EncryptCodecencryptcodec
Tools/RSA

RSA Key Pair Generator

Generate RSA key pairs in PEM format using the Web Crypto API. Use Signing keys for JWT RS256/RS384, SSH, and digital signatures. Use Encryption keys for RSA-OAEP data encryption.

Keys are generated locally — never transmitted anywhere

2048-bit vs 4096-bit

2048-bit is the current minimum recommended by NIST through 2030 — fast enough for most applications. 4096-bit offers longer-term security but is ~4× slower to generate and ~2× slower to sign. For JWT RS256 in web APIs, 2048-bit is the standard choice. Never use this tool in production for keys protecting sensitive data — use a proper key management service (AWS KMS, HashiCorp Vault) for production key generation and storage.

RSA Key Generation & Encryption

Pick two primes, watch keys derive, then encrypt and decrypt a number.

Prime p
Prime q
p (prime)
11
q (prime)
13
n = p × q
143
public modulus
φ(n) = (p-1)(q-1)
120
Euler's totient
e (public exponent)
17
coprime to φ(n)
d = e⁻¹ mod φ(n)
113
private exponent — SECRET
Public Key (share this)
(17, 143)
Private Key (keep secret)
(113, 143)
Watch it explained

RSA Key Generation video explanation coming soon

subscribe to get notified

How it works
RSA Key Pair Generation
01Primes p, q

Two large random prime numbers generated independently

02Modulus n

n = p × q — the modulus used in both public and private keys

03Totient φ(n)

φ(n) = (p−1)(q−1) — used to derive the private exponent

04Exponents

Public exponent e = 65537. Private exponent d = e⁻¹ mod φ(n) via extended Euclidean algorithm

05PEM export

Public key as SPKI, private key as PKCS#8 — Base64 + armor headers

Spec: PKCS#1 (RFC 8017), PKCS#8 (RFC 5958), SPKI (RFC 5480)

RSA security relies on the hardness of integer factorization. 2048-bit is the NIST minimum through 2030; prefer 4096-bit for long-lived keys.

Frequently Asked Questions

Keep learning

Encryption Match
Match algorithms to their categories
Game
AES vs RSA
Symmetric vs asymmetric: when to use each
Guide