authenticate without entering passwords.

2. SSL/TLS Certificates

Generate RSA keys for SSL/TLS certificates. The private key stays on your server, while the public key is included in the certificate signed by a Certificate Authority.

3. Code Signing

Sign software releases with your private key. Users verify signatures with your public key, ensuring the software hasn't been tampered with and comes from you.

4. Email Encryption (PGP/GPG)

Use RSA keys for email encryption with PGP or GPG. Share your public key so others can send you encrypted emails that only you can decrypt with your private key.

5. API Authentication

Some APIs use RSA keys for authentication. Generate a key pair, register the public key with the API provider, and use the private key to sign requests.

RSA Key Examples

Example 1: SSH Key Setup

# Add public key to server
cat id_rsa.pub >> ~/.ssh/authorized_keys

# Set correct permissions
chmod 600 ~/.ssh/authorized_keys

# Connect using private key
ssh -i id_rsa user@server.com

Example 2: Encrypt File with Public Key

# Encrypt file
openssl rsautl -encrypt -pubin -inkey public.pem \
  -in file.txt -out file.enc

# Decrypt file with private key
openssl rsautl -decrypt -inkey private.pem \
  -in file.enc -out file.txt

Example 3: Sign Data

# Sign data with private key
openssl dgst -sha256 -sign private.pem \
  -out signature.bin data.txt

# Verify signature with public key
openssl dgst -sha256 -verify public.pem \
  -signature signature.bin data.txt

Example 4: Extract Public Key from Private

# Extract public key from private key
openssl rsa -in private.pem -pubout -out public.pem

# View key details
openssl rsa -in private.pem -text -noout

Example 5: Convert Key Formats

# Convert to PKCS#8 format
openssl pkcs8 -topk8 -inform PEM -outform PEM \
  -in private.pem -out private_pkcs8.pem -nocrypt

# Convert to SSH format
ssh-keygen -f public.pem -i -m PKCS8

Frequently Asked Questions

What key size should I use?

2048-bit keys are currently considered secure for most applications and are the standard. Use 4096-bit keys for enhanced security if you need protection against future threats or handle highly sensitive data.

How do I keep my private key secure?

Store private keys in secure locations with restricted file permissions (chmod 600). Never share private keys, commit them to version control, or transmit them over insecure channels. Consider encrypting private keys with a passphrase.

Can I regenerate the same key pair?

No, each generation creates a unique key pair. If you lose your private key, you cannot regenerate it. Always backup private keys securely. If lost, you must generate a new pair and update all systems using the old public key.

What's the difference between RSA and other algorithms?

RSA is asymmetric (public/private key pair), while AES is symmetric (same key for encryption/decryption). RSA is slower but enables secure key exchange. Modern systems often use RSA to exchange AES keys for bulk encryption.

How long are RSA keys valid?

RSA keys don't expire by themselves, but certificates using them do. For SSH keys, rotate them periodically (annually or when compromised). For SSL certificates, follow CA requirements (typically 1-2 years).

Can someone derive my private key from my public key?

No, deriving the private key from the public key requires factoring large numbers, which is computationally infeasible with current technology for properly sized keys (2048+ bits).

What is PEM format?

PEM (Privacy Enhanced Mail) is a Base64 encoded format with header/footer lines. It's the most common format for RSA keys and is human-readable. Most tools and systems accept PEM format.

Should I use a passphrase for my private key?

Yes, for SSH keys and other long-term keys. A passphrase adds an extra layer of security. If someone steals your private key file, they still need the passphrase to use it.

Are the generated keys secure?

Yes, keys are generated using your browser's Web Crypto API with cryptographically secure random number generation. All generation happens locally in your browser - no keys are transmitted to any server.

Can I use these keys for production?

Yes, the keys are cryptographically secure. However, for critical production systems, consider generating keys on the target system or using hardware security modules (HSMs) for maximum security.

Related Tools

Explore our other security and encryption tools:

CSR Generator - Generate certificate signing requests
SSL Certificate Decoder - Decode SSL certificates
HMAC Generator - Generate HMAC signatures
Hash Generator - Generate cryptographic hashes
Password Generator - Generate secure passwords

RSA Key Generator

Select Key Size

Generate Keys

Download Keys

Private Key (Keep Secret!)

Public Key (Share Freely)