RSA Encrypt / Decrypt
Encrypt messages with an RSA public key and decrypt with the corresponding private key using RSA-OAEP with SHA-256.
Need a key pair? Use the RSA Key Generator →
About RSA Encryption
RSA is an asymmetric cryptosystem: a public key encrypts data and only the matching private key can decrypt it. This tool uses RSA-OAEP with SHA-256, the modern and secure padding scheme standardized in PKCS#1 v2. Older PKCS#1 v1.5 padding is vulnerable to chosen-ciphertext attacks (Bleichenbacher's attack) and should be avoided.
RSA is not suited for bulk data encryption — a 2048-bit key can only encrypt ~190 bytes and a 4096-bit key ~446 bytes. In practice, RSA is used to encrypt a random symmetric key (e.g., AES-256), and that key encrypts the actual data — a pattern called hybrid encryption. TLS, PGP, and S/MIME all use this hybrid approach.
Message to encrypt — max ~190 bytes for RSA-2048, ~446 bytes for RSA-4096
Recipient's RSA public key in PEM format — imported via Web Crypto
Random seed + SHA-256 hash applied — prevents chosen-ciphertext attacks and makes output non-deterministic
ciphertext = padded_message^e mod n — hard to reverse without the private exponent d
Ciphertext bytes Base64-encoded — safe to transmit in JSON or HTTP headers
Decode the Base64 ciphertext back to raw bytes
Owner's RSA private key in PEM format — must match the public key used to encrypt
plaintext = ciphertext^d mod n — only possible with the private exponent d
SHA-256 MGF1 mask removed and padding verified — decryption fails if ciphertext was tampered
Original message recovered — only the private key holder can perform this operation
Spec: RFC 8017 §7.1 (RSAES-OAEP), SHA-256 hash, MGF1 mask generation